Traefik

docker network create -d traefik-proxy

name: traefik
services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    restart: unless-stopped
    logging:
     driver: "json-file"
     options:
        max-size: 10m
        max-file: "5"
    command:
      - "--accesslog=true"
      - "--api.insecure=true"
     # Letsencrypt cert against cloudflare
      - "--certificatesresolvers.letsencrypt.acme.email=<[email protected]>"
      - "--certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json"
      - "--certificatesresolvers.letsencrypt.acme.dnsChallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.propagation.delayBeforeChecks=10"
      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
      - "--entrypoints.websecure.http.tls.domains[0].main=domain.com"
      - "--entrypoints.websecure.http.tls.domains[0].sans=*.domain.com"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # Entrypoints
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
     # Global redirect of http to https
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
     # For dynamic configuratin files
      - "--providers.file.directory=/configuration"
      - "--providers.file.watch=true"
    ports:
      - "80:80"
      - "443:443"
      # 8080 is default port for the traefik dashboard - rev proxied below so no exposing is neccesary
      #- "8080:8080"
    volumes:
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
      - 'traefik-configurations:/configuration'
      - 'acme:/acme'
    environment:
    # create a .env file for api keys
      - "CLOUDFLARE_EMAIL=${CLOUDFLARE_TOKEN}"
      - "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_TOKEN}"
      - TZ=Europe/Stockholm
    networks:
      - traefik-proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-dashboard.rule=Host(`dashboard.domain.com`)"
      - "traefik.http.routers.traefik-dashboard.entrypoints=websecure"
      - "traefik.http.routers.traefik-dashboard.tls=true"
      - "traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080"
      - "traefik.http.routers.traefik-dashboard.tls.certresolver=letsencrypt"
volumes:
  traefik-configurations:
  acme:
networks:
  traefik-proxy:
    external: true