invoiceninja-docker/config/traefik/examples/http-01/docker-compose.override.yml

version: "3.7"

services:
  traefik:
    # The official v2 Traefik docker image
    image: traefik:latest
    container_name: traefik
    restart: always
    env_file: env
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    networks:
      - "invoiceninja"
    volumes:
      # So that Traefik can listen to the Docker events
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      # Dynamic configuration files
      - "./config/traefik/config:/conf:ro"
      # Enable Access Log
      - "./config/traefik/logs/:/var/log/www/"
      # LetsEncrypt Configuration Storage
      - "./config/traefik/ssl-files:/ssl"
    command:
      # Send usage statistics (or not)
      - "--global.sendAnonymousUsage=false"
      # By default, the level is set to ERROR. Alternative logging levels are 
      # DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
      - "--log.level=WARN"
      # Enable Access Log
      - "--accesslog.filepath=/var/log/www/access.log"
      # Enable Dashboard
      - "--api.insecure=false"
      - "--api.dashboard=true"
      - "--api.debug=true"
      # We are using Docker
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # (Optional) Set default hostname if not given explicitly
      - "--providers.docker.defaultRule=Host(`${APP_URL_DOMAIN}`)"
      # Listen on port 80 (http)
      - "--entrypoints.web.address=:80"
      # Listen on port 443 (https)
      - "--entrypoints.websecure.address=:443"
      # Listen on port 8080 (traefik Dashboard)
      - "--entrypoints.traefik-dashbaord.address=:8080"
      # Watch dynamic configuration file
      - "--providers.file.directory=/conf"
      - "--providers.file.watch=true"
      # Automaticly redirect from http to https
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      ################ START SSL configuration ################
      # ---------> LetsEncrypt <---------
      # HTTP-Challenge
      - "--certificatesresolvers.http-01.acme.httpchallenge=true"
      - "--certificatesresolvers.http-01.acme.httpchallenge.entrypoint=web"
      # (Optional) Use testing server before receiving the productive ssl certificate
      #- "--certificatesresolvers.http-01.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.http-01.acme.email=${ACME_EMAIL}"
      - "--certificatesresolvers.http-01.acme.storage=/ssl/acme.json"
      ################  END SSL configuration  ################
    labels:
      # Enable Traefik
      - "traefik.enable=true"
      # Set Network to use
      - "traefik.docker.network=invoiceninja"
      # Set service type
      - "traefik.http.routers.traefik-dashbaord.service=api@internal"
      # Load dynamic config from conf/*.yml
      - "traefik.http.routers.traefik-dashbaord.middlewares=default@file,basic-auth@file"
      # Define entrypint to use
      - "traefik.http.routers.traefik-dashbaord.entrypoints=traefik-dashbaord"
      # Define Hostname and path
      - "traefik.http.routers.traefik-dashbaord.rule=Host(`${APP_URL_DOMAIN}`) && PathPrefix(`/api`,`/dashboard`)"
      # Enable SSL/TLS
      - "traefik.http.routers.traefik-dashbaord.tls=true"
      - "traefik.http.routers.traefik-dashbaord.tls.certResolver=http-01"

  server:
    labels:
      # Enable Traefik
      - "traefik.enable=true"
      # Set Network to use
      - "traefik.docker.network=invoiceninja"
      # Load dynamic config
      - "traefik.http.routers.ninja-nginx.middlewares=default@file"
      # Service related labels
      - "traefik.http.routers.ninja-nginx.entrypoints=websecure"
      - "traefik.http.routers.ninja-nginx.rule=Host(`${APP_URL_DOMAIN}`)"
      - "traefik.http.routers.ninja-nginx.tls=true"
      - "traefik.http.routers.ninja-nginx.tls.certResolver=http-01"