beatzaplenty/docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1d395287dcd16f8c0cddae576258fbb6eb3113dd
docker/core/docker-compose.yml
T

124 lines
4.2 KiB
YAML
Raw Blame History

services:
traefik:
profiles: ["core","all","traefik"]
image: traefik:3
container_name: traefik
restart: always
read_only: true
hostname: traefik.lan.ddnsgeek.com
depends_on:
- error-pages
- authelia
- crowdsec
ports:
- "80:80"
- "443:443"
build:
context: ${PROJECT_ROOT}/core
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${PROJECT_ROOT}/core/traefik/data/letsencrypt:/letsencrypt
- ${PROJECT_ROOT}/core/traefik/data/logs:/logs
- ${PROJECT_ROOT}/core/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
- ${PROJECT_ROOT}/core/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
- ${PROJECT_ROOT}/core/traefik/data/plugins:/plugins-storage
healthcheck:
test: traefik healthcheck --ping
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.lan.ddnsgeek.com`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.routers.traefik.middlewares=authelia"
- "io.portainer.accesscontrol.public"
- "traefik.docker.network=core_traefik"
- "traefik.http.routers.traefik.observability.tracing=true"
networks:
# - reverse_proxy
# - prometheus_edge
- traefik
crowdsec:
# image: crowdsecurity/crowdsec:latest
profiles: ["core","all","traefik"]
build: ${PROJECT_ROOT}/core/crowdsec
container_name: crowdsec
restart: always
environment:
- COLLECTIONS=${CROWDSEC_COLLECTIONS}
volumes:
- ${PROJECT_ROOT}/core/crowdsec/logs:/logs:ro
- ${PROJECT_ROOT}/core/crowdsec/data:/var/lib/crowdsec/data
- ${PROJECT_ROOT}/core/crowdsec/config:/etc/crowdsec
networks:
# - reverse_proxy
- traefik
healthcheck:
test: ["CMD-SHELL", "cscli metrics || exit 1"]
interval: 30s
timeout: 10s
retries: 3
start_period: 15s
error-pages:
profiles: ["core","all","traefik"]
image: tarampampam/error-pages:3
restart: always
container_name: error-pages
read_only: true
environment:
TEMPLATE_NAME: ${ERROR_PAGES_TEMPLATE_NAME}
networks:
# - reverse_proxy
- traefik
hostname: error-pages
labels:
- "traefik.enable=true"
# use as "fallback" for any NON-registered services (with priority below normal)
- "traefik.http.routers.error-pages-router.rule=HostRegexp(`{host:.+}`)"
# should say that all of your services work on https
- "traefik.http.routers.error-pages-router.entrypoints=web"
- "traefik.http.routers.error-pages-router.middlewares=error-pages-middleware"
# "errors" middleware settings
- "traefik.http.middlewares.error-pages-middleware.errors.status=400-599"
- "traefik.http.middlewares.error-pages-middleware.errors.service=error-pages-service"
- "traefik.http.middlewares.error-pages-middleware.errors.query=/{status}.html"
# define service properties
- "traefik.http.services.error-pages-service.loadbalancer.server.port=8080"
- "io.portainer.accesscontrol.public"
authelia:
profiles: ["core","all","traefik"]
image: authelia/authelia
restart: always
build:
context: ${PROJECT_ROOT}/core/authelia
volumes:
- ${PROJECT_ROOT}/core/authelia:/config
networks:
# - reverse_proxy
- traefik
container_name: authelia
labels:
- traefik.enable=true
- traefik.http.routers.authelia.rule=Host(`auth.lan.ddnsgeek.com`)
- traefik.http.routers.authelia.entrypoints=websecure
- traefik.http.routers.authelia.tls=true
- traefik.http.routers.authelia.tls.certresolver=myresolver
- io.portainer.accesscontrol.public
- traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.lan.ddnsgeek.com/
- traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
- traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups
- traefik.http.middlewares.authelia.forwardauth.maxResponseBodySize=2097152
#networks:
# reverse_proxy:
# driver: bridge
# prometheus_edge:
# external: true
Reference in New Issue View Git Blame Copy Permalink