**Purpose**: Deploy a Traefik Reverse Proxy ```jsx title="docker-compose.yml" version: "3.3" services: traefik: image: "traefik:latest" restart: always container_name: "traefik-bunny-lab-io" ulimits: nofile: soft: 65536 hard: 65536 labels: - "traefik.http.routers.traefik-proxy.middlewares=my-buffering" - "traefik.http.middlewares.my-buffering.buffering.maxRequestBodyBytes=104857600" - "traefik.http.middlewares.my-buffering.buffering.maxResponseBodyBytes=104857600" - "traefik.http.middlewares.my-buffering.buffering.memRequestBodyBytes=2097152" - "traefik.http.middlewares.my-buffering.buffering.memResponseBodyBytes=2097152" - "traefik.http.middlewares.my-buffering.buffering.retryExpression=IsNetworkError() && Attempts() <= 2" command: # Globals - "--log.level=ERROR" - "--api.insecure=true" - "--global.sendAnonymousUsage=false" # Docker - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" # File Provider - "--providers.file.directory=/etc/traefik/dynamic" - "--providers.file.watch=true" # Entrypoints - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.web.http.redirections.entrypoint.to=websecure" # Redirect HTTP to HTTPS - "--entrypoints.web.http.redirections.entrypoint.scheme=https" # Redirect HTTP to HTTPS - "--entrypoints.web.http.redirections.entrypoint.permanent=true" # Redirect HTTP to HTTPS # LetsEncrypt ### - "--certificatesresolvers.myresolver.acme.tlschallenge=true" - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" - "--certificatesresolvers.letsencrypt.acme.email=nicole.rappe@bunny-lab.io" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" # Keycloak plugin configuration - "--experimental.plugins.keycloakopenid.moduleName=github.com/Gwojda/keycloakopenid" - "--experimental.plugins.keycloakopenid.version=v0.1.34" ports: - "80:80" - "443:443" - "8080:8080" volumes: - "/srv/containers/traefik/letsencrypt:/letsencrypt" - "/srv/containers/traefik/config:/etc/traefik" - "/var/run/docker.sock:/var/run/docker.sock:ro" - "/srv/containers/traefik/cloudflare:/cloudflare" networks: docker_network: ipv4_address: 192.168.5.29 environment: - CF_API_EMAIL=${CF_API_EMAIL} - CF_API_KEY=${CF_API_KEY} extra_hosts: - "mail.bunny-lab.io:192.168.3.13" - "rmm.bunny-lab.io:192.168.3.22" # Tactical RMM - "api.bunny-lab.io:192.168.3.22" # Tactical RMM - "mesh.bunny-lab.io:192.168.3.22" # Tactical RMM networks: default: external: name: docker_network docker_network: external: true ``` ```jsx title=".env" CF_API_EMAIL=nicole.rappe@bunny-lab.io CF_API_KEY=REDACTED-CLOUDFLARE-DOMAIN-API-KEY ``` !!! info There is a distinction between the "Global API Key" and a "Token API Key". The main difference being that the "Global API Key" can change anything in Cloudflare, while the "Token API Key" can only change what it was granted delegated permissions to.