# https://stackoverflow.com/questions/49718431/docker-compose-yml-file-naming-convention
version: "3.7"
services:
traefik-reverse-proxy:
# The official v2.0 Traefik docker image
#image: traefik:latest
#image: traefik:v2.0
image: traefik:v2.1.1
container_name: traefik
#command:
## to work with custom traefik configuration file you have to declare the local path and mount the location on the host, see volume section
#- --configFile=/etc/traefik/traefik-config.yaml
ports:
# The HTTP port
- 80:80
# The HTTPS port
- 443:443
# The Web UI (enabled by --api.insecure=true)
#- "8080:8080"
volumes:
# syntax --> host-location:path-in-container, see https://docs.docker.com/compose/compose-file/#volumes
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
# mount the location for the log files to the host, so that I can read them on the host
# chosen based on https://unix.stackexchange.com/questions/104936/where-are-all-the-posibilities-of-storing-a-log-file
- /var/log/traefik:/var/log
# mount the location for the certifcates to the host, so that I can read them on the host
#based on https://www.getpagespeed.com/server-setup/ssl-directory and https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
- /etc/ssl/certs/traefik/letsencrypt:/etc/ssl/certs/letsencrypt
# I use a customized "traefik.toml", so it has to be mounted into the traefik container (or stored there), combine
# https://stackoverflow.com/questions/47382756/why-is-my-traefik-toml-file-not-be-read-by-docker-compose-configuration
# https://stackoverflow.com/questions/57200728/can-the-default-location-of-the-traefik-configuration-file-be-changed-in-the-off
# https://stackoverflow.com/questions/45902133/how-to-use-custom-traefik-toml-file
# https://docs.traefik.io/getting-started/configuration-overview/
- /opt/traefik/traefik-config.yaml:/etc/traefik/traefik.yaml
labels:
- traefik.enable=true
#- "traefik.docker.network=bridge_proxy_traefikv2"
- traefik.http.routers.traefik_dashboard-router.rule=Host(`traefik.fairbnb.community`)
- traefik.http.routers.traefik_dashboard-router.entrypoints=web
#- "traefik.http.services.traefik_dashboard-service.loadBalancer.server.port=8080"
- traefik.http.routers.traefik_dashboard-router.service=api@internal
networks:
- traefik
#- default
#Tiny Go webserver that prints os information and HTTP request to output
# whoami:
# image: "containous/whoami"
# container_name: "whoami"
# labels:
# - "traefik.enable=true"
# - "traefik.docker.network=bridge_proxy_traefikv2"
# - "traefik.http.routers.whoami-router.rule=Host(`fairbnb.community`)"
# - "traefik.http.routers.whoami-router.entrypoints=web"
# - "traefik.http.services.whoami-service.loadBalancer.server.port=80"
# networks:
# - traefik
# #- default
whoami_viaSubdomain:
image: "containous/whoami"
container_name: "whoami_viaSubdomain"
labels:
- traefik.enable=true
- traefik.docker.network=bridge_proxy_traefikv2
- traefik.http.routers.whoami_viaSubdomain-router.rule=Host(`whoami.fairbnb.community`)
- traefik.http.routers.whoami_viaSubdomain-router.entrypoints=web
#- "traefik.http.services.whoami_viaSubdomain-service.loadBalancer.server.port=80"
networks:
- traefik
#- default
networks:
traefik:
external:
name: bridge_proxy_traefikv2
Traefik configuration: traefik-config.yaml
global:
checkNewVersion: true
# sendAnonymousUsage: true
#serversTransport:
# insecureSkipVerify: true
# rootCAs:
# - foobar
# maxIdleConnsPerHost: 42
# forwardingTimeouts:
# dialTimeout: 42
# responseHeaderTimeout: 42
# idleConnTimeout: 42
entryPoints:
web:
address: :80
#transport:
# lifeCycle:
# requestAcceptGraceTimeout: 42
# graceTimeOut: 42
# respondingTimeouts:
# readTimeout: 42
# writeTimeout: 42
# idleTimeout: 42
#proxyProtocol:
# insecure: true
# trustedIPs:
# - foobar
# - foobar
#forwardedHeaders:
# insecure: true
# trustedIPs:
# - foobar
# - foobar
websecure:
address: :443
#traefik_dashboard:
#address: ":8080"
api:
#api: {}
# Activate dashboard.
## Enables the web UI @ port 8080/ Traefik will listen on port 8080 by default for API request. / Activate API directly on the entryPoint named traefik. (Default: false) --> port '8080'v= entryPoint 'traefik', overrides --api
#insecure: true
## Activate dashboard. (Default: true)
# dashboard: true
# Enable additional endpoints for debugging and profiling.
debug: true
providers:
# providersThrottleDuration: 42
docker:
#constraints: foobar
## Watch provider. (Default: true)
#watch: true
## Docker server endpoint. Can be a tcp or a unix socket endpoint. (Default: unix:///var/run/docker.sock)
#endpoint: unix:///var/run/docker.sock
#defaultRule: foobar
#tls:
#ca: foobar
#caOptional: true
#cert: foobar
#key: foobar
#insecureSkipVerify: true
# Expose containers by default. (Default: true) / By default, routes for all detected containers are creates. ITo limit the scope of Traefik's service discovery, i.e. disallow route creation for some containers, you can do so in two different ways: gerneric exposedByDefault (overriden by traefik.enable), or with a finer granularity mechanism based on constraints.
exposedByDefault: false
#useBindPortIP: true
#swarmMode: true
# Default Docker network used.
network: bridge_proxy_traefikv2
# swarmModeRefreshSeconds: 42
not used currently-metrics: # this is only hear to fold/unfold the commented region in Notepad++
#metrics:
# prometheus:
# buckets:
# - 42
# - 42
# addEntryPointsLabels: true
# addServicesLabels: true
# entryPoint: foobar
# manualRouting: true
# datadog:
# address: foobar
# pushInterval: 42
# addEntryPointsLabels: true
# addServicesLabels: true
# statsD:
# address: foobar
# pushInterval: 42
# addEntryPointsLabels: true
# addServicesLabels: true
# prefix: traefik
# influxDB:
# address: foobar
# protocol: foobar
# pushInterval: 42
# database: foobar
# retentionPolicy: foobar
# username: foobar
# password: foobar
# addEntryPointsLabels: true
# addServicesLabels: true
#ping:
# entryPoint: foobar
# manualRouting: true
#
log:
#Traefik's log file
# set debug level of the log
level: DEBUG
# defining the storage location inside the container, log file is written inside the container. To make it avaiable on the host it is mounted, see volumes section in docker-compose file
# chosen based on https://unix.stackexchange.com/questions/104936/where-are-all-the-posibilities-of-storing-a-log-file
filePath: /var/log/traefik-log.log
# Traefik log format: json | common (Default: common)
#format: common
accessLog:
# Logging access attempts
# defining the storage location inside the container, log file is written inside the container. To make it avaiable on the host it is mounted, see volumes section in docker-compose file
# chosen based on https://unix.stackexchange.com/questions/104936/where-are-all-the-posibilities-of-storing-a-log-file
filePath: /var/log/traefik-access.log
# Access log format: json | common (Default: common)
#format: common
# filters:
# statusCodes:
# - foobar
# - foobar
# retryAttempts: true
# minDuration: 42
# fields:
# defaultMode: foobar
# names:
# name0: foobar
# name1: foobar
# headers:
# defaultMode: foobar
# names:
# name0: foobar
# name1: foobar
# bufferingSize: 42
#
not used currently-tracing: # this is only hear to fold/unfold the commented region in Notepad++
#tracing:
# serviceName: foobar
# spanNameLimit: 42
# jaeger:
# samplingServerURL: foobar
# samplingType: foobar
# samplingParam: 42
# localAgentHostPort: foobar
# gen128Bit: true
# propagation: foobar
# traceContextHeaderName: foobar
# collector:
# endpoint: foobar
# user: foobar
# password: foobar
# zipkin:
# httpEndpoint: foobar
# sameSpan: true
# id128Bit: true
# sampleRate: 42
# datadog:
# localAgentHostPort: foobar
# globalTag: foobar
# debug: true
# prioritySampling: true
# traceIDHeaderName: foobar
# parentIDHeaderName: foobar
# samplingPriorityHeaderName: foobar
# bagagePrefixHeaderName: foobar
# instana:
# localAgentHost: foobar
# localAgentPort: 42
# logLevel: foobar
# haystack:
# localAgentHost: foobar
# localAgentPort: 42
# globalTag: foobar
# traceIDHeaderName: foobar
# parentIDHeaderName: foobar
# spanIDHeaderName: foobar
# baggagePrefixHeaderName: foobar
#
not used currently-hostResolver: # this is only hear to fold/unfold the commented region in Notepad++
#hostResolver:
# cnameFlattening: true
# resolvConfig: foobar
# resolvDepth: 42
#
certificatesResolvers:
tlsChallenge_letsencrypt:
acme:
email: my.secret@gmail.com
# CA server to use. (Default: https://acme-v02.api.letsencrypt.org/directory)
#caServer:
# location chosen based on on https://www.getpagespeed.com/server-setup/ssl-directory and https://serverfault.com/questions/62496/ssl-certificate-location-on-unix-linux
storage: /etc/ssl/certs/letsencrypt/acme.json
# KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: RSA4096)
#keyType: {}
#dnsChallenge:
# provider: foobar
# delayBeforeCheck: 42
# resolvers:
# - foobar
# - foobar
# disablePropagationCheck: true
#httpChallenge:
# entryPoint: foobar
tlsChallenge: {}
#CertificateResolver1:
# acme:
# email: my.secret@gmail.com
# caServer: foobar
# storage: foobar
# keyType: foobar
# dnsChallenge:
# provider: foobar
# delayBeforeCheck: 42
# resolvers:
# - foobar
# - foobar
# disablePropagationCheck: true
# httpChallenge:
# entryPoint: foobar
# tlsChallenge: {}
