services: traefik: image: traefik:v3.6 container_name: traefik command: - "--api.dashboard=true" - "--api.insecure=false" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" # - "--entrypoints.https.address=:443" # Entrypoints - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.mqtt-secure.address=:8883" # Global HTTP -> HTTPS Redirection - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" # Certificates Resolution (Let's Encrypt) - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myresolver.acme.email=olivia@quangkhai.ch" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.myresolver.acme.tlschallenge=true" ports: - "80:80" - "443:443" - "8080:8080" # Traefik Dashboard - "8883:8883" # MQTT TLS volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./letsencrypt:/letsencrypt networks: - proxy_tier restart: unless-stopped healthcheck: test: ["CMD", "traefik", "healthcheck", "--ping"] interval: 30s timeout: 10s retries: 3 start_period: 5s resources: limits: cpus: '2' memory: 512M reservations: cpus: '1' memory: 256M labels: # THE MIDDLEWARE DEFINITION - "traefik.http.middlewares.authelia-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.quangkhai.ch/" - "traefik.http.middlewares.authelia-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.authelia-auth.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email" networks: proxy_tier: name: proxy_tier external: true