Taudris-IAC/stacks/traefik/docker-compose.yml

#version: '3.8'
#
#services:
#  traefik:
#    image: traefik:v2.5
#    # Enables the web UI and tells Traefik to listen to docker
#    command: --api.insecure=true --providers.docker
#    ports:
#      # The HTTP port
#      - "80:80"
#      # The HTTPS port
#      - "443:443"
#      # The Web UI (enabled by --api.insecure=true)
#      - "8080:8080"
#    volumes:
#      # So that Traefik can listen to the Docker events
#      - /var/run/docker.sock:/var/run/docker.sock
#      - /root/apps.pem:/root/apps.pem
#      - /etc/traefik/traefik.yml:/etc/traefik/traefik.yml
#      - /etc/traefik/dynamic_conf.yml:/etc/traefik/dynamic_conf.yml

version: "3.8"

services:
  traefik:
    image: traefik:v2.5
    command:
      - "--api.dashboard=true"
      - "--accesslog=true"
      - "--log.level=INFO"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.swarmMode=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=traefik-public"
      - "--providers.docker.watch=true"
      - "--providers.file.watch=true"
      - "--providers.file.filename=/file_provider.yml"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
    ports:
      - 80:80
      - 443:443
    volumes:
      - traefik-certificates:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - traefik-public
    environment:
      - "CF_API_EMAIL=admin@taudris.com"
      - "CF_API_KEY=api-key"
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.enable=true"
        - "traefik.docker.lbswarm=true"
        - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
        - "traefik.http.routers.http-catchall.entrypoints=web"
        - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
        - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
        - "traefik.http.routers.api.tls.domains[0].main=apps.taudris.com"
        - "traefik.http.routers.api.tls.domains[0].sans=*.apps.taudris.com"
        - "traefik.http.routers.api.rule=Host(`traefik.taudris.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
        - "traefik.http.routers.api.service=api@internal"
        - "traefik.http.services.api.loadbalancer.server.port=8080"
    configs:
      - file_provider.yml

volumes:
  traefik-certificates:

configs:
  file_provider.yml:
    file: /etc/traefik/dynamic.yml

networks:
  traefik-public:
    external: true