version: '3' services: traefik: image: traefik:latest container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true networks: - providers - proxy ports: - 80:80 - 443:443 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./config/traefik.yml:/traefik.yml:ro - {{ server.work_dir }}/traefik/base/acme.json:/acme.json:rw - {{ server.work_dir }}/traefik/base/access.log:/var/log/traefik/access.log:rw - {{ server.work_dir }}/traefik/base/traefik.log:/var/log/traefik/traefik.log:rw - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro extra_hosts: - "host.docker.internal:host-gateway" labels: - "traefik.enable=true" - "traefik.http.middlewares.traefik-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$" - "traefik.http.middlewares.traefik-stripprefix.stripprefix.prefixes=/traefik" - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`dash.{{ server.domain }}`) && (PathPrefix(`/traefik`) || PathPrefix(`/api`))" - "traefik.http.middlewares.tls-rep.redirectregex.permanent=true" - "traefik.http.middlewares.tls-header.headers.SSLRedirect=true" - "traefik.http.middlewares.tls-header.headers.forceSTSHeader=true" - "traefik.http.middlewares.tls-header.headers.STSSeconds=315360000" - "traefik.http.middlewares.tls-header.headers.STSIncludeSubdomains=true" - "traefik.http.middlewares.tls-header.headers.STSPreload=true" - "traefik.http.middlewares.tls-header.headers.browserXSSFilter=true" - "traefik.http.middlewares.tls-header.headers.contentTypeNosniff=true" - "traefik.http.middlewares.tls-header.headers.frameDeny=true" - "traefik.http.middlewares.tls-header.headers.customFrameOptionsValue=SAMEORIGIN" - "traefik.http.middlewares.tls-header.headers.featurePolicy=accelerometer 'none'; ambient-light-sensor 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; usb 'none'; midi 'none'; sync-xhr 'none'; vr 'none'" - "traefik.http.middlewares.tls-header.headers.referrerPolicy=strict-origin-when-cross-origin" - "traefik.http.middlewares.tls-chain.chain.middlewares=tls-rep,tls-header" - "traefik.http.routers.traefik-secure.middlewares=traefik-stripprefix,tls-chain,traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=sslResolver" - "traefik.http.routers.traefik-secure.service=api@internal" prometheus: image: prom/prometheus:latest restart: unless-stopped container_name: prometheus volumes: - ./prometheus/:/etc/prometheus/ - {{ server.work_dir }}/traefik/prometheus:/prometheus - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro command: - "--web.route-prefix=/" - "--web.external-url=https://dash.{{ server.domain }}/prometheus" - "--config.file=/etc/prometheus/prometheus.yml" - "--storage.tsdb.path=/prometheus" - "--web.console.libraries=/usr/share/prometheus/console_libraries" - "--web.console.templates=/usr/share/prometheus/consoles" networks: - proxy - internal labels: - "traefik.enable=true" - "traefik.http.middlewares.prometheus-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$" - "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus" - "traefik.http.routers.prometheus-secure.entrypoints=https" - "traefik.http.routers.prometheus-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/prometheus`)" - "traefik.http.routers.prometheus-secure.middlewares=tls-chain,prometheus-stripprefix,prometheus-auth" - "traefik.http.routers.prometheus-secure.tls=true" - "traefik.http.routers.prometheus-secure.tls.certresolver=sslResolver" - "traefik.http.routers.prometheus-secure.service=prometheus" - "traefik.http.services.prometheus.loadbalancer.server.port=9090" - "traefik.docker.network=proxy" grafana: image: grafana/grafana:latest restart: unless-stopped container_name: grafana volumes: - {{ server.work_dir }}/traefik/grafana:/var/lib/grafana - ./grafana/provisioning:/etc/grafana/provisioning - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro env_file: - grafana.env depends_on: - prometheus networks: - proxy - internal labels: - "traefik.enable=true" - "traefik.http.middlewares.grafana-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$" - "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana" - "traefik.http.routers.grafana-secure.entrypoints=https" - "traefik.http.routers.grafana-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/grafana`)" - "traefik.http.routers.grafana-secure.middlewares=tls-chain,grafana-stripprefix,grafana-auth" - "traefik.http.routers.grafana-secure.tls=true" - "traefik.http.routers.grafana-secure.tls.certresolver=http" - "traefik.http.routers.grafana-secure.service=grafana" - "traefik.http.services.grafana.loadbalancer.server.port=3000" - "traefik.docker.network=proxy" http_provider: image: httpd:latest restart: unless-stopped container_name: http_provider networks: - internal - providers volumes: - ./config/dynamic_conf.yaml:/usr/local/apache2/htdocs/dynamic_conf.yaml networks: providers: internal: proxy: external: true