infrastructure/ansible/roles/traefik/files/docker-compose.yml
Jake Howard cdaa626068
All checks were successful
/ terraform (push) Successful in 37s
/ ansible (push) Successful in 1m32s
Only expose socket proxy on internal networks
2024-09-09 12:18:09 +01:00

51 lines
1 KiB
YAML

services:
traefik:
image: traefik:v2.11
user: "{{ docker_user.id }}"
environment:
- CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }}
- GANDIV5_API_KEY={{ vault_gandi_api_key }}
volumes:
- ./traefik:/etc/traefik
restart: unless-stopped
ports:
- 80:80
- 443:443
- "{{ private_ip }}:8080:8080"
depends_on:
- docker_proxy
networks:
- default
- traefik
- proxy_private
docker_proxy:
image: lscr.io/linuxserver/socket-proxy:latest
restart: unless-stopped
environment:
- CONTAINERS=1
- INFO=1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- proxy_private
tmpfs:
- /run
logging:
driver: none
certs:
image: slocomptech/traefik-cert-extract:latest
restart: unless-stopped
networks: []
volumes:
- ./traefik:/data:ro
- ./certs:/config/certs
logging:
driver: none
networks:
traefik:
external: true
proxy_private:
internal: true