Last active
December 8, 2018 21:20
-
-
Save ties/271ec0cd9b6d68f4b49aebcdb7691cc0 to your computer and use it in GitHub Desktop.
Traefik/Docker
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| # [...] | |
| # A LAN-only container: | |
| iot-grafana: | |
| image: grafana/grafana | |
| restart: unless-stopped | |
| networks: | |
| iot: | |
| ipv4_address: 10.48.3.2 | |
| web: {} | |
| volumes: | |
| - /opt/grafana/storage:/var/lib/grafana | |
| labels: | |
| - "traefik.docker.network=web" | |
| - "traefik.enable=true" | |
| - "traefik.basic.frontend.rule=Host:grafana.lanonly.tld" | |
| networks: | |
| # ... | |
| web: | |
| external: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # DO_AUTH_TOKEN in .env | |
| # | |
| version: '2' | |
| services: | |
| # Traefik | |
| traefik: | |
| image: traefik:alpine | |
| restart: unless-stopped | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| - 9000:9000 | |
| networks: | |
| - web | |
| volumes: | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - /opt/traefik/traefik.toml:/traefik.toml | |
| - /opt/traefik/acme.json:/acme.json | |
| container_name: traefik | |
| environment: | |
| - DO_AUTH_TOKEN=${DO_AUTH_TOKEN} | |
| networks: | |
| web: | |
| external: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ebug = false | |
| logLevel = "INFO" | |
| defaultEntryPoints = ["https","http"] | |
| [api] | |
| entryPoint = "internal" | |
| dashboard = true | |
| # | |
| # Only allow localhost/LANv4/LANv6 ip's to reach the proxied entrypoints. | |
| # | |
| [entryPoints] | |
| [entryPoints.http] | |
| sourceRange = ["127.0.0.1/32", "192.168.1.0/24", "2001:DEAD:BEEF::/48"] | |
| address = ":80" | |
| [entryPoints.http.redirect] | |
| entryPoint = "https" | |
| [entryPoints.internal] | |
| address = ":9000" | |
| [entryPoints.https] | |
| sourceRange = ["127.0.0.1/32", "192.168.1.0/24", "2001:DEAD:BEEF::/48"] | |
| address = ":443" | |
| [entryPoints.https.tls] | |
| [retry] | |
| [docker] | |
| endpoint = "unix:///var/run/docker.sock" | |
| domain = "lanonly.tld" | |
| watch = true | |
| exposedByDefault = false | |
| [acme] | |
| email = "[EMAIL]" | |
| storage = "acme.json" | |
| entryPoint = "https" | |
| onHostRule = true | |
| caServer = "https://acme-v02.api.letsencrypt.org/directory" | |
| acmeLoging = true | |
| [acme.dnsChallenge] | |
| provider = "digitalocean" | |
| delayBeforeCheck = 0 | |
| resolvers = ["1.1.1.1:53", "8.8.8.8:53"] | |
| # | |
| # Configure this domain with only nameserver records (pointing to digitalocean) | |
| # and make sure the hostnames you use resolve. Some router firmwares (e.g. openwrt, pfsense) | |
| # can configure this. | |
| # | |
| # Alternatively, run a full DNS server, possibly with a web UI for easy configuration... | |
| # | |
| [[acme.domains]] | |
| main = "*.lanonly.tld" | |
| sans = ["lanonly.tld"] | |
| [[acme.domains]] | |
| main = "otherdomain.com" | |
| sans = ["sub.otherdomain.com"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment