I have two devices running Docker; an Intel NUC and a Raspberry Pi. My NUC is used as a mediaplayer/mediaserver. This also is the manager node. The Pi is being used as Home Assistant and MQTT machine and is set as worker node. I wanted to add them to a swarm so I could use Traefik for reverse proxy and HTTPS on both machines.
NUC:
1 docker-compose file for Traefik, Consul and Portainer.
1 docker-compose file for my media apps (Sabnzbd, Transmission-vpn, Sonarr, Radarr etc).
Pi:
1 docker-compose file for Home Assistant, MQTT etc.
Traefik and Portainer are up and running. I got them setup with `docker stack deploy`. Next I tried to setup my media apps, but they don't need to be connected with the Pi so I tried `docker compose`. Portainer shows the apps are running, but when I go to their subdomain Traefik returns 404 page not found. This makes me conclude that apps running outside the swarm, but connected to Traefik don't work. They also don't show up in the Traefik dashboard.
docker-compose.traefik.yml - 'docker stack deploy'
version: '3.7'
networks:
traefik_proxy:
external: true
agent-network:
attachable: true
volumes:
consul-data-leader:
consul-data-replica:
portainer-data:
services:
consul-leader:
image: consul
command: agent -server -client=0.0.0.0 -bootstrap -ui
volumes:
- consul-data-leader:/consul/data
environment:
- CONSUL_BIND_INTERFACE=eth0
- 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
networks:
- traefik_proxy
deploy:
labels:
- traefik.frontend.rule=Host:consul.${DOMAINNAME?Variable DOMAINNAME not set}
- traefik.enable=true
- traefik.port=8500
- traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public}
- traefik.docker.network=traefik_proxy
- traefik.frontend.entryPoints=http,https
- traefik.frontend.redirect.entryPoint=https
- traefik.frontend.auth.forward.address=http://oauth:4181
- traefik.frontend.auth.forward.authResponseHeaders=X-Forwarded-User
- traefik.frontend.auth.forward.trustForwardHeader=true
consul-replica:
image: consul
command: agent -server -client=0.0.0.0 -retry-join="consul-leader"
volumes:
- consul-data-replica:/consul/data
environment:
- CONSUL_BIND_INTERFACE=eth0
- 'CONSUL_LOCAL_CONFIG={"leave_on_terminate": true}'
networks:
- traefik_proxy
deploy:
replicas: ${CONSUL_REPLICAS:-3}
placement:
preferences:
- spread: node.id
traefik:
image: traefik:v1.7
hostname: traefik
restart: always
networks:
- traefik_proxy
ports:
- target: 80
published: 80
- target: 443
published: 443
- target: 8080
published: 8145
deploy:
replicas: ${TRAEFIK_REPLICAS:-3}
placement:
constraints:
- node.role == manager
preferences:
- spread: node.id
labels:
traefik.enable: 'true'
traefik.backend: traefik
traefik.protocol: http
traefik.port: 8080
traefik.tags: traefik-public
traefik.frontend.rule: Host:traefik.${DOMAINNAME}
traefik.frontend.headers.SSLHost: traefik.${DOMAINNAME}
traefik.docker.network: traefik_proxy
traefik.frontend.passHostHeader: 'true'
traefik.frontend.headers.SSLForceHost: 'true'
traefik.frontend.headers.SSLRedirect: 'true'
traefik.frontend.headers.browserXSSFilter: 'true'
traefik.frontend.headers.contentTypeNosniff: 'true'
traefik.frontend.headers.forceSTSHeader: 'true'
traefik.frontend.headers.STSSeconds: 315360000
traefik.frontend.headers.STSIncludeSubdomains: 'true'
traefik.frontend.headers.STSPreload: 'true'
traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
traefik.frontend.headers.customFrameOptionsValue: 'allow-from https:${DOMAINNAME}'
traefik.frontend.auth.forward.address: 'http://oauth:4181'
traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User
traefik.frontend.auth.forward.trustForwardHeader: 'true'
domainname: ${DOMAINNAME}
dns:
- 1.1.1.1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${USERDIR}/docker/traefik:/etc/traefik
- ${USERDIR}/docker/shared:/shared
environment:
CF_API_EMAIL: ${CLOUDFLARE_EMAIL}
CF_API_KEY: ${CLOUDFLARE_API_KEY}
command:
#- "storeconfig" #This is the push to consul, secondary traefik must be created and interfaced to this traefik. Remove this traefik's open ports, it shuts down once consul is messaged.
- '--logLevel=INFO'
- '--InsecureSkipVerify=true' #for unifi controller to not throw internal server error message
- '--api'
- '--api.entrypoint=apiport'
- '--defaultentrypoints=http,https'
- '--entrypoints=Name:http Address::80 Redirect.EntryPoint:https'
- '--entrypoints=Name:https Address::443 TLS TLS.SniStrict:true TLS.MinVersion:VersionTLS12 CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256'
- '--entrypoints=Name:apiport Address::8080'
- '--file'
- '--file.directory=/etc/traefik/rules/'
- '--file.watch=true'
- '--acme'
- '--acme.storage=/etc/traefik/acme/acme.json'
- '--acme.entryPoint=https'
# not yet ready?
# - "--acme.TLS-ALPN-01=true"
- '--acme.dnsChallenge=true'
- '--acme.dnsChallenge.provider=cloudflare'
- '--acme.dnsChallenge.delayBeforeCheck=60'
- '--acme.dnsChallenge.resolvers=1.1.1.1,1.0.0.1'
- '--acme.onHostRule=true'
- '--acme.email=admin#${DOMAINNAME}'
- '--acme.acmeLogging=true'
- '--acme.domains=${DOMAINNAME},*.${DOMAINNAME},'
- '--acme.KeyType=RSA4096'
#Let's Encrypt's staging server,
#caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
- '--docker'
- '--docker.swarmMode'
- '--docker.domain=${DOMAINNAME}'
- '--docker.watch'
- '--docker.exposedbydefault=false'
#- "--consul"
#- "--consul.endpoint=consul:8500"
#- "--consul.prefix=traefik"
- '--retry'
- 'resolvers=[192,168.1.1:53,1.1.1.1:53,]'
depends_on:
- consul-leader
docker-compose.media.yml - 'docker compose'
sabnzbd:
image: linuxserver/sabnzbd
container_name: sabnzbd
restart: always
network_mode: service:transmission-vpn
# depends_on:
# - transmission-vpn
# ports:
# - '${SABNZBD_PORT}:8080'
volumes:
- ${USERDIR}/docker/sabnzbd:/config
- /media/Data/Downloads:/Downloads
# - ${USERDIR}/Downloads/incomplete:/incomplete-downloads
environment:
PUID: ${PUID}
PGID: ${PGID}
TZ: ${TZ}
UMASK_SET: 002
deploy:
replicas: 1
labels:
traefik.enable: 'true'
traefik.backend: sabnzbd
traefik.protocol: http
traefik.port: 8080
traefik.tags: traefik_proxy
traefik.frontend.rule: Host:sabnzbd.${DOMAINNAME}
# traefik.frontend.rule: Host:${DOMAINNAME}; PathPrefix: /sabnzbd
traefik.frontend.headers.SSLHost: sabnzbd.${DOMAINNAME}
traefik.docker.network: traefik_proxy
traefik.frontend.passHostHeader: 'true'
traefik.frontend.headers.SSLForceHost: 'true'
traefik.frontend.headers.SSLRedirect: 'true'
traefik.frontend.headers.browserXSSFilter: 'true'
traefik.frontend.headers.contentTypeNosniff: 'true'
traefik.frontend.headers.forceSTSHeader: 'true'
traefik.frontend.headers.STSSeconds: 315360000
traefik.frontend.headers.STSIncludeSubdomains: 'true'
traefik.frontend.headers.STSPreload: 'true'
traefik.frontend.headers.customResponseHeaders: X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex
# traefik.frontend.headers.frameDeny: "true" #customFrameOptionsValue overrides this
traefik.frontend.headers.customFrameOptionsValue: 'allow-from https:${DOMAINNAME}'
traefik.frontend.auth.forward.address: 'http://oauth:4181'
traefik.frontend.auth.forward.authResponseHeaders: X-Forwarded-User
traefik.frontend.auth.forward.trustForwardHeader: 'true'
I already tried multiple things like removing the deploy command and just using labels etc but that didn't help at all. My Traefik logs also don't show anything that might be saying what's going wrong.
Are you running de .env file to set the environment variables? Because the feature .env is not currently supported by docker stack. You must source manually the .env running export $(cat .env) before running docker stack.
Related
I have an environment running docker containers.
This environment hosts Traefik, Nextcloud, MotionEye and Heimdall.
I also have another environment running CoreDNS in a docker container.
For some reason, I can get MotionEye to be accessible from motioneye.docker.swarm (changed the domain in here for privacy).
However, for nextcloud and Heimdall, I have to explicitly access the ports and I'm struggling to tell why.
e.g. Heimdall is gateway.docker.swarm:8091 when should be gateway.docker.swarm
When a user requests a webpage onto the local dns server X.X.X.117 it gets routed through to the traefik instance on X.X.X.106.
My traefik compose file is as follows:
version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.3
restart: always
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker
ports:
# The HTTP port
- "80:80"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.port=8080"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik.docker.swarm"
- "traefik.docker.network=traefik_default"
My Heimdall compose is as follows:
version: "3"
services:
heimdall:
image: ghcr.io/linuxserver/heimdall
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- /home/pi/heimdall/config:/config
ports:
- 8091:80
restart: unless-stopped
networks:
- heimdall
labels:
- "traefik.enable=true"
- "traefik.port=8091"
- "traefik.http.routers.heimdall.entrypoints=http"
- "traefik.http.routers.heimdall.rule=Host(`gateway.docker.swarm`)"
networks:
heimdall:
external:
name: heimdall
Can anyone see what I'm doing wrong here?
When you access through gateway.docker.swarm:8091 it works because you are accessing the heimdall container directly. This is possible because you defined
ports:
- 8091:80
in your docker-compose.
In order to access through traefik they must be on the same network. Also, remove the port mapping if you like this container to be only accessible through traefik. And finally correct the traefik port accordingly.
version: "3"
services:
heimdall:
image: ghcr.io/linuxserver/heimdall
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/London
volumes:
- /home/pi/heimdall/config:/config
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.http.routers.heimdall.entrypoints=http"
- "traefik.http.routers.heimdall.rule=Host(`gateway.docker.swarm`)"
I have a setup of 1 master and 2 worker nodes running docker swarm. I deployed Traefik + Consul using the setup below:
version: '3.3'
services:
consul-leader:
image: consul:latest
command:
- agent
- -server
- -client=0.0.0.0
- -bootstrap
- -ui
environment:
CONSUL_BIND_INTERFACE: eth0
CONSUL_LOCAL_CONFIG: '{"leave_on_terminate": true}'
volumes:
- consul-data-leader:/consul/data
networks:
- default
- traefik-public
logging:
driver: json-file
deploy:
labels:
traefik.tags: traefik-public
traefik.redirectorservice.frontend.redirect.entryPoint: https
traefik.webservice.frontend.entryPoints: https
traefik.redirectorservice.frontend.entryPoints: http
traefik.docker.network: traefik-public
traefik.enable: 'true'
traefik.frontend.auth.basic.users: admin:$apr1$lKAo73kT$xlahD.KLANH8ZbMaDXDsC.
traefik.port: '8500'
traefik.frontend.rule: Host:consul.live.mydomain.app
consul-replica:
image: consul:latest
command:
- agent
- -server
- -client=0.0.0.0
- -retry-join=consul-leader
environment:
CONSUL_BIND_INTERFACE: eth0
CONSUL_LOCAL_CONFIG: '{"leave_on_terminate": true}'
volumes:
- consul-data-replica:/consul/data
networks:
- default
- traefik-public
logging:
driver: json-file
deploy:
replicas: 3
traefik:
image: traefik:v1.7
command:
- --docker
- --docker.swarmmode
- --docker.watch
- --docker.exposedbydefault=false
- --constraints=tag==traefik-public
- --entrypoints=Name:http Address::80
- --entrypoints=Name:https Address::443 TLS
- --consul
- --consul.endpoint=consul-leader:8500
- --acme
- --acme.email=me.me#me.com
- --acme.storage=traefik/acme/account
- --acme.entryPoint=https
- --acme.httpChallenge.entryPoint=http
- --acme.onhostrule=true
- --acme.acmelogging=true
- --logLevel=INFO
- --accessLog
- --api
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- default
- traefik-public
logging:
driver: json-file
deploy:
replicas: 3
labels:
traefik.tags: traefik-public
traefik.redirectorservice.frontend.redirect.entryPoint: https
traefik.webservice.frontend.entryPoints: https
traefik.redirectorservice.frontend.entryPoints: http
traefik.docker.network: traefik-public
traefik.enable: 'true'
traefik.frontend.auth.basic.users: admin:$apr1$lKAo73kT$xlahD.KLANH8ZbMaDXDsC.
traefik.port: '8080'
traefik.frontend.rule: Host:traefik.live.mydomain.app
placement:
constraints:
- node.role == manager
networks:
default:
driver: overlay
traefik-public:
external: true
volumes:
consul-data-replica:
driver: local
When I deploy a service or stack in GLOBAL mode, everything seems to work fine. However, when I try to deploy stack using replicated mode, SSL certificate is not generated and Traefik is using TRAEFIK DEFAULT CERT instead. Can anyone tell me what I'm doing wrong ?
I am using Traefik v2 with Docker Swarm. I want to achieve the following routing:
mydomain.com:9000 -> Traefik dashboard
mydomain.com:5000 -> my application
docker-compose-traefik.yml
version: "3.7"
services:
traefik:
image: "traefik:v2.0"
networks:
- traefik-net
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:5000"
ports:
- "80:80"
- "9000:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
traefik-net:
external:
name: traefik-net
docker-compose-whoami.yml
version: "3.7"
services:
whoami:
image: "jwilder/whoami"
networks:
- traefik-net
deploy:
replicas: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=web"
- "traefik.http.services.whoami.loadbalancer.server.port=8000"
networks:
traefik-net:
external:
name: traefik-net
jwilder/whoami exposes port 8000 in its Dockerfile. I want to redirect port 5000 (my entrypoint defined in docker-compose-traefik.yml) to port 8000 in container.
I created network traefik-net with: docker network create -d bridge traefik-net.
I deployed both stacks with:
docker-stack deploy -c docker-compose-traefik.yml Traefik
docker-stack deploy -c docker-compose-whoami.yml Whoami
When I visit mydomain.com:9000 it opens Traefik dashboard as it should. When I visit mydomain.com:5000 it says that "This site can’t be reached".
My question is: How to redirect request to port 5000 (mydomain.com:5000) to port 8000 inside whoami container?
For anyone else having similar problems, I found a solution. I needed to change ports section in docker-compose-traefik.yml from
ports:
- "80:80"
- "9000:8080"
to
ports:
- "80:80"
- "9000:8080"
- "5000:5000" <-- add this
Hope this helps someone. :)
How to setup login credentials for kibana gui with docker elk stack containers.
What arguments and environmental variables must be passed in docker-compose.yaml file to get this working.
For setting kibana user credentials for docker elk stack, we have to set xpack.security.enabled: true either in elasticsearch.yml or pass this as a environment variable in docker-compose.yml file.
Pass username & password as environment variable in docker-compose.yml like below:
version: '3.3'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:6.6.1
ports:
- "9200:9200"
- "9300:9300"
configs:
- source: elastic_config
target: /usr/share/elasticsearch/config/elasticsearch.yml
environment:
ES_JAVA_OPTS: "-Xmx256m -Xms256m"
ELASTIC_USERNAME: "elastic"
ELASTIC_PASSWORD: "MyPw123"
http.cors.enabled: "true"
http.cors.allow-origin: "*"
xpack.security.enabled: "true"
networks:
- elk
deploy:
mode: replicated
replicas: 1
logstash:
image: docker.elastic.co/logstash/logstash:6.6.1
ports:
- "5044:5044"
- "9600:9600"
configs:
- source: logstash_config
target: /usr/share/logstash/config/logstash.yml:rw
- source: logstash_pipeline
target: /usr/share/logstash/pipeline/logstash.conf
environment:
LS_JAVA_OPTS: "-Xmx256m -Xms256m"
xpack.monitoring.elasticsearch.url: "elasticsearch:9200"
xpack.monitoring.elasticsearch.username: "elastic"
xpack.monitoring.elasticsearch.password: "MyPw123"
networks:
- elk
deploy:
mode: replicated
replicas: 1
kibana:
image: docker.elastic.co/kibana/kibana:6.6.1
ports:
- "5601:5601"
configs:
- source: kibana_config
target: /usr/share/kibana/config/kibana.yml
networks:
- elk
deploy:
mode: replicated
replicas: 1
configs:
elastic_config:
file: ./elasticsearch/config/elasticsearch.yml
logstash_config:
file: ./logstash/config/logstash.yml
logstash_pipeline:
file: ./logstash/pipeline/logstash.conf
kibana_config:
file: ./kibana/config/kibana.yml
networks:
elk:
driver: overlay
Then add this following lines to kibana.yml:
elasticsearch.username: "elastic"
elasticsearch.password: "MyPw123"
Did not managed to get it working without adding XPACK_MONITORING & SECURITY flags to kibana's container and there was no need for a config file
However I was not able to use kibana user, even after logging in with elastic user and changing kibana's password through the UI.
NOTE: looks like you can't setup default built-in users other than elastic superuser in docker-compose through it's environment. I've tried several times with kibana and kibana_system to no success.
version: "3.7"
services:
elasticsearch:
image: elasticsearch:7.4.0
restart: always
ports:
- 9200:9200
environment:
- discovery.type=single-node
- xpack.security.enabled=true
- ELASTIC_PASSWORD=123456
kibana:
image: kibana:7.4.0
restart: always
ports:
- 5601:5601
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
- XPACK_MONITORING_ENABLED=true
- XPACK_MONITORING_COLLECTION_ENABLED=true
- XPACK_SECURITY_ENABLED=true
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD="123456"
depends_on:
- elasticsearch
SOURCE
NOTE: looks like this won't work with 8.5.3, Kibana won't accept superuser elastic.
Update
I was able to setup 8.5.3 but with a couple twists. I would build the whole environment, then in elastic's container run the setup-passwords auto
bin/elasticsearch-setup-passwords auto
Grab the auto generated password for kibana_system user and replace it in docker-compose then restart only kibana's container
Kibana 8.5.3 with environment variables:
kibana:
image: kibana:8.5.3
restart: always
ports:
- 5601:5601
environment:
- ELASTICSEARCH_USERNAME="kibana_system"
- ELASTICSEARCH_PASSWORD="sVUurmsWYEwnliUxp3pX"
Restart kibana's container:
docker-compose up -d --build --force-recreate --no-deps kibana
NOTE: make sure to use --no-deps flag otherwise it will restart elastic container if tagged to kibana's
I'm first time Traefik user and I successfully configured this docker compose setup for Jira with Traefik and Let's Encrypt Cert.
My problem is that Jira must be able to connect to his self. Their are some Jira Services like Gadgets that loads it's data via JavaScript from via his own address over http. This typ of service does not work for me. Their is a support documents that describes this problems and also shows solutions for this. But I don't know how to setup this up correctly with Traefik/Docker. https://confluence.atlassian.com/jirakb/how-to-fix-gadget-titles-showing-as-__msg_gadget-813697086.html
Your help would be great. Thanks a lot!
version: '3'
services:
reverse-proxy:
image: traefik # The official Traefik docker image
command: --docker # Enables the web UI and tells Traefik to listen to docker --api
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
- "8081:8080" # The Web UI (enabled by --api)
hostname: traefik
restart: unless-stopped
domainname: ${DOMAINNAME}
networks:
- frontend
- backend
labels:
- "traefik.enable=false"
- "traefik.frontend.rule=Host:traefik.${DOMAINNAME}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- /etc/compose/traefik:/etc/traefik
- /etc/compose/shared:/shared
jira:
image: dchevell/jira-software:${JIRAVERSION}
ports:
- 8080:8080
networks:
- backend
restart: unless-stopped
volumes:
- /data/files/jira/data:/var/atlassian/application-data/jira
environment:
- JVM_MAXIMUM_MEMORY=2048m
- JVM_MINIMUM_MEMORY=768m
- CATALINA_CONNECTOR_PROXYNAME=jira.${DOMAINNAME}
- CATALINA_CONNECTOR_PROXYPORT=443
- CATALINA_CONNECTOR_SCHEME=https
- CATALINA_CONNECTOR_SECURE=true
depends_on:
- jira-postgresql
links:
- "jira-postgresql:database"
labels:
- "traefik.enable=true"
- "traefik.backend=jira"
- "traefik.frontend.rule=Host:jira.${DOMAINNAME}"
- "traefik.port=8080"
jira-postgresql:
image: postgres:9.6.11-alpine
networks:
- backend
ports:
- 5432:5432
restart: unless-stopped
volumes:
- /data/index/postgresql/data/:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=jira
- POSTGRES_USER=jira
- POSTGRES_DB=jira
labels:
- "traefik.enable=false"
# Portainer
portainer:
image: portainer/portainer
container_name: portainer
restart: always
ports:
- 9000:9000
command: -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./etc-portainer/data:/data
environment:
TZ: ${TZ}
labels:
- "traefik.enable=false"
networks:
frontend:
external:
name: frontend
backend:
driver: bridge
Configuration I got working with apps over secure - not super intuitive, but it looks like it accepts redirects secure traffic properly. I've got mine using acme on godaddy for certs, and it appears to be functioning properly over https with a forced recirect:
Forced redirect for reference:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
And the dockerfile that I made to get things deployed properly:
version: '3'
services:
jira:
image: dchevell/jira-software:8.1.0
deploy:
restart_policy:
condition: on-failure
labels:
- traefik.frontend.rule=Host:jira.mydomain.com
- traefik.enable=true
- traefik.port=8080
ports:
- "8080"
networks:
- traefik-pub
- jiranet
environment:
- CATALINA_CONNECTOR_PROXYNAME=jira.mydomain.com
- CATALINA_CONNECTOR_PROXYPORT=443
- CATALINA_CONNECTOR_SCHEME=https
- CATALINA_CONNECTOR_SECURE=true
jira-postgresql:
image: postgres:11.2-alpine
networks:
- jiranet
ports:
- "5432"
volumes:
- jira-postgres-data:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=supersecret
- POSTGRES_USER=secret_user
- POSTGRES_DB=jira_db
labels:
- "traefik.enable=false"
volumes:
jira-postgres-data:
networks:
traefik-pub:
external: true
jiranet:
driver: overlay
This still required manual configuration of the database - I may one day take the time to build my own jira dockerfile that accepts the database config already, but with this one working, I don't see much point in pre-configuring the database connection when it's 20 seconds of extra work vs. rebuilding a dockerfile that I haven't written myself.