1
0
Fork 0
myserver-configuration/roles/traefik/templates/docker-compose.yml
2023-09-25 13:20:46 +02:00

60 lines
2.5 KiB
YAML

version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
proxy: {}
metrics: {}
vpn:
ipv4_address: {{ server.vpn.reverse_proxy_ip }}
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config/traefik.yml:/traefik.yml:ro
- ./config/dynamic_conf.yml:/dynamic_conf.yml:ro
- {{ server.work_dir }}/traefik/base/acme.json:/acme.json:rw
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
extra_hosts:
- host.docker.internal:host-gateway
labels:
- traefik.enable=true
- traefik.http.routers.traefik-secure.entrypoints=https
- traefik.http.routers.traefik-secure.rule=Host(`traefik.{{ server.domain }}`)
- traefik.http.middlewares.tls-rep.redirectregex.permanent=true
- traefik.http.middlewares.tls-header.headers.SSLRedirect=true
- traefik.http.middlewares.tls-header.headers.forceSTSHeader=true
- traefik.http.middlewares.tls-header.headers.STSSeconds=315360000
- traefik.http.middlewares.tls-header.headers.STSIncludeSubdomains=true
- traefik.http.middlewares.tls-header.headers.STSPreload=true
- traefik.http.middlewares.tls-header.headers.browserXSSFilter=true
- traefik.http.middlewares.tls-header.headers.contentTypeNosniff=true
- traefik.http.middlewares.tls-header.headers.frameDeny=true
- traefik.http.middlewares.tls-header.headers.customFrameOptionsValue=SAMEORIGIN
- traefik.http.middlewares.tls-header.headers.featurePolicy=accelerometer 'none'; ambient-light-sensor 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; usb 'none'; midi 'none'; sync-xhr 'none'; vr 'none'
- traefik.http.middlewares.tls-header.headers.referrerPolicy=strict-origin-when-cross-origin
- traefik.http.middlewares.tls-chain.chain.middlewares=tls-rep,tls-header
- traefik.http.routers.traefik-secure.middlewares=tls-chain,private-network@file
- traefik.http.routers.traefik-secure.tls=true
- traefik.http.routers.traefik-secure.tls.certresolver=sslResolver
- traefik.http.routers.traefik-secure.service=api@internal
logging:
driver: loki
options:
loki-url: "http://localhost:3100/loki/api/v1/push"
mode: non-blocking
networks:
metrics:
external: true
proxy:
external: true
vpn:
external: true