brainbytes/traefik.compose.yaml at master · iodsky/brainbytes · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# This Traefik service acts as a reverse proxy, running in a container on the VPS.
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    command:
      - "--api.dashboard=true" # Enable Traefik dashboard at /dashboard
      - "--api.insecure=false"
      - "--log.level=DEBUG"
      - "--providers.docker.network=traefik"
      - "--providers.docker=true" # Use Docker as a dynamic configuration source
      - "--providers.docker.exposedbydefault=false" # Only expose services explicitly labeled
      - "--entrypoints.web.address=:80" # HTTP entrypoint
      - "--entrypoints.websecure.address=:443" # HTTPS entrypoint
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true" # Use TLS challenge for Let's Encrypt
      - "--certificatesresolvers.myresolver.acme.email=iharby2002@gmail.com" # Email for Let's Encrypt registration
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" # Store certs here
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro" # Read-only access to Docker API
      - "./letsencrypt:/letsencrypt" # Persist Let's Encrypt certs
    networks:
      - traefik

networks:
  traefik: # External network used to connect Traefik with project-specific containers
    external: true