# bare secure mode: no https, no basic auth version: '3.8' services: reverse_proxy: image: traefik:v2.6 command: # - "--log.level=DEBUG" # Enable Docker in Traefik, so that it reads labels from Docker services - "--providers.docker" # Do not expose all Docker services, only the ones explicitly exposed - "--providers.docker.exposedbydefault=false" # Set default Docker network used - "--providers.docker.network=traefik-public" # Enable Docker Swarm mode - "--providers.docker.swarmmode" # Create an entrypoint "http" listening on port 80 - "--entrypoints.web.address=:80" # Create an entrypoint "https" listening on port 443 - "--entrypoints.websecure.address=:443" # Enable the access log, with HTTP requests - "--accesslog" # Enable the Traefik log, for configurations and errors - "--log" # Enable the Dashboard and API - "--api.dashboard=true" ports: - "80:80" - "443:443" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock # Since the Swarm API is only exposed on the manager nodes, these are the nodes that Traefik should be scheduled on by deploying Traefik with a constraint on the node "role": deploy: placement: constraints: - node.role == manager labels: # Enable Traefik for this service, to make it available in the public network - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" - "traefik.http.routers.dashboard.entrypoints=web" - "traefik.http.routers.dashboard.service=api@internal" # Dummy service for Swarm port detection. The port can be any valid integer value. - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999" networks: # Use the public network created to be shared between Traefik and # any other service that needs to be publicly available with HTTPS - traefik-public networks: # services that need to be publicly available via this Traefik traefik-public: external: true