84 lines
3.0 KiB
Markdown
84 lines
3.0 KiB
Markdown
**Purpose**: Deploy a Traefik Reverse Proxy
|
|
|
|
```jsx title="docker-compose.yml"
|
|
version: "3.3"
|
|
services:
|
|
traefik:
|
|
image: "traefik:latest"
|
|
restart: always
|
|
container_name: "traefik-bunny-lab-io"
|
|
ulimits:
|
|
nofile:
|
|
soft: 65536
|
|
hard: 65536
|
|
labels:
|
|
- "traefik.http.routers.traefik-proxy.middlewares=my-buffering"
|
|
- "traefik.http.middlewares.my-buffering.buffering.maxRequestBodyBytes=104857600"
|
|
- "traefik.http.middlewares.my-buffering.buffering.maxResponseBodyBytes=104857600"
|
|
- "traefik.http.middlewares.my-buffering.buffering.memRequestBodyBytes=2097152"
|
|
- "traefik.http.middlewares.my-buffering.buffering.memResponseBodyBytes=2097152"
|
|
- "traefik.http.middlewares.my-buffering.buffering.retryExpression=IsNetworkError() && Attempts() <= 2"
|
|
command:
|
|
# Globals
|
|
- "--log.level=ERROR"
|
|
- "--api.insecure=true"
|
|
- "--global.sendAnonymousUsage=false"
|
|
# Docker
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
# File Provider
|
|
- "--providers.file.directory=/etc/traefik/dynamic"
|
|
- "--providers.file.watch=true"
|
|
|
|
# Entrypoints
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--entrypoints.web.http.redirections.entrypoint.to=websecure" # Redirect HTTP to HTTPS
|
|
- "--entrypoints.web.http.redirections.entrypoint.scheme=https" # Redirect HTTP to HTTPS
|
|
- "--entrypoints.web.http.redirections.entrypoint.permanent=true" # Redirect HTTP to HTTPS
|
|
# LetsEncrypt
|
|
### - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
|
|
- "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
|
|
- "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
|
|
- "--certificatesresolvers.letsencrypt.acme.email=nicole.rappe@bunny-lab.io"
|
|
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
|
|
|
|
# Keycloak plugin configuration
|
|
- "--experimental.plugins.keycloakopenid.moduleName=github.com/Gwojda/keycloakopenid"
|
|
- "--experimental.plugins.keycloakopenid.version=v0.1.34"
|
|
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "8080:8080"
|
|
volumes:
|
|
- "/srv/containers/traefik/letsencrypt:/letsencrypt"
|
|
- "/srv/containers/traefik/config:/etc/traefik"
|
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
- "/srv/containers/traefik/cloudflare:/cloudflare"
|
|
networks:
|
|
docker_network:
|
|
ipv4_address: 192.168.5.29
|
|
environment:
|
|
- CF_API_EMAIL=${CF_API_EMAIL}
|
|
- CF_API_KEY=${CF_API_KEY}
|
|
extra_hosts:
|
|
- "mail.bunny-lab.io:192.168.3.13"
|
|
- "rmm.bunny-lab.io:192.168.3.22" # Tactical RMM
|
|
- "api.bunny-lab.io:192.168.3.22" # Tactical RMM
|
|
- "mesh.bunny-lab.io:192.168.3.22" # Tactical RMM
|
|
|
|
networks:
|
|
default:
|
|
external:
|
|
name: docker_network
|
|
docker_network:
|
|
external: true
|
|
|
|
```
|
|
|
|
```jsx title=".env"
|
|
CF_API_EMAIL=nicole.rappe@bunny-lab.io
|
|
CF_API_KEY=REDACTED-CLOUDFLARE-DOMAIN-API-KEY
|
|
```
|