mTrax- · October 13, 2019 19:50
diff --git a/docker-compose.yml b/docker-compose.yml
 version: "3.3"

 services:
  reverse-proxy:
    image: traefik:latest
    restart: unless-stopped
    command:
      - --api
      - --providers.docker=true
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker.exposedbydefault=false
      #- --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - [email protected]
      - --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
    ports:
      - 80:80
      #- 8080:8080
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      #- ./traefik.toml:/etc/traefik/traefik.toml
      - ./letsencrypt:/letsencrypt
    labels:
      # Dashboard
      # Explicitly tell Traefik to expose this container
      - traefik.enable=true
      - traefik.http.routers.traefik.rule=Host(`traefik.domain.tld`)
      - traefik.http.routers.traefik.service=api@internal
      - traefik.http.routers.traefik.tls.certresolver=leresolver
      - traefik.http.routers.traefik.entrypoints=websecure
        # Authentication
      - traefik.http.routers.traefik.middlewares=traefik-auth
      - traefik.http.middlewares.traefik-auth.basicauth.users=user:pwd

      # global redirect to https
      - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
      - traefik.http.routers.http-catchall.entrypoints=web
      - traefik.http.routers.http-catchall.middlewares=redirect-to-https

      # middleware redirect
      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https

      # test redirect to a host outside docker
      - traefik.http.routers.website_router.rule=Host(`website.domain.tld`)
      - traefik.http.routers.website_router.entrypoints=websecure
      - traefik.http.routers.website_router.tls.certresolver=leresolver
      - traefik.http.routers.website_router.service=sonarr_service
      - traefik.http.services.website_service.loadbalancer.server.url=http://ip_on_host_network
      - traefik.http.services.website_service.loadbalancer.server.port=website_port


  watchtower:
    image: containrrr/watchtower
    environment:
      - --cleanup=true
      - --interval=30
      - --stop-timeout=30
      - --notifications=slack
      - --notification-slack-hook-url="https://discordapp.com/api/webhooks/id/id/slack"
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock


  portainer:
    image: portainer/portainer
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./portainer_data:/data
    labels:
      # Explicitly tell Traefik to expose this container
      - traefik.enable=true
      #- traefik.port=9000 (it works without, why is it redirected to this port ?)
      # Explicitely tell Watchtower to ignore this container
      #- com.centurylinklabs.watchtower.enable=false
      - traefik.http.routers.portainer.rule=Host(`portainer.domain.tld`)
      - traefik.http.routers.portainer.tls.certresolver=leresolver
      - traefik.http.routers.portainer.entrypoints=websecure
	version: "3.3"

	services:
	reverse-proxy:
	image: traefik:latest
	restart: unless-stopped
	command:
	- --api
	- --providers.docker=true
	- --entrypoints.web.address=:80
	- --entrypoints.websecure.address=:443
	- --providers.docker.exposedbydefault=false
	#- --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
	- [email protected]
	- --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
	- --certificatesresolvers.leresolver.acme.tlschallenge=true
	ports:
	- 80:80
	#- 8080:8080
	- 443:443
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock:ro
	#- ./traefik.toml:/etc/traefik/traefik.toml
	- ./letsencrypt:/letsencrypt
	labels:
	# Dashboard
	# Explicitly tell Traefik to expose this container
	- traefik.enable=true
	- traefik.http.routers.traefik.rule=Host(`traefik.domain.tld`)
	- traefik.http.routers.traefik.service=api@internal
	- traefik.http.routers.traefik.tls.certresolver=leresolver
	- traefik.http.routers.traefik.entrypoints=websecure
	# Authentication
	- traefik.http.routers.traefik.middlewares=traefik-auth
	- traefik.http.middlewares.traefik-auth.basicauth.users=user:pwd

	# global redirect to https
	- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
	- traefik.http.routers.http-catchall.entrypoints=web
	- traefik.http.routers.http-catchall.middlewares=redirect-to-https

	# middleware redirect
	- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https

	# test redirect to a host outside docker
	- traefik.http.routers.website_router.rule=Host(`website.domain.tld`)
	- traefik.http.routers.website_router.entrypoints=websecure
	- traefik.http.routers.website_router.tls.certresolver=leresolver
	- traefik.http.routers.website_router.service=sonarr_service
	- traefik.http.services.website_service.loadbalancer.server.url=http://ip_on_host_network
	- traefik.http.services.website_service.loadbalancer.server.port=website_port


	watchtower:
	image: containrrr/watchtower
	environment:
	- --cleanup=true
	- --interval=30
	- --stop-timeout=30
	- --notifications=slack
	- --notification-slack-hook-url="https://discordapp.com/api/webhooks/id/id/slack"
	restart: unless-stopped
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock


	portainer:
	image: portainer/portainer
	restart: unless-stopped
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- ./portainer_data:/data
	labels:
	# Explicitly tell Traefik to expose this container
	- traefik.enable=true
	#- traefik.port=9000 (it works without, why is it redirected to this port ?)
	# Explicitely tell Watchtower to ignore this container
	#- com.centurylinklabs.watchtower.enable=false
	- traefik.http.routers.portainer.rule=Host(`portainer.domain.tld`)
	- traefik.http.routers.portainer.tls.certresolver=leresolver
	- traefik.http.routers.portainer.entrypoints=websecure