version: "3.7" services: traefik: # The official v2 Traefik docker image image: traefik:latest container_name: traefik restart: always env_file: env ports: - "80:80" - "443:443" - "8080:8080" networks: - "invoiceninja" volumes: # So that Traefik can listen to the Docker events - "/var/run/docker.sock:/var/run/docker.sock:ro" # Dynamic configuration files - "./config/traefik/config:/conf:ro" # Enable Access Log - "./config/traefik/logs/:/var/log/www/" # LetsEncrypt Configuration Storage - "./config/traefik/ssl-files:/ssl" command: # Send usage statistics (or not) - "--global.sendAnonymousUsage=false" # By default, the level is set to ERROR. Alternative logging levels are # DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. - "--log.level=WARN" # Enable Access Log - "--accesslog.filepath=/var/log/www/access.log" # Enable Dashboard - "--api.insecure=false" - "--api.dashboard=true" - "--api.debug=true" # We are using Docker - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" # (Optional) Set default hostname if not given explicitly - "--providers.docker.defaultRule=Host(`${APP_URL_DOMAIN}`)" # Listen on port 80 (http) - "--entrypoints.web.address=:80" # Listen on port 443 (https) - "--entrypoints.websecure.address=:443" # Listen on port 8080 (traefik Dashboard) - "--entrypoints.traefik-dashbaord.address=:8080" # Watch dynamic configuration file - "--providers.file.directory=/conf" - "--providers.file.watch=true" # Automaticly redirect from http to https - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" ################ START SSL configuration ################ # ---------> Cloudflare <--------- # DNS challenge via Cloudflare - "--certificatesresolvers.cloudflare.acme.email=${ACME_EMAIL}" - "--certificatesresolvers.cloudflare.acme.storage=/ssl/acme.json" - "--certificatesresolvers.cloudflare.acme.dnsChallenge.provider=cloudflare" - "--certificatesresolvers.cloudflare.acme.dnsChallenge.delayBeforeCheck=60" - "--certificatesresolvers.cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53" # (Optional) Use testing server before receiving the productive ssl certificate #- --certificatesresolvers.cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory - "--entrypoints.websecure.http.tls.domains[0].main=${APP_URL_DOMAIN}" # (Optional) Use only, if you are able to receive a wildcard ssl certificate # - "--entrypoints.websecure.http.tls.domains[0].main=*.${APP_URL_DOMAIN}" # -------------------------------- ################ END SSL configuration ################ labels: # Enable Traefik - "traefik.enable=true" # Set Network to use - "traefik.docker.network=invoiceninja" # Set service type - "traefik.http.routers.traefik-dashbaord.service=api@internal" # Load dynamic config from conf/*.yml - "traefik.http.routers.traefik-dashbaord.middlewares=default@file,basic-auth@file" # Define entrypint to use - "traefik.http.routers.traefik-dashbaord.entrypoints=traefik-dashbaord" # Define Hostname and path - "traefik.http.routers.traefik-dashbaord.rule=Host(`${APP_URL_DOMAIN}`) && PathPrefix(`/api`,`/dashboard`)" # Enable SSL/TLS - "traefik.http.routers.traefik-dashbaord.tls=true" - "traefik.http.routers.traefik-dashbaord.tls.certResolver=cloudflare" server: labels: # Enable Traefik - "traefik.enable=true" # Set Network to use - "traefik.docker.network=invoiceninja" # Load dynamic config - "traefik.http.routers.ninja-nginx.middlewares=default@file" # Service related labels - "traefik.http.routers.ninja-nginx.entrypoints=websecure" - "traefik.http.routers.ninja-nginx.rule=Host(`${APP_URL_DOMAIN}`)" - "traefik.http.routers.ninja-nginx.tls=true" - "traefik.http.routers.ninja-nginx.tls.certResolver=cloudflare"