108 lines
2.9 KiB
YAML
108 lines
2.9 KiB
YAML
|
services:
|
||
|
traefik:
|
||
|
image: "traefik:v3.3"
|
||
|
container_name: "traefik"
|
||
|
depends_on:
|
||
|
tracs3:
|
||
|
condition: service_completed_successfully
|
||
|
command:
|
||
|
- "--log.level=info"
|
||
|
- "--log.maxsize=100"
|
||
|
- "--log.maxage=3"
|
||
|
|
||
|
- "--metrics.prometheus=true"
|
||
|
|
||
|
- "--providers.docker=true"
|
||
|
- "--providers.docker.exposedbydefault=false"
|
||
|
|
||
|
- "--entryPoints.web.address=:80"
|
||
|
- "--entryPoints.name.allowACMEByPass=true"
|
||
|
- "--entryPoints.websecure.address=:443"
|
||
|
- "--entryPoints.websecure.http3"
|
||
|
- "--entryPoints.websecure.http.tls=true"
|
||
|
- "--entryPoints.ssh.address=:2222"
|
||
|
- "--entryPoints.sshgitlab.address=:2223"
|
||
|
|
||
|
- "--providers.docker=true"
|
||
|
- "--providers.file.directory=/traefik"
|
||
|
- "--providers.redis.endpoints=${TRAEFIK_KOP_REDIS_ADDR}"
|
||
|
- "--providers.redis.password=${TRAEFIK_KOP_REDIS_PASS}"
|
||
|
ports:
|
||
|
- target: 80
|
||
|
published: 80
|
||
|
protocol: tcp
|
||
|
mode: host
|
||
|
- target: 443
|
||
|
published: 443
|
||
|
protocol: tcp
|
||
|
mode: host
|
||
|
- target: 443
|
||
|
published: 443
|
||
|
protocol: udp
|
||
|
mode: host
|
||
|
- target: 2222
|
||
|
published: 2222
|
||
|
protocol: tcp
|
||
|
mode: host
|
||
|
- target: 2223
|
||
|
published: 2223
|
||
|
protocol: tcp
|
||
|
mode: host
|
||
|
volumes:
|
||
|
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||
|
- "/etc/traefik/sites:/traefik"
|
||
|
- "certificates:/certificates"
|
||
|
networks:
|
||
|
- traefik_internal
|
||
|
|
||
|
epee:
|
||
|
image: "git.gnous.eu/enpls/epee-service:stable"
|
||
|
container_name: "epee"
|
||
|
ports:
|
||
|
- "5900:5900"
|
||
|
networks:
|
||
|
- traefik_internal
|
||
|
|
||
|
tracs3:
|
||
|
image: ghcr.io/outout14/traefik-acme-s3:main
|
||
|
env_file:
|
||
|
- tracs3.env
|
||
|
command:
|
||
|
- "sync"
|
||
|
volumes:
|
||
|
- "/etc/traefik/sites:/configs"
|
||
|
- "certificates:/certificates"
|
||
|
network_mode: "host"
|
||
|
|
||
|
tracs3-certificate-sync:
|
||
|
image: mcuadros/ofelia:latest
|
||
|
restart: always
|
||
|
depends_on:
|
||
|
tracs3:
|
||
|
condition: service_completed_successfully
|
||
|
command: daemon --docker
|
||
|
volumes:
|
||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||
|
labels:
|
||
|
ofelia.job-run.example-key-rotation.schedule: "@every 10m"
|
||
|
ofelia.job-run.example-key-rotation.command: "sh -c 'docker restart traefik-tracs3-1'"
|
||
|
ofelia.job-run.example-key-rotation.image: "docker:cli"
|
||
|
ofelia.job-run.example-key-rotation.volume: "/var/run/docker.sock:/var/run/docker.sock"
|
||
|
environment:
|
||
|
- AWS_REGION=${TRACS_AWS_REGION}
|
||
|
- AWS_DEFAULT_REGION=${TRACS_AWS_REGION}
|
||
|
- AWS_ENDPOINT_URL=${TRACS_S3_ENDPOINT}
|
||
|
- AWS_S3_ENDPOINT=${TRACS_S3_ENDPOINT}
|
||
|
- AWS_S3API_ENDPOINT=${TRACS_S3_ENDPOINT}
|
||
|
|
||
|
- AWS_ACCESS_KEY_ID=${TRACS_S3_ACCESS_KEY_ID}
|
||
|
- AWS_SECRET_ACCESS_KEY=${TRACS_S3_SECRET}
|
||
|
|
||
|
- CLOSET_BUCKET=${TRACS_CLOSET_BUCKET}
|
||
|
- CLOSET_PASSWORD=${TRACS_CLOSET_PASSWORD}
|
||
|
|
||
|
volumes:
|
||
|
certificates:
|
||
|
networks:
|
||
|
traefik_internal:
|
||
|
enable_ipv6: true
|