danielnaranjo · June 2, 2020 01:30 · Oct 13, 2019
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,81 @@
+version: "3.3"
+
+services:
+  reverse-proxy:
+    image: traefik:latest
+    restart: unless-stopped
+    command:
+      - --api
+      - --providers.docker=true
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --providers.docker.exposedbydefault=false
+      #- --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+      - [email protected]
+      - --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
+      - --certificatesresolvers.leresolver.acme.tlschallenge=true
+    ports:
+      - 80:80
+      #- 8080:8080
+      - 443:443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      #- ./traefik.toml:/etc/traefik/traefik.toml
+      - ./letsencrypt:/letsencrypt
+    labels:
+      # Dashboard
+      # Explicitly tell Traefik to expose this container
+      - traefik.enable=true
+      - traefik.http.routers.traefik.rule=Host(`traefik.domain.tld`)
+      - traefik.http.routers.traefik.service=api@internal
+      - traefik.http.routers.traefik.tls.certresolver=leresolver
+      - traefik.http.routers.traefik.entrypoints=websecure
+        # Authentication
+      - traefik.http.routers.traefik.middlewares=traefik-auth
+      - traefik.http.middlewares.traefik-auth.basicauth.users=user:pwd
+
+      # global redirect to https
+      - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
+      - traefik.http.routers.http-catchall.entrypoints=web
+      - traefik.http.routers.http-catchall.middlewares=redirect-to-https
+
+      # middleware redirect
+      - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
+
+      # test redirect to a host outside docker
+      - traefik.http.routers.website_router.rule=Host(`website.domain.tld`)
+      - traefik.http.routers.website_router.entrypoints=websecure
+      - traefik.http.routers.website_router.tls.certresolver=leresolver
+      - traefik.http.routers.website_router.service=sonarr_service
+      - traefik.http.services.website_service.loadbalancer.server.url=http://ip_on_host_network
+      - traefik.http.services.website_service.loadbalancer.server.port=website_port
+
+
+  watchtower:
+    image: containrrr/watchtower
+    environment:
+      - --cleanup=true
+      - --interval=30
+      - --stop-timeout=30
+      - --notifications=slack
+      - --notification-slack-hook-url="https://discordapp.com/api/webhooks/id/id/slack"
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+
+  portainer:
+    image: portainer/portainer
+    restart: unless-stopped
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./portainer_data:/data
+    labels:
+      # Explicitly tell Traefik to expose this container
+      - traefik.enable=true
+      #- traefik.port=9000 (it works without, why is it redirected to this port ?)
+      # Explicitely tell Watchtower to ignore this container
+      #- com.centurylinklabs.watchtower.enable=false
+      - traefik.http.routers.portainer.rule=Host(`portainer.domain.tld`)
+      - traefik.http.routers.portainer.tls.certresolver=leresolver
+      - traefik.http.routers.portainer.entrypoints=websecure