backend_and_cms/docker-compose.traefik.yml

services:
  traefik:
    image: traefik:3.0
    ports:
      # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
      - 80:80
      # Listen on port 443, default for HTTPS
      - 443:443
    restart: always
    labels:
      # Enable Traefik for this service, to make it available in the public network
      - traefik.enable=true
      # Use the traefik-public network (declared below)
      - traefik.docker.network=traefik-public
      # Define the port inside of the Docker service to use
      - traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080
      # Make Traefik use this domain (from an environment variable) in HTTP
      - traefik.http.routers.traefik-dashboard-http.entrypoints=http
      - traefik.http.routers.traefik-dashboard-http.rule=Host(`traefik.${DOMAIN?Variable not set}`)
      # traefik-https the actual router using HTTPS
      - traefik.http.routers.traefik-dashboard-https.entrypoints=https
      - traefik.http.routers.traefik-dashboard-https.rule=Host(`traefik.${DOMAIN?Variable not set}`)
      - traefik.http.routers.traefik-dashboard-https.tls=true
      # Use the "le" (Let's Encrypt) resolver created below
      - traefik.http.routers.traefik-dashboard-https.tls.certresolver=le
      # Use the special Traefik service api@internal with the web UI/Dashboard
      - traefik.http.routers.traefik-dashboard-https.service=api@internal
      # https-redirect middleware to redirect HTTP to HTTPS
      # - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      # - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      # traefik-http set up only to use the middleware to redirect to https
      - traefik.http.routers.traefik-dashboard-http.middlewares=https-redirect
      # admin-auth middleware with HTTP Basic auth
      # Using the environment variables USERNAME and HASHED_PASSWORD
      - traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
      # Enable HTTP Basic auth, using the middleware created above
      - traefik.http.routers.traefik-dashboard-https.middlewares=admin-auth
    volumes:
      # Add Docker as a mounted volume, so that Traefik can read the labels of other services
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Mount the volume to store the certificates
      - traefik-public-certificates:/certificates
    command:
      # Enable Docker in Traefik, so that it reads labels from Docker services
      - --providers.docker
      # Do not expose all Docker services, only the ones explicitly exposed
      - --providers.docker.exposedbydefault=false
      # Create an entrypoint "http" listening on port 80
      - --entrypoints.http.address=:80
      # Create an entrypoint "https" listening on port 443
      - --entrypoints.https.address=:443
      # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
      - --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
      # Store the Let's Encrypt certificates in the mounted volume
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      # Use the TLS Challenge for Let's Encrypt
      - --certificatesresolvers.le.acme.tlschallenge=true
      # Enable the access log, with HTTP requests
      - --accesslog
      # Enable the Traefik log, for configurations and errors
      - --log
      # Enable the Dashboard and API
      - --api
    networks:
      # Use the public network created to be shared between Traefik and
      # any other service that needs to be publicly available with HTTPS
      - traefik-public

volumes:
  # Create a volume to store the certificates, even if the container is recreated
  traefik-public-certificates:

networks:
  # Use the previously created public network "traefik-public", shared with other
  # services that need to be publicly available via this Traefik
  traefik-public:
    external: true
first commit 2024-09-17 12:11:39 +08:00			`services:`
			`traefik:`
			`image: traefik:3.0`
			`ports:`
			`# Listen on port 80, default for HTTP, necessary to redirect to HTTPS`
			`- 80:80`
			`# Listen on port 443, default for HTTPS`
			`- 443:443`
			`restart: always`
			`labels:`
			`# Enable Traefik for this service, to make it available in the public network`
			`- traefik.enable=true`
			`# Use the traefik-public network (declared below)`
			`- traefik.docker.network=traefik-public`
			`# Define the port inside of the Docker service to use`
			`- traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080`
			`# Make Traefik use this domain (from an environment variable) in HTTP`
			`- traefik.http.routers.traefik-dashboard-http.entrypoints=http`
			- traefik.http.routers.traefik-dashboard-http.rule=Host(`traefik.${DOMAIN?Variable not set}`)
			`# traefik-https the actual router using HTTPS`
			`- traefik.http.routers.traefik-dashboard-https.entrypoints=https`
			- traefik.http.routers.traefik-dashboard-https.rule=Host(`traefik.${DOMAIN?Variable not set}`)
			`- traefik.http.routers.traefik-dashboard-https.tls=true`
			`# Use the "le" (Let's Encrypt) resolver created below`
			`- traefik.http.routers.traefik-dashboard-https.tls.certresolver=le`
			`# Use the special Traefik service api@internal with the web UI/Dashboard`
			`- traefik.http.routers.traefik-dashboard-https.service=api@internal`
			`# https-redirect middleware to redirect HTTP to HTTPS`
redirect 2024-10-07 19:22:05 +08:00			`# - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https`
			`# - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true`
first commit 2024-09-17 12:11:39 +08:00			`# traefik-http set up only to use the middleware to redirect to https`
			`- traefik.http.routers.traefik-dashboard-http.middlewares=https-redirect`
			`# admin-auth middleware with HTTP Basic auth`
			`# Using the environment variables USERNAME and HASHED_PASSWORD`
			`- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}`
			`# Enable HTTP Basic auth, using the middleware created above`
			`- traefik.http.routers.traefik-dashboard-https.middlewares=admin-auth`
			`volumes:`
			`# Add Docker as a mounted volume, so that Traefik can read the labels of other services`
			`- /var/run/docker.sock:/var/run/docker.sock:ro`
			`# Mount the volume to store the certificates`
			`- traefik-public-certificates:/certificates`
			`command:`
			`# Enable Docker in Traefik, so that it reads labels from Docker services`
			`- --providers.docker`
			`# Do not expose all Docker services, only the ones explicitly exposed`
			`- --providers.docker.exposedbydefault=false`
			`# Create an entrypoint "http" listening on port 80`
			`- --entrypoints.http.address=:80`
			`# Create an entrypoint "https" listening on port 443`
			`- --entrypoints.https.address=:443`
			`# Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL`
			`- --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}`
			`# Store the Let's Encrypt certificates in the mounted volume`
			`- --certificatesresolvers.le.acme.storage=/certificates/acme.json`
			`# Use the TLS Challenge for Let's Encrypt`
			`- --certificatesresolvers.le.acme.tlschallenge=true`
			`# Enable the access log, with HTTP requests`
			`- --accesslog`
			`# Enable the Traefik log, for configurations and errors`
			`- --log`
			`# Enable the Dashboard and API`
			`- --api`
			`networks:`
			`# Use the public network created to be shared between Traefik and`
			`# any other service that needs to be publicly available with HTTPS`
			`- traefik-public`

			`volumes:`
			`# Create a volume to store the certificates, even if the container is recreated`
			`traefik-public-certificates:`

			`networks:`
			`# Use the previously created public network "traefik-public", shared with other`
			`# services that need to be publicly available via this Traefik`
			`traefik-public:`
			`external: true`