beevk · May 18, 2025 10:01
diff --git a/README.md b/README.md
diff --git a/compose.yaml b/compose.yaml
 networks:
  proxy:
    name: web
    external: true

 services:
  reverse-proxy:
    image: traefik:v2.11
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro # <== Volume for docker admin
      - ./traefik.yaml:/traefik.yml:ro # <== Volume for dynamic conf file, **ref: line 27
      - ./acme.json:/acme.json # Create this file
      #- ./config.yml:/config.yml:ro
      - ./traefik-data/logs:/var/log/
    environment:
      - [email protected] # Your Cloudflare account email
      - CF_DNS_API_TOKEN=CF_TOKEN # Your Cloudflare account Token that has “Zone → DNS → Edit” rights
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`config.your-domain.com`) # Replace with your domain
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.websecure.tls=true
      - traefik.http.routers.websecure.tls.certresolver=cloudflare
      - traefik.http.routers.websecure.tls.domains[0].main=your-domain.com # Replace it with your domain
      - traefik.http.routers.websecure.tls.domains[0].sans=*.your-domain.com # Replace it with your domain
  whoami:
    image: traefik/whoami
    restart: always
    networks:
      - proxy
    ports:
      - "3000:80"
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=Host(`info.your-domain.com`) # Replace it with your domain
      - traefik.http.routers.whoami.entrypoints=websecure
      - traefik.http.routers.whoami.tls=true
      - traefik.http.services.whoami.loadbalancer.server.port=80
diff --git a/traefik.yaml b/traefik.yaml
 api:
  dashboard: true
  debug: true
 log:
  level: INFO
  filepath: /var/log/traefik.log
 entryPoints:
  web:
    address: ":80"
    forwardedHeaders:
      trustedIPs:
        - "173.245.48.0/20"
        - "103.21.244.0/22"
        - "103.22.200.0/22"
        - "103.31.4.0/22"
        - "141.101.64.0/18"
        - "108.162.192.0/18"
        - "190.93.240.0/20"
        - "188.114.96.0/20"
        - "197.234.240.0/22"
        - "198.41.128.0/17"
        - "162.158.0.0/15"
        - "104.16.0.0/13"
        - "104.24.0.0/14"
        - "172.64.0.0/13"
        - "131.0.72.0/22"
        - "2400:cb00::/32"
        - "2606:4700::/32"
        - "2803:f800::/32"
        - "2405:b500::/32"
        - "2405:8100::/32"
        - "2a06:98c0::/29"
        - "2c0f:f248::/32"
  websecure:
    address: ":443"
    forwardedHeaders:
      trustedIPs:
        - "173.245.48.0/20"
        - "103.21.244.0/22"
        - "103.22.200.0/22"
        - "103.31.4.0/22"
        - "141.101.64.0/18"
        - "108.162.192.0/18"
        - "190.93.240.0/20"
        - "188.114.96.0/20"
        - "197.234.240.0/22"
        - "198.41.128.0/17"
        - "162.158.0.0/15"
        - "104.16.0.0/13"
        - "104.24.0.0/14"
        - "172.64.0.0/13"
        - "131.0.72.0/22"
        - "2400:cb00::/32"
        - "2606:4700::/32"
        - "2803:f800::/32"
        - "2405:b500::/32"
        - "2405:8100::/32"
        - "2a06:98c0::/29"
        - "2c0f:f248::/32"

 serversTransport:
  insecureSkipVerify: true
 providers:
  docker:
    network: web
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
 certificatesResolvers:
  cloudflare:
    acme:
      email: [email protected] # Replace with your CF account email
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
 http:
  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
	networks:
	proxy:
	name: web
	external: true

	services:
	reverse-proxy:
	image: traefik:v2.11
	restart: always
	ports:
	- "80:80"
	- "443:443"
	- "8080:8080"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro # <== Volume for docker admin
	- ./traefik.yaml:/traefik.yml:ro # <== Volume for dynamic conf file, **ref: line 27
	- ./acme.json:/acme.json # Create this file
	#- ./config.yml:/config.yml:ro
	- ./traefik-data/logs:/var/log/
	environment:
	- [email protected] # Your Cloudflare account email
	- CF_DNS_API_TOKEN=CF_TOKEN # Your Cloudflare account Token that has “Zone → DNS → Edit” rights
	networks:
	- proxy
	labels:
	- traefik.enable=true
	- traefik.http.routers.api.rule=Host(`config.your-domain.com`) # Replace with your domain
	- traefik.http.routers.api.service=api@internal
	- traefik.http.routers.websecure.tls=true
	- traefik.http.routers.websecure.tls.certresolver=cloudflare
	- traefik.http.routers.websecure.tls.domains[0].main=your-domain.com # Replace it with your domain
	- traefik.http.routers.websecure.tls.domains[0].sans=*.your-domain.com # Replace it with your domain
	whoami:
	image: traefik/whoami
	restart: always
	networks:
	- proxy
	ports:
	- "3000:80"
	labels:
	- traefik.enable=true
	- traefik.http.routers.whoami.rule=Host(`info.your-domain.com`) # Replace it with your domain
	- traefik.http.routers.whoami.entrypoints=websecure
	- traefik.http.routers.whoami.tls=true
	- traefik.http.services.whoami.loadbalancer.server.port=80
	api:
	dashboard: true
	debug: true
	log:
	level: INFO
	filepath: /var/log/traefik.log
	entryPoints:
	web:
	address: ":80"
	forwardedHeaders:
	trustedIPs:
	- "173.245.48.0/20"
	- "103.21.244.0/22"
	- "103.22.200.0/22"
	- "103.31.4.0/22"
	- "141.101.64.0/18"
	- "108.162.192.0/18"
	- "190.93.240.0/20"
	- "188.114.96.0/20"
	- "197.234.240.0/22"
	- "198.41.128.0/17"
	- "162.158.0.0/15"
	- "104.16.0.0/13"
	- "104.24.0.0/14"
	- "172.64.0.0/13"
	- "131.0.72.0/22"
	- "2400:cb00::/32"
	- "2606:4700::/32"
	- "2803:f800::/32"
	- "2405:b500::/32"
	- "2405:8100::/32"
	- "2a06:98c0::/29"
	- "2c0f:f248::/32"
	websecure:
	address: ":443"
	forwardedHeaders:
	trustedIPs:
	- "173.245.48.0/20"
	- "103.21.244.0/22"
	- "103.22.200.0/22"
	- "103.31.4.0/22"
	- "141.101.64.0/18"
	- "108.162.192.0/18"
	- "190.93.240.0/20"
	- "188.114.96.0/20"
	- "197.234.240.0/22"
	- "198.41.128.0/17"
	- "162.158.0.0/15"
	- "104.16.0.0/13"
	- "104.24.0.0/14"
	- "172.64.0.0/13"
	- "131.0.72.0/22"
	- "2400:cb00::/32"
	- "2606:4700::/32"
	- "2803:f800::/32"
	- "2405:b500::/32"
	- "2405:8100::/32"
	- "2a06:98c0::/29"
	- "2c0f:f248::/32"

	serversTransport:
	insecureSkipVerify: true
	providers:
	docker:
	network: web
	endpoint: "unix:///var/run/docker.sock"
	exposedByDefault: false
	certificatesResolvers:
	cloudflare:
	acme:
	email: [email protected] # Replace with your CF account email
	storage: acme.json
	dnsChallenge:
	provider: cloudflare
	#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
	resolvers:
	- "1.1.1.1:53"
	- "1.0.0.1:53"
	http:
	middlewares:
	redirect-to-https:
	redirectScheme:
	scheme: https