blob: 3c506b8f81828ae6193a471f3e71d8567e97b2a4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
version: "3.3"
services:
traefik:
image: traefik
env_file: .env
command:
- --api
- --api.dashboard
## providers
- --providers.docker
- --providers.docker.network=proxy
- --providers.docker.exposedbydefault=false
- --providers.docker.swarmmode
- --providers.file.directory=/data
## entrypoints
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls.certResolver=letsencrypt
## certificatesresolvers
- --certificatesresolvers.letsencrypt.acme.httpchallenge
- --certificatesresolvers.letsencrypt.acme.email=tobyv13@gmail.com
- --certificatesresolvers.letsencrypt.acme.storage=/data/acme.json
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
configs:
- source: traefik
target: /data/traefik.yml
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- data:/data
networks:
- proxy
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
deploy:
placement:
constraints:
- node.labels.traefik == true
labels:
## traefik WebUI
- traefik.enable=true
- traefik.http.routers.api.entrypoints=websecure
- traefik.http.routers.api.rule=Host(`traefik.tobyvin.com`)
- traefik.http.routers.api.service=api@internal
- traefik.http.services.api.loadbalancer.server.port=8080
auth:
#
# Multi-arch fork of thomseddon/traefik-forward-auth:2.2.0-arm
image: npawelek/traefik-forward-auth
command:
- --log-level=warn
- --log-format=text
- --auth-host=auth.tobyvin.com
- --cookie-domain=tobyvin.com
- --default-action=auth
- --default-provider=google
- --url-path=/_oauth
- --whitelist=tobyv13@gmail.com,dvincent@ourcomputershop.com
secrets:
- source: traefik_auth
target: /auth
environment:
- CONFIG=/auth
networks:
- proxy
deploy:
placement:
constraints:
- node.labels.traefik == true
labels:
- traefik.enable=true
- traefik.http.routers.auth.entrypoints=websecure
- traefik.http.routers.auth.rule=Host(`auth.tobyvin.com`)
- traefik.http.routers.auth.middlewares=auth
- traefik.http.services.auth.loadbalancer.server.port=4181
- traefik.http.middlewares.auth.forwardauth.address=http://auth:4181
- traefik.http.middlewares.auth.forwardauth.trustForwardHeader=true
- traefik.http.middlewares.auth.forwardauth.authResponseHeaders=X-Forwarded-User
# Logout: https://auth.${DOMAIN}/_oauth/logout
whoami:
image: traefik/whoami
networks:
- proxy
deploy:
placement:
constraints:
- node.labels.traefik == true
labels:
- traefik.enable=true
- traefik.http.routers.whoami.entrypoints=websecure
- traefik.http.routers.whoami.rule=Host(`whoami.tobyvin.com`)
- traefik.http.routers.whoami.middlewares=auth
- traefik.http.services.whoami.loadbalancer.server.port=80
configs:
traefik:
external: true
secrets:
traefik_auth:
external: true
volumes:
data:
driver: local
driver_opts:
type: "nfs"
o: addr=bifrost,nolock,soft,rw
device: ":/mnt/share/docker/traefik"
networks:
proxy:
external: true
|