-
Notifications
You must be signed in to change notification settings - Fork 2
/
manager_multiple_stack.yml
106 lines (100 loc) · 3.05 KB
/
manager_multiple_stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
version: '3.8'
networks:
edge:
external: true
web:
external: true
configs:
manager_edge.yml:
external: true
manager_edge_tcp.yml:
external: true
services:
edge:
image: traefik:v3.0
tty: true
ports:
- published: 80
target: 80
mode: host
- published: 443
target: 443
mode: host
networks:
- edge
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
configs:
- source: manager_edge.yml
target: /etc/traefik/traefik.yml
- source: manager_edge_tcp.yml
target: /etc/traefik/traefik_tcp.yml
traefik:
image: traefik:v3.0
tty: true
networks:
- edge
- web
deploy:
replicas: 2
placement:
constraints:
- node.role == manager
update_config:
delay: 10s
labels:
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.http.middlewares.auth.basicauth.users=admin:REPLACE-PASSWORD"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`.*`)"
- "traefik.http.routers.http-catchall.priority=1000"
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
- "certbot.domain=traefik.example.com"
command:
- "--log.level=DEBUG"
- "--api.dashboard=true"
- "--providers.swarm.endpoint=unix:///var/run/docker.sock"
- "--providers.swarm.exposedByDefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
- "--accesslog=true"
- "--accesslog.format=json"
- "--providers.file.filename=/etc/letsencrypt/traefik.yml"
- "--providers.file.watch=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/letsencrypt:/etc/letsencrypt
certbot:
image: brablc/swarm-certbot-traefik
tty: true
networks:
- web
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.http.routers.certbot.entrypoints=web"
- "traefik.http.routers.certbot.rule=PathPrefix(`/.well-known/acme-challenge`)"
- "traefik.http.routers.certbot.priority=1010"
- "traefik.http.services.certbot.loadbalancer.server.port=80"
environment:
LOOP_SLEEP: 60s
CERTBOT_EMAIL: [email protected]
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/letsencrypt:/etc/letsencrypt