68 lines
2.0 KiB
YAML
68 lines
2.0 KiB
YAML
services:
|
|
traefik:
|
|
image: traefik:v3.6.4
|
|
container_name: traefik
|
|
restart: unless-stopped
|
|
#env_file: [./.env]
|
|
#env_file:
|
|
#- /srv/traefik/secrets/cloudflare.env
|
|
environment:
|
|
- DOMAIN_BASE=${DOMAIN_BASE}
|
|
#- CF_API_TOKEN=${CF_API_TOKEN} CLOUDFLARE_DNS_API_TOKEN
|
|
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
|
|
- TRAEFIK_DASHBOARD_USER=${TRAEFIK_DASHBOARD_USER}
|
|
- TRAEFIK_DASHBOARD_PASS=${TRAEFIK_DASHBOARD_PASS}
|
|
command:
|
|
- --entrypoints.web.address=:80
|
|
- --entrypoints.websecure.address=:443
|
|
- --providers.docker=true
|
|
- --providers.docker.exposedbydefault=false
|
|
- --providers.file.directory=/etc/traefik/dynamic
|
|
- --providers.file.watch=true
|
|
- --api.dashboard=true
|
|
- --ping
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./static/traefik.yml:/traefik.yml:ro
|
|
- ./dynamic:/etc/traefik/dynamic:rw
|
|
# - /srv/traefik/acme.json:/letsencrypt/acme.json
|
|
- /srv/traefik/:/letsencrypt/
|
|
security_opt: [ "no-new-privileges:true" ]
|
|
read_only: true
|
|
tmpfs: [ "/tmp" ]
|
|
healthcheck:
|
|
test: ["CMD", "traefik", "healthcheck", "--ping"]
|
|
interval: 10s
|
|
timeout: 3s
|
|
retries: 3
|
|
logging:
|
|
options: { max-size: "10m", max-file: "3" }
|
|
networks:
|
|
- proxy
|
|
|
|
cloudflared:
|
|
image: cloudflare/cloudflared:2025.11.1
|
|
restart: unless-stopped
|
|
# env_file:
|
|
# - /srv/traefik/secrets/cloudflared.env # bevat TUNNEL_TOKEN
|
|
command: ["tunnel","run"] # géén token in command
|
|
# user: "65532:65532" # non-root (optioneel)
|
|
environment:
|
|
- TUNNEL_TOKEN=${TUNNEL_TOKEN}
|
|
- TUNNEL_TRANSPORT_PROTOCOL=${TUNNEL_TRANSPORT_PROTOCOL}
|
|
- NO_AUTOUPDATE=${NO_AUTOUPDATE}
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
read_only: true
|
|
tmpfs:
|
|
- /tmp
|
|
networks:
|
|
- proxy
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|