docker: update traefik reverse proxy dockerfile

2026-01-09 16:57:40 +02:00
parent cf23ad5a4f
commit 10f72b8b59
6 changed files with 53 additions and 79 deletions
--- a/docker/traefik/traefik.yaml
+++ b/docker/traefik/traefik.yaml
@@ -0,0 +1,73 @@
+networks:
+  t3_proxy:
+    name: t3_proxy
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 192.168.90.0/24
+
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:3.6.6
+    restart: unless-stopped
+    env_file:
+      - ./.env
+    networks:
+      t3_proxy:
+        ipv4_address: 192.168.90.254
+    command:
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.traefik.address=:8080
+      - --entrypoints.websecure.http.tls=true
+      # The following two options redirects http request at port 80 to https
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+      - --api=true
+      - --api.dashboard=true
+      # - --api.insecure=true
+      - --log=true
+      - --log.filePath=/logs/traefik.log
+      - --log.level=DEBUG
+      - --accessLog=true
+      - --accessLog.filePath=/logs/access.log
+      - --accessLog.bufferingSize=100
+      - --accessLog.filters.statusCodes=204-299,400-499,500-599
+      - --providers.docker=true
+      - --providers.docker.network=t3_proxy
+      - --entrypoints.websecure.http.tls.options=tls-opts@file
+      - --entrypoints.websecure.http.tls.certresolver=dns-cloudflare
+      - --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME
+      - --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME
+      - --providers.file.directory=/rules
+      - --providers.file.watch=true
+      - --certificatesresolvers.dns-cloudflare.acme.email=${CLOUDFLARE_EMAIL}
+      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
+      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
+      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
+    ports:
+      # - 80:80
+      - 443:443
+      - 8080:8080
+    volumes:
+      - ./traefik-rules.yaml:/rules/traefik-rules.yaml
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - $DOCKERDIR/appdata/traefik/acme/acme.json:/acme.json
+      - $DOCKERDIR/logs/traefik:/logs
+    environment:
+      - PUID=${PUID}
+      - PGID=${PGID}
+      - TZ=$TZ
+      - CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN}
+      - DOMAINNAME=${DOMAINNAME}
+      - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.api.entrypoints=websecure"
+      - "traefik.http.routers.api.rule=Host(`traefik.${DOMAINNAME}`)"
+      - "traefik.http.routers.api.service=api@internal"
+        # Middlewares
+      - "traefik.http.routers.api.middlewares=middlewares-rate-limit@file,middlewares-secure-headers@file"