mirror of
https://github.com/Kugelschieber/marvinblum.git
synced 2026-01-18 14:50:27 +00:00
76 lines
3.1 KiB
YAML
76 lines
3.1 KiB
YAML
version: "3"
|
|
|
|
services:
|
|
traefik:
|
|
image: "traefik:v2.3"
|
|
container_name: traefik
|
|
restart: always
|
|
networks:
|
|
- traefik-internal
|
|
command:
|
|
- "--api.dashboard=true"
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
- "--providers.docker.network=marvinblum_traefik-internal"
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--certificatesresolvers.tls-resolver.acme.httpchallenge=true"
|
|
- "--certificatesresolvers.tls-resolver.acme.httpchallenge.entrypoint=web"
|
|
- "--certificatesresolvers.tls-resolver.acme.email=marvin@marvinblum.de"
|
|
- "--certificatesresolvers.tls-resolver.acme.storage=/letsencrypt/acme.json"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
- "8080:8080"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- /root/marvinblum/letsencrypt:/letsencrypt
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.port=9999"
|
|
- "traefik.http.routers.traefik.entrypoints=websecure"
|
|
- "traefik.http.routers.traefik.rule=Host(`traefik.marvinblum.de`)"
|
|
- "traefik.http.routers.traefik.service=api@internal"
|
|
- "traefik.http.routers.traefik.tls.certresolver=tls-resolver"
|
|
- "traefik.http.routers.traefik.middlewares=traefik-auth"
|
|
- "traefik.http.middlewares.traefik-auth.basicauth.users=marvinblum:$$apr1$$u.IJozER$$DoY0zwzgAciDpPs4vZvxY/"
|
|
# Global redirection: http to https
|
|
- 'traefik.http.routers.http-catchall.rule=HostRegexp(`{host:(www\.)?.+}`)'
|
|
- "traefik.http.routers.http-catchall.entrypoints=web"
|
|
- "traefik.http.routers.http-catchall.middlewares=wwwtohttps"
|
|
# Global redirection: https (www.) to https
|
|
- 'traefik.http.routers.wwwsecure-catchall.rule=HostRegexp(`{host:(www\.).+}`)'
|
|
- "traefik.http.routers.wwwsecure-catchall.entrypoints=websecure"
|
|
- "traefik.http.routers.wwwsecure-catchall.tls=true"
|
|
- "traefik.http.routers.wwwsecure-catchall.middlewares=wwwtohttps"
|
|
# middleware: http(s)://(www.) to https://
|
|
- 'traefik.http.middlewares.wwwtohttps.redirectregex.regex=^https?://(?:www\.)?(.+)'
|
|
- 'traefik.http.middlewares.wwwtohttps.redirectregex.replacement=https://$${1}'
|
|
- 'traefik.http.middlewares.wwwtohttps.redirectregex.permanent=true'
|
|
marvinblum:
|
|
image: kugel/marvinblum
|
|
container_name: marvinblum
|
|
restart: always
|
|
depends_on:
|
|
- traefik
|
|
networks:
|
|
- traefik-internal
|
|
env_file:
|
|
- secrets.env
|
|
environment:
|
|
MB_EMVI_CLIENT_ID: 3fBBn144yvSF9R3dPC8l
|
|
MB_EMVI_ORGA: marvin
|
|
MB_PIRSCH_CLIENT_ID: mkiAzI2ZGjGBv8fpwh1A09fCJ8G1YFgx
|
|
MB_PIRSCH_HOSTNAME: marvinblum.de
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.port=8888"
|
|
- "traefik.http.routers.marvinblum.rule=Host(`marvinblum.de`) || Host(`www.marvinblum.de`)"
|
|
- "traefik.http.routers.marvinblum.entrypoints=websecure"
|
|
- "traefik.http.routers.marvinblum.tls=true"
|
|
- "traefik.http.routers.marvinblum.tls.certresolver=tls-resolver"
|
|
|
|
networks:
|
|
traefik-internal:
|
|
driver: bridge
|