My problem is self assigned cert instead of lets-encrypt cert
docker-compose.yml:
version: "3.7"
services:
traefik:
image: traefik
command:
- --api
- --providers.docker
- --providers.docker.exposedbydefault=false
ports:
- 8080:8080
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/data/traefik.yml:/etc/traefik/traefik.yml
- /var/run/docker.sock:/var/run/docker.sock
networks:
- public
- private
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`dashboard.example.com`)"
- "traefik.http.routers.dashboard.service=api#internal"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:admin"
replicas: 1
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
service labels
- "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.registry.tls.domains[0].main=example.com"
- "traefik.http.routers.registry.tls.domains[0].sans=*.example.com"
- "traefik.http.routers.gites.tls.certresolver=resolver"
- "traefik.http.services.gitea-svc.loadbalancer.server.port=3000"
traefik.yml:
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
certificatesResolvers:
resolver:
acme:
email: mail#example.com
storage: acme.json
tlsChallenge: {}
This is what I get in my Firefox:
This is happend, because browser takes traefik default cert, but there is must be lets-encrypt cert With log level debug I get
level=debug msg="http: TLS handshake error from 192.168.80.1:53932: remote error: tls: bad certificate"
I solve my problem
docker-compose.yml:
version: "3.7"
services:
traefik:
image: traefik:v2.2.11
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/data/traefik.yml:/etc/traefik/traefik.yml
- /var/run/docker.sock:/var/run/docker.sock
- /etc/data/letsencrypt:/letsencrypt
networks:
- public
- private
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=web"
- "traefik.http.routers.traefik.rule=Host(`dashboard.example.com`)"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=web"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`dashboard.example.com`)"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=resolver"
- "traefik.http.routers.traefik-secure.service=api#internal"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
gitea:
image: gitea/gitea:latest
environment:
- APP_NAME=Gitea
- USER_UID=1000
- USER_GID=1000
- ROOT_URL=https://gitea.example.com
- SSH_DOMAIN=gitea.example.com
- SSH_PORT=2222
- HTTP_PORT=3000
- DB_TYPE=postgres
- DB_HOST=gitea-db:5432
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=gitea
volumes:
- gitea_app:/data
ports:
- 2222:2222
networks:
- public
- private
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.entrypoints=web"
- "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)"
- "traefik.http.middlewares.gitea-https-redirect.redirectscheme.scheme=websecure"
- "traefik.http.routers.gitea.middlewares=gitea-https-redirect"
- "traefik.http.routers.gitea-secure.entrypoints=websecure"
- "traefik.http.routers.gitea-secure.rule=Host(`gitea.example.com`)"
- "traefik.http.routers.gitea-secure.tls=true"
- "traefik.http.routers.gitea-secure.tls.certresolver=resolver"
- "traefik.http.routers.gitea-secure.service=gitea"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
- "traefik.docker.network=public"
gitea-db:
image: postgres:alpine
volumes:
- gitea_db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- private
traefik.yml
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
api:
dashboard: true
log:
level: DEBUG
providers:
docker:
exposedbydefault: false
endpoint: "unix:///var/run/docker.sock"
swarmMode: true
certificatesResolvers:
resolver:
acme:
email: mail#example.com
storage: letsencrypt/acme.json
httpChallenge:
entryPoint: web
also I have a letsencrypt empty folder for acme.json file
Related
I am trying to deploy Wordpress application on docker swarm stack, behind Traefik reverse proxy, I wanted to use Nginx for reverse proxying but as the the Wordpress is deployed with 2 replicas I am facing session time out issue, therefore I am trying the use Traefik instaed to configure sticky session later.
I have deployed the Traefik service successfully and can access the dashboard, but the Wordpress is not being proxied and it is not showing in the services list on the dashboard.
Traefik Dashboard Screenshot
Traefik Dashboard 2
Traefik Proxy yaml File:
version: '3.3'
services:
traefik:
image: traefik:v2.2
ports:
- 80:80
- 443:443
deploy:
placement:
constraints:
# Make the traefik service run only on the node with this label
# as the node with it has the volume for the certificates
- node.labels.traefik-public.traefik-public-certificates == true
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-http.entrypoints=http
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
- traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
- traefik.http.routers.traefik-public-https.service=api#internal
- traefik.http.routers.traefik-public-https.tls.certresolver=le
- traefik.http.routers.traefik-public-https.middlewares=admin-auth
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-public-certificates:/certificates
command:
- --providers.docker
- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
- --providers.docker.exposedbydefault=false
- --providers.docker.swarmmode
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --accesslog
- --log
- --api
networks:
- traefik-public
volumes:
traefik-public-certificates:
networks:
traefik-public:
external: true
Wordpress yaml File:
version: "3.4"
services:
db:
image: mariadb
secrets:
- db_user
- db_pass
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_pass
MYSQL_USER_FILE: /run/secrets/db_user
MYSQL_PASSWORD_FILE: /run/secrets/db_pass
MYSQL_DATABASE_NAME: wpdb
ports:
- 3306:3306
networks:
- backend
volumes:
- db-data:/var/lib/mysql
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 60s
wp:
image: wordpress
secrets:
- db_user
- db_pass
depends_on:
- db
labels:
- traefik.enable=true
- traefik.constraint-label=traefik-public
- traefik.docker.network=traefik-public
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.wp.rule=Host(`example.com`)
- traefik.http.routers.wp.entrypoints=http
- traefik.http.routers.wp.middlewares=https-redirect
- traefik.http.routers.wp-secured.rule=Host(`example.com`)
- traefik.http.routers.wp-secured.entrypoints=https
- traefik.http.routers.wp-secured.tls=true
- traefik.http.routers.wp-secured.tls.certresolver=le
- traefik.http.services.wp.loadbalancer.server.port=8080
environment:
WORDPRESS_DB_HOST: 192.168.20.30:3306 # node IP
WORDPRESS_DB_USER_FILE: /run/secrets/db_user
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_pass
WORDPRESS_DB_NAME: wpdb
networks:
- backend
- traefik-public
volumes:
- wp-data:/var/www/html
deploy:
replicas: 2
restart_policy:
condition: on-failure
delay: 10s
max_attempts: 3
window: 60s
networks:
backend:
external: false
traefik-public:
external: true
volumes:
wp-data:
db-data:
secrets:
db_user:
file: ./db_user.txt
db_pass:
file: ./db_pass.txt
```
version: '3.2'
services:
traefik:
image: "traefik:latest"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=public
- --api
- --log.level=ERROR
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
agent:
image: portainer/agent
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:2.0.0
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`portainer.yourdomain.com`)"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.yourdomain.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
networks:
public:
external: true
agent_network:
external: true
volumes:
We can see that "portainer" is in both public and agent_network overlay networks. And it has two IP addresses, 10.0.38.7 and 10.0.39.7.
traefik is only in public network, it has IP address 10.0.38.6.
The problem is, from traefik web UI, it refers "portainer" as 10.0.39.7 instead of 10.0.38.7. So that it fails to work.
Any solution to this?
when i try to reach endpoint for portainer or traefik i get 404 not found error.
It's work well if i setup in docker and not docker swarm. I believe i miss config something like balancer.
something i miss with thetraefik.http.services.<service_name>.loadbalancer.server.port
Without swarm config:
# traefik.yml
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: kevin.gaulin#gmail.com
storage: acme.json
httpChallenge:
entryPoint: http
#docker-compose.yml
version: '3'
services:
traefik:
image: traefik:v2.3.7
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- traefik-proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/traefik.yml:ro
- ./acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik2.${DOMAIN}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${USERNAME}:${HASHED_PASSWORD}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik2.${DOMAIN}`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api#internal"
portainer:
image: portainer/portainer-ce:latest
container_name: portainer
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- traefik-proxy
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./portainer-data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`portainer2.${DOMAIN}`)"
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
- "traefik.http.routers.portainer-secure.entrypoints=https"
- "traefik.http.routers.portainer-secure.rule=Host(`portainer2.${DOMAIN}`)"
- "traefik.http.routers.portainer-secure.tls=true"
- "traefik.http.routers.portainer-secure.tls.certresolver=http"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.docker.network=traefik-proxy"
networks:
traefik-proxy:
external: true
Swarm config
# traefik.yml
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
swarmmode: true
watch: false
certificatesResolvers:
http:
acme:
email: kevin.gaulin#gmail.com
storage: acme.json
httpChallenge:
entryPoint: http
log:
level: DEBUG
# docker-compose.yml
version: '3'
services:
traefik:
image: traefik:v2.3.7
networks:
- traefik-proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/traefik.yml:ro
- ./acme.json:/acme.json
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik2.${DOMAIN}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${USERNAME}:${HASHED_PASSWORD}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik2.${DOMAIN}`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api#internal"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
agent:
image: portainer/agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
networks:
- traefik-proxy
- agent_network
volumes:
- /etc/localtime:/etc/localtime:ro
- ./portainer-data:/data
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`portainer2.${DOMAIN}`)"
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
- "traefik.http.routers.portainer-secure.entrypoints=https"
- "traefik.http.routers.portainer-secure.rule=Host(`portainer2.${DOMAIN}`)"
- "traefik.http.routers.portainer-secure.tls=true"
- "traefik.http.routers.portainer-secure.tls.certresolver=http"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.docker.network=traefik-proxy"
networks:
traefik-proxy:
driver: overlay
external: true
agent_network:
driver: overlay
i've some issues with traefik when i use TLS to connect my API, it cannot connect, i've config follow traefik document https://traefik.io/blog/traefik-2-tls-101-23b4fbee81f1/, someone can help me
version: "3.8"
services:
myproject:
image: registry.gitlab.com/test/myproject:latest
env_file:
- ./myproject/.env
restart: unless-stopped
volumes:
- ./myproject/jwt.pem:/config/jwt.pem
- ./myproject/jwt.pub:/config/jwt.pub
logging:
driver: json-file
options:
max-size: 200k
max-file: "10"
labels:
- traefik.enable=true
- traefik.http.routers.myproject.rule=Host(`mydomain.com`) && PathPrefix(`/api`)
- traefik.http.routers.myproject.tls=true
- traefik.http.routers.myproject.entrypoints=web,websecure
- traefik.http.services.myproject.loadbalancer.server.port=8000
- traefik.http.middlewares.my_headers.headers.accesscontrolallowmethods=GET,OPTIONS,PUT,POST,DELETE
- traefik.http.middlewares.my_headers.headers.accesscontrolalloworigin=*
- traefik.http.middlewares.my_headers.headers.accessControlAllowHeaders=*
- traefik.http.middlewares.my_headers.headers.accesscontrolmaxage=100
- traefik.http.middlewares.my_headers.headers.addvaryheader=true
- traefik.http.middlewares.api_v1_strippath.stripprefix.prefixes=/api
- traefik.http.routers.myproject.middlewares=my_headers,api_v1_strippath
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.file.directory=/configuration/"
- "--providers.file.watch=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./home/ec2-user/myproject/traefik/configuration/:/configuration/"
and certificates.toml :
[[tls.certificates]]
certFile = "/configuration/mykey.cert"
keyFile = "/configuration/mykey.key"
I am having an application with a MongoDB container, a python backend service, a portainer. Traefik is used for routing to portainer and the backend (one API endpoint). The routing works perfectly. However, I want to use SSL, but Traefik 2.2 doesn't fetch the LetsEncrypt certificate.
Dockerfile (I am packing a container, to do a chmod of acme.json)
FROM traefik:v2.2
COPY traefik /etc/traefik
RUN chmod 600 /etc/traefik/acme.json
docker-compose.yml:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$$1"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$$1"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017
/etc/traefik/traefik.toml:
[log]
level = "DEBUG"
[providers]
[providers.docker]
exposedByDefault = false
[providers.file]
directory = "/etc/traefik/dynamic"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[certificatesResolvers.lets-encrypt.acme]
storage = "/etc/traefik/acme.json"
email = "bla#mydomain.com"
[certificatesResolvers.lets-encrypt.acme.tlsChallenge]
/etc/traefik/dynamic/force-https.toml:
[http.routers]
[http.routers.force-https]
entryPoints = ["http"]
middlewares = ["force-https"]
rule = "HostRegexp(`{any:.+}`)"
service = "noop"
[http.middlewares]
[http.middlewares.force-https.redirectScheme]
scheme = "https"
[http.services]
[http.services.noop.loadBalancer]
I don't see any error in the logs. However I am getting this in the browser:
ea351828037eb97754d6ed00d36a2108.e645b5289e7388055e4ecd78af554f8.traefik.default.
Fehlercode: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
Is there anything I am missing?
I figured it out by myself. I had to add this to the docker-compose file for each service:
traefik.http.routers.fiverr-autocompletion.tls.domains[0].main=app.mydomain.com
The correct docker-compose looks like this then:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$$1"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$$1"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017
/etc/traefik/traefik.toml: