beevk · April 7, 2024 18:12
diff --git a/ghost-compose.yml b/ghost-compose.yml
 # docker compose for Ghost
 networks:
  proxy:
    name: web
    external: true

 services:
  ghost:
    image: beevk/ghost-s3:v1.0.0
    restart: always
    ports:
      - 2368:2368
    environment:
      database__client: mysql
      database__connection__host: db-host
      # and other environment variables
    labels:
      - traefik.enable=true
      - traefik.http.routers.ghost.rule=Host(`my-domain.com`) || Host(`www.my-domain.com`)
      - traefik.http.middlewares.my-auth-middleware.forwardauth.trustForwardHeader=true # To trust x-forwarded-* set by Cloudflare
      - traefik.http.routers.ghost.middlewares=my-auth-middleware
      - traefik.http.routers.ghost.tls=true # to use HTTPS
      - traefik.http.routers.ghost.tls.certresolver=cloudflare # is it even needed?
    volumes:
      - ./ghost-data:/var/lib/ghost/content
    networks:
      - proxy
diff --git a/traefik-compose.yml b/traefik-compose.yml
 # docker compose for Traefik
 services:
  reverse-proxy:
    image: traefik:v2.11
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik-data/config/traefik.yml:/traefik.yml:ro
      - ./traefik-data/config/acme.json:/acme.json
      - ./traefik-data/logs:/var/log/
    environment:
      - [email protected]
      - CF_DNS_API_TOKEN=cloudflare-api-token
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`config.my-domain.com`)
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.websecure.tls=true
      - traefik.http.routers.websecure.tls.certresolver=cloudflare
      - traefik.http.routers.websecure.tls.domains[0].main=my-domain.com
      - traefik.http.routers.websecure.tls.domains[0].sans=*.my-domain.com
  whoami:
    image: traefik/whoami
    restart: always
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`info.my-domain.com`)
diff --git a/traefik.yml b/traefik.yml
 api:
  dashboard: true
  debug: true
 entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
 serversTransport:
  insecureSkipVerify: true
 providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
 certificatesResolvers:
  cloudflare:
    acme:
      email: [email protected] #add your email
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
 http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
	# docker compose for Ghost
	networks:
	proxy:
	name: web
	external: true

	services:
	ghost:
	image: beevk/ghost-s3:v1.0.0
	restart: always
	ports:
	- 2368:2368
	environment:
	database__client: mysql
	database__connection__host: db-host
	# and other environment variables
	labels:
	- traefik.enable=true
	- traefik.http.routers.ghost.rule=Host(`my-domain.com`) \|\| Host(`www.my-domain.com`)
	- traefik.http.middlewares.my-auth-middleware.forwardauth.trustForwardHeader=true # To trust x-forwarded-* set by Cloudflare
	- traefik.http.routers.ghost.middlewares=my-auth-middleware
	- traefik.http.routers.ghost.tls=true # to use HTTPS
	- traefik.http.routers.ghost.tls.certresolver=cloudflare # is it even needed?
	volumes:
	- ./ghost-data:/var/lib/ghost/content
	networks:
	- proxy
	# docker compose for Traefik
	services:
	reverse-proxy:
	image: traefik:v2.11
	restart: always
	ports:
	- "80:80"
	- "443:443"
	- "8080:8080"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	- ./traefik-data/config/traefik.yml:/traefik.yml:ro
	- ./traefik-data/config/acme.json:/acme.json
	- ./traefik-data/logs:/var/log/
	environment:
	- [email protected]
	- CF_DNS_API_TOKEN=cloudflare-api-token
	networks:
	- proxy
	labels:
	- traefik.enable=true
	- traefik.http.routers.api.rule=Host(`config.my-domain.com`)
	- traefik.http.routers.api.service=api@internal
	- traefik.http.routers.websecure.tls=true
	- traefik.http.routers.websecure.tls.certresolver=cloudflare
	- traefik.http.routers.websecure.tls.domains[0].main=my-domain.com
	- traefik.http.routers.websecure.tls.domains[0].sans=*.my-domain.com
	whoami:
	image: traefik/whoami
	restart: always
	networks:
	- proxy
	labels:
	- traefik.enable=true
	- traefik.http.routers.whoami.rule=Host(`info.my-domain.com`)
	api:
	dashboard: true
	debug: true
	entryPoints:
	web:
	address: ":80"
	websecure:
	address: ":443"
	serversTransport:
	insecureSkipVerify: true
	providers:
	docker:
	endpoint: "unix:///var/run/docker.sock"
	exposedByDefault: false
	certificatesResolvers:
	cloudflare:
	acme:
	email: [email protected] #add your email
	storage: acme.json
	dnsChallenge:
	provider: cloudflare
	#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
	resolvers:
	- "1.1.1.1:53"
	- "1.0.0.1:53"
	http:
	middlewares:
	redirect-to-https:
	redirectScheme:
	scheme: https