This repository has been archived on 2023-12-26. You can view files and clone it, but cannot push or open issues or pull requests.
shoarma/ansible/roles/traefik/docker-stack.yml.j2
Pim Kunis 833b1a2b5e collect traefik access logs
remove forgejo access logs
2023-08-25 19:53:36 +02:00

135 lines
4.6 KiB
Django/Jinja

# vi: ft=yaml
version: "3.7"
networks:
traefik:
external: true
configs:
services:
external: true
name: "{{ services.config_name }}"
volumes:
acme:
driver_opts:
type: "nfs"
o: "addr=192.168.30.10,nolock,soft,rw"
device: ":/mnt/data/traefik/acme"
services:
traefik:
image: traefik:3.0.0-beta2
networks:
- traefik
ports:
- mode: host
protocol: tcp
published: 443
target: 443
- mode: host
protocol: tcp
published: 80
target: 80
- mode: host
protocol: tcp
published: 444
target: 444
deploy:
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.dashboard.entrypoints=localsecure
- traefik.http.routers.dashboard.rule=Host(`traefik.kun.is`)
- traefik.http.routers.dashboard.service=api@internal
- traefik.http.services.dashboard.loadbalancer.server.port=8080
- traefik.http.routers.dashboard.tls=true
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
- traefik.docker.network=traefik
- traefik.http.routers.esrom.entrypoints=websecure
- traefik.http.routers.esrom.service=esrom@file
- traefik.http.routers.esrom.rule=Host(`geokunis2.nl`)
- traefik.http.routers.esrom.tls=true
- traefik.http.routers.esrom.tls.certresolver=letsencrypt
- traefik.http.routers.uptime.entrypoints=localsecure
- traefik.http.routers.uptime.rule=Host(`uptime.kun.is`)
- traefik.http.routers.uptime.service=uptime@file
- traefik.http.routers.uptime.tls=true
- traefik.http.routers.uptime.tls.certresolver=letsencrypt
- traefik.http.routers.ntfy.entrypoints=websecure
- traefik.http.routers.ntfy.rule=Host(`ntfy.kun.is`)
- traefik.http.routers.ntfy.service=ntfy@file
- traefik.http.routers.ntfy.tls=true
- traefik.http.routers.ntfy.tls.certresolver=letsencrypt
- traefik.http.routers.apprise.entrypoints=localsecure
- traefik.http.routers.apprise.rule=Host(`apprise.kun.is`)
- traefik.http.routers.apprise.service=apprise@file
- traefik.http.routers.apprise.tls=true
- traefik.http.routers.apprise.tls.certresolver=letsencrypt
- traefik.http.routers.concourse.entrypoints=websecure
- traefik.http.routers.concourse.rule=Host(`ci.kun.is`)
- traefik.http.routers.concourse.service=concourse@file
- traefik.http.routers.concourse.tls=true
- traefik.http.routers.concourse.tls.certresolver=letsencrypt
- traefik.http.routers.discourse.entrypoints=websecure
- traefik.http.routers.discourse.rule=Host(`tuindersweijde.geokunis2.nl`)
- traefik.http.routers.discourse.service=discourse@file
- traefik.http.routers.discourse.tls=true
- traefik.http.routers.discourse.tls.certresolver=letsencrypt
volumes:
- type: bind
source: /var/run/docker.sock
target: /var/run/docker.sock
- type: volume
source: acme
target: /acme
volume:
nocopy: true
configs:
- source: services
target: /etc/traefik/services.yml
command:
- --providers.docker
- --providers.docker.swarmmode
- --providers.docker.watch
- --providers.docker.exposedbydefault=false
- --providers.file.filename=/etc/traefik/services.yml
- --api
- --api.insecure=false
- --api.dashboard=true
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint=true
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --entrypoints.websecure.address=:443
- --entrypoints.localsecure.address=:444
- --certificatesresolvers.letsencrypt.acme=true
- --certificatesresolvers.letsencrypt.acme.email=pim@kunis.nl
- --certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- --serversTransport.insecureSkipVerify=true
- --accesslog=true
- --accesslog.fields.defaultmode=keep
- --accesslog.fields.names.ClientUsername=drop
- --accesslog.fields.headers.defaultmode=keep
- --accesslog.fields.headers.names.User-Agent=keep
- --accesslog.fields.headers.names.Authorization=drop
- --accesslog.fields.headers.names.Content-Type=keep