docs/Docker & Kubernetes/Docker/Docker Compose/Traefik.md

Purpose: Deploy a Traefik Reverse Proxy

version: "3.3"
services:
  traefik:
    image: "traefik:latest"
    restart: always
    container_name: "traefik-bunny-lab-io"
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    labels:
      - "traefik.http.routers.traefik-proxy.middlewares=my-buffering"
      - "traefik.http.middlewares.my-buffering.buffering.maxRequestBodyBytes=104857600"
      - "traefik.http.middlewares.my-buffering.buffering.maxResponseBodyBytes=104857600"
      - "traefik.http.middlewares.my-buffering.buffering.memRequestBodyBytes=2097152"
      - "traefik.http.middlewares.my-buffering.buffering.memResponseBodyBytes=2097152"
      - "traefik.http.middlewares.my-buffering.buffering.retryExpression=IsNetworkError() && Attempts() <= 2"
    command:
      # Globals
      - "--log.level=ERROR"
      - "--api.insecure=true"
      - "--global.sendAnonymousUsage=false"
      # Docker
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # File Provider
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--providers.file.watch=true"

      # Entrypoints
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure" # Redirect HTTP to HTTPS
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" # Redirect HTTP to HTTPS
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true" # Redirect HTTP to HTTPS
      # LetsEncrypt
###      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.letsencrypt.acme.email=nicole.rappe@bunny-lab.io"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"

      # Keycloak plugin configuration
      - "--experimental.plugins.keycloakopenid.moduleName=github.com/Gwojda/keycloakopenid"
      - "--experimental.plugins.keycloakopenid.version=v0.1.34"
      
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/srv/containers/traefik/letsencrypt:/letsencrypt"
      - "/srv/containers/traefik/config:/etc/traefik"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/srv/containers/traefik/cloudflare:/cloudflare"
    networks:
        docker_network:
          ipv4_address: 192.168.5.29
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_API_KEY=${CF_API_KEY}
    extra_hosts:
      - "mail.bunny-lab.io:192.168.3.13"
      - "rmm.bunny-lab.io:192.168.3.22" # Tactical RMM
      - "api.bunny-lab.io:192.168.3.22" # Tactical RMM
      - "mesh.bunny-lab.io:192.168.3.22" # Tactical RMM

networks:
  default:
    external:
      name: docker_network
  docker_network:
    external: true

CF_API_EMAIL=nicole.rappe@bunny-lab.io
CF_API_KEY=REDACTED-CLOUDFLARE-DOMAIN-API-KEY