2022-10-25 13:34:44 +02:00
|
|
|
version: '3'
|
|
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
traefik:
|
|
|
|
|
image: traefik:latest
|
|
|
|
|
container_name: traefik
|
|
|
|
|
restart: unless-stopped
|
|
|
|
|
security_opt:
|
|
|
|
|
- no-new-privileges:true
|
|
|
|
|
networks:
|
2023-09-24 17:20:34 +02:00
|
|
|
proxy: {}
|
2023-09-25 10:57:23 +02:00
|
|
|
metrics: {}
|
2023-09-24 17:20:34 +02:00
|
|
|
vpn:
|
|
|
|
|
ipv4_address: {{ server.vpn.reverse_proxy_ip }}
|
2022-10-25 13:34:44 +02:00
|
|
|
ports:
|
|
|
|
|
- 80:80
|
|
|
|
|
- 443:443
|
|
|
|
|
volumes:
|
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
|
- ./config/traefik.yml:/traefik.yml:ro
|
2023-09-24 17:20:34 +02:00
|
|
|
- ./config/dynamic_conf.yml:/dynamic_conf.yml:ro
|
2023-06-09 14:18:01 +02:00
|
|
|
- {{ server.work_dir }}/traefik/base/acme.json:/acme.json:rw
|
2023-06-09 01:17:47 +02:00
|
|
|
- {{ server.work_dir }}/traefik/base/access.log:/var/log/traefik/access.log:rw
|
2023-08-18 18:10:37 +02:00
|
|
|
- {{ server.work_dir }}/traefik/base/traefik.log:/var/log/traefik/traefik.log:rw
|
2022-10-25 13:34:44 +02:00
|
|
|
- /etc/timezone:/etc/timezone:ro
|
|
|
|
|
- /etc/localtime:/etc/localtime:ro
|
2023-01-05 20:13:40 +01:00
|
|
|
extra_hosts:
|
2023-09-25 10:57:23 +02:00
|
|
|
- host.docker.internal:host-gateway
|
2022-10-25 13:34:44 +02:00
|
|
|
labels:
|
2023-09-25 10:57:23 +02:00
|
|
|
- traefik.enable=true
|
|
|
|
|
- traefik.http.routers.traefik-secure.entrypoints=https
|
|
|
|
|
- traefik.http.routers.traefik-secure.rule=Host(`traefik.{{ server.domain }}`)
|
|
|
|
|
- traefik.http.middlewares.tls-rep.redirectregex.permanent=true
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.SSLRedirect=true
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.forceSTSHeader=true
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.STSSeconds=315360000
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.STSIncludeSubdomains=true
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.STSPreload=true
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.browserXSSFilter=true
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.contentTypeNosniff=true
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.frameDeny=true
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.customFrameOptionsValue=SAMEORIGIN
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.featurePolicy=accelerometer 'none'; ambient-light-sensor 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; usb 'none'; midi 'none'; sync-xhr 'none'; vr 'none'
|
|
|
|
|
- traefik.http.middlewares.tls-header.headers.referrerPolicy=strict-origin-when-cross-origin
|
|
|
|
|
- traefik.http.middlewares.tls-chain.chain.middlewares=tls-rep,tls-header
|
|
|
|
|
- traefik.http.routers.traefik-secure.middlewares=tls-chain,private-network@file
|
|
|
|
|
- traefik.http.routers.traefik-secure.tls=true
|
|
|
|
|
- traefik.http.routers.traefik-secure.tls.certresolver=sslResolver
|
|
|
|
|
- traefik.http.routers.traefik-secure.service=api@internal
|
2023-06-09 01:17:47 +02:00
|
|
|
|
2022-10-25 13:34:44 +02:00
|
|
|
networks:
|
2023-09-25 10:57:23 +02:00
|
|
|
metrics:
|
|
|
|
|
external: true
|
2022-10-25 13:34:44 +02:00
|
|
|
proxy:
|
|
|
|
|
external: true
|
2023-09-24 17:20:34 +02:00
|
|
|
vpn:
|
|
|
|
|
external: true
|
