From d3fc36d625eb0ad16ac727f1ba57ea172dcaad05 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 14 Sep 2022 07:42:56 +0200 Subject: [PATCH] Initial setup for traefik and portainer. Certificates for steinle-computer and secured dashboards are configured. --- common/docker-compose.yaml | 84 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 common/docker-compose.yaml diff --git a/common/docker-compose.yaml b/common/docker-compose.yaml new file mode 100644 index 0000000..ad639bf --- /dev/null +++ b/common/docker-compose.yaml @@ -0,0 +1,84 @@ +version: "3.9" + +networks: + proxy: + external: false + name: proxy + +volumes: + letsencrypt: + name: letsencrypt + portainer: + name: portainer + +services: + traefik: + image: traefik:v2.8 + container_name: traefik + restart: unless-stopped + command: + - --global.sendAnonymousUsage=false + - --api.dashboard=true + - --providers.docker=true + - --providers.docker.network=proxy + - --providers.docker.exposedByDefault=false + - --providers.docker.swarmMode=false + - --entryPoints.web.address=:80 + - --entryPoints.websecure.address=:443 + - --certificatesresolvers.infomaniak.acme.dnschallenge=true + - --certificatesresolvers.infomaniak.acme.email=christiansteinle@arcor.de + - --certificatesresolvers.infomaniak.acme.dnschallenge.provider=infomaniak + - --certificatesresolvers.infomaniak.acme.storage=/letsencrypt/acme.json + - --log=true + - --accessLog=true + - --metrics.prometheus=true + - --metrics.prometheus.addRoutersLabels=true + environment: + - INFOMANIAK_ACCESS_TOKEN=5IraYq8HK9qur57Mj_TnHQ9pS9G79NPvjF8ID17n-EvfYO7TU6Fi0ZmDKSX6mIhTQJbyYegRd1hfmM-t + ports: + - "80:80" + - "443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - letsencrypt:/letsencrypt + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.entrypoints=web" + - "traefik.http.routers.traefik.rule=Host(`traefik.steinle-computer.de`)" + - "traefik.http.routers.traefik.middlewares=traefik" + - "traefik.http.middlewares.traefik.redirectscheme.scheme=https" + - "traefik.http.routers.traefik-secure.entrypoints=websecure" + - "traefik.http.routers.traefik-secure.rule=Host(`traefik.steinle-computer.de`)" + - "traefik.http.routers.traefik-secure.tls.certresolver=infomaniak" + - "traefik.http.routers.traefik-secure.tls.domains[0].main=steinle-computer.de" + - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.steinle-computer.de" + - "traefik.http.routers.traefik-secure.service=api@internal" + - "traefik.http.routers.traefik-secure.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=chris:$$apr1$$xe634m7n$$gpkZ11O7CrbiWAhsWKNlO1" + - "traefik.http.services.traefik-secure.loadbalancer.server.port=8080" + + networks: + - proxy + + portainer: + image: portainer/portainer-ce:alpine + container_name: portainer + command: -H unix:///var/run/docker.sock + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer:/data + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.portainer.entrypoints=web" + - "traefik.http.routers.portainer.rule=Host(`portainer.steinle-computer.de`)" + - "traefik.http.routers.portainer.middlewares=portainer" + - "traefik.http.middlewares.portainer.redirectscheme.scheme=https" + - "traefik.http.routers.portainer-secure.entrypoints=websecure" + - "traefik.http.routers.portainer-secure.rule=Host(`portainer.steinle-computer.de`)" + - "traefik.http.routers.portainer-secure.tls.certresolver=infomaniak" + - "traefik.http.services.portainer-secure.loadbalancer.server.port=9000" + +