56 lines
1.9 KiB
Django/Jinja
56 lines
1.9 KiB
Django/Jinja
services:
|
|
app:
|
|
image: traefik:{{ traefik_version }}
|
|
ports:
|
|
- target: 80
|
|
published: 80
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 443
|
|
published: 443
|
|
protocol: tcp
|
|
mode: host
|
|
- target: 8080
|
|
published: 8080
|
|
protocol: tcp
|
|
environment:
|
|
# - HETZNER_API_TOKEN={{ hetzner_api_key }}
|
|
- DO_AUTH_TOKEN={{ do_api_key }}
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- {{ data_dir }}/config:/etc/traefik
|
|
- {{ data_dir }}/data/logs:/logs
|
|
- {{ data_dir }}/data/acme.json:/acme.json
|
|
# healthcheck:
|
|
# test: ["CMD", "traefik", "healthcheck", "--ping"]
|
|
# timeout: 1s
|
|
# interval: 10s
|
|
# retries: 3
|
|
# start_period: 10s
|
|
networks:
|
|
- {{ traefik_public_net }}
|
|
# Global mode makes an instance of traefik listen on _every_ node, so that regardless of which
|
|
# node the request arrives on, it'll be forwarded to the correct backend service.
|
|
deploy:
|
|
mode: global
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.swarm.network={{ traefik_public_net }}"
|
|
- "traefik.http.routers.api.rule=Host(`{{ subdomain }}.{{ main_domain }}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
|
- "traefik.http.routers.api.entrypoints=https"
|
|
{% if use_authentik %}
|
|
- "traefik.http.routers.api.middlewares=authentik@file"
|
|
{% endif %}
|
|
- "traefik.http.routers.api.tls.domains[0].main={{ main_domain }}"
|
|
- "traefik.http.routers.api.tls.domains[0].sans=*.{{ main_domain }}"
|
|
- "traefik.http.routers.api.tls=true"
|
|
- "traefik.http.routers.api.tls.certresolver=main"
|
|
- "traefik.http.routers.api.service=api@internal"
|
|
- "traefik.http.services.dummy.loadbalancer.server.port=9999"
|
|
placement:
|
|
constraints: [node.role == manager]
|
|
|
|
networks:
|
|
{{ traefik_public_net }}:
|
|
external: true
|