networks: proxy: external: false name: proxy volumes: letsencrypt: name: letsencrypt portainer: name: portainer services: traefik: image: traefik:v2.9 container_name: traefik restart: unless-stopped command: - --global.sendAnonymousUsage=false - --api.dashboard=true - --providers.docker=true - --providers.docker.network=proxy - --providers.docker.exposedByDefault=false - --providers.docker.swarmMode=false - --entryPoints.web.address=:80 - --entryPoints.websecure.address=:443 - --entryPoints.smtp.address=:25 - --entryPoints.smtp-ssl.address=:465 - --entryPoints.imap-ssl.address=:993 - --entryPoints.sieve.address=:4190 - --certificatesresolvers.cs.acme.tlschallenge=true - --certificatesresolvers.cs.acme.email=christiansteinle@arcor.de - --certificatesresolvers.cs.acme.storage=/letsencrypt/acme.json - --log=true - --accessLog=true - --metrics.prometheus=true - --metrics.prometheus.manualRouting=true - --metrics.prometheus.addRoutersLabels=true environment: - INFOMANIAK_ACCESS_TOKEN=5IraYq8HK9qur57Mj_TnHQ9pS9G79NPvjF8ID17n-EvfYO7TU6Fi0ZmDKSX6mIhTQJbyYegRd1hfmM-t ports: - "25:25" - "80:80" - "443:443" - "465:465" - "993:993" - "4190:4190" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - letsencrypt:/letsencrypt labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=web" - "traefik.http.routers.traefik.rule=Host(`traefik.steinle-computer.de`)" - "traefik.http.routers.traefik.middlewares=traefik" - "traefik.http.middlewares.traefik.redirectscheme.scheme=https" - "traefik.http.routers.traefik-secure.entrypoints=websecure" - "traefik.http.routers.traefik-secure.rule=Host(`traefik.steinle-computer.de`)" - "traefik.http.routers.traefik-secure.tls.certresolver=cs" - "traefik.http.routers.traefik-secure.service=api@internal" - "traefik.http.routers.traefik-secure.middlewares=auth" - "traefik.http.middlewares.auth.basicauth.users=chris:$$apr1$$xe634m7n$$gpkZ11O7CrbiWAhsWKNlO1" - "traefik.http.services.traefik-secure.loadbalancer.server.port=8080" - "traefik.http.routers.metrics.entrypoints=web" - "traefik.http.routers.metrics.rule=Host(`traefik.steinle-computer.de`) && PathPrefix(`/metrics`)" - "traefik.http.routers.metrics.middlewares=traefik" - "traefik.http.routers.metrics-secure.entrypoints=websecure" - "traefik.http.routers.metrics-secure.rule=Host(`traefik.steinle-computer.de`) && PathPrefix(`/metrics`)" - "traefik.http.routers.metrics-secure.tls.certresolver=cs" - "traefik.http.routers.metrics-secure.middlewares=auth" - "traefik.http.routers.metrics-secure.service=prometheus@internal" networks: - proxy portainer: image: portainer/portainer-ce:alpine container_name: portainer command: -H unix:///var/run/docker.sock restart: unless-stopped volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer:/data networks: - proxy labels: - "traefik.enable=true" - "traefik.http.routers.portainer.entrypoints=web" - "traefik.http.routers.portainer.rule=Host(`portainer.steinle-computer.de`)" - "traefik.http.routers.portainer.middlewares=portainer" - "traefik.http.middlewares.portainer.redirectscheme.scheme=https" - "traefik.http.routers.portainer-secure.entrypoints=websecure" - "traefik.http.routers.portainer-secure.rule=Host(`portainer.steinle-computer.de`)" - "traefik.http.routers.portainer-secure.middlewares=portainer-secure" - "traefik.http.middlewares.portainer-secure.headers.addvaryheader=true" - "traefik.http.middlewares.portainer-secure.headers.accesscontrolalloworiginlist=https://homer.fam-steinle.de" - "traefik.http.middlewares.portainer-secure.headers.accesscontrolallowheaders=x-api-key" - "traefik.http.routers.portainer-secure.tls.certresolver=cs" - "traefik.http.services.portainer-secure.loadbalancer.server.port=9000"