observability/traefik/compose.yml

version: '3.8'

networks:
  web_net:
    external: true

volumes:
  traefik-acme:
    name: traefik-acme

services:
  traefik:
    image: traefik:v2.10.4
    restart: always
    container_name: traefik
    command:
      - "--log.level=ERROR"
      - "--log.filepath=/log-file.log"
      - "--log.format=json"
      - "--api=true"
      - "--ping=true"
      - "--accesslog=true"
      - "--accesslog.fields.names.StartUTC=drop"
      - "--accesslog.bufferingsize=250"
      - "--api.insecure=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=web_net"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      - "--metrics.prometheus=true"
      - "--entryPoints.metrics.address=:8082"
      - "--metrics.prometheus.entryPoint=metrics"
      - "--certificatesresolvers.mycert.acme.email=${ACME_EMAIL}"
      - "--certificatesresolvers.mycert.acme.storage=/acme/acme.json"
      - "--certificatesresolvers.mycert.acme.tlschallenge=true"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - traefik-acme:/acme
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=web_net"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`${SUB}.${DOMAIN_ADDR}`)"
      - "traefik.http.middlewares.web-auth.basicauth.users=${WEB_AUTH_USER}:${WEB_AUTH_PASS}"
      - "traefik.http.routers.traefik.middlewares=https-redirect"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`${SUB}.${DOMAIN_ADDR}`)"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.options=default"
      - "traefik.http.routers.traefik-secure.middlewares=web-auth"
      - "traefik.http.routers.traefik-secure.tls.certresolver=mycert"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
    networks:
      - web_net