version: '3.7' # Environment variables are replaced with definitions in .env, when run with: # # env $(cat .env | grep ^[A-Z] | xargs) docker stack deploy --compose-file docker-compose.yml server networks: default: driver: overlay volumes: traefik-certs: {} services: traefik: image: traefik:v2.6.6 ports: - 80:80 - 443:443 deploy: #replicas: 2 # https://youtu.be/btHpHjabRcc placement: constraints: - node.role == manager labels: - traefik.enable=true # Enable the dashboard UI - traefik.http.routers.api.rule=Host(`board.${DOMAIN}`) - traefik.http.routers.api.service=api@internal - traefik.http.routers.api.middlewares=auth - traefik.http.routers.api.tls=true - "traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_API_USERS}" # Dummy service for Swarm port detection. The port can be any valid integer value. - traefik.http.services.dummy-svc.loadbalancer.server.port=9999 - traefik.http.routers.traefik.tls=true # Use LS to get/renew certs for the TLD & subdomains - traefik.http.routers.traefik.tls.certresolver=le - traefik.http.routers.traefik.tls.domains[0].main=${DOMAIN} - traefik.http.routers.traefik.tls.domains[0].sans=*.${DOMAIN} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ${CONTAINERS_DIR}/traefik/static.toml:/static.toml # cert storage can't be shared: https://doc.traefik.io/traefik/https/acme/#storage - traefik-certs:/certificates command: # Require a "traefik.enable=true" label - --providers.docker.exposedbydefault=false - --providers.docker.swarmmode=true # HTTP redirects to HTTPS - --entrypoints.web.address=:80 - --entrypoints.web.http.redirections.entrypoint.permanent=false - --entrypoints.web.http.redirections.entryPoint.to=websecure - --entrypoints.web.http.redirections.entryPoint.scheme=https - --entrypoints.websecure.address=:443 # Auto cert renewal via cloudflare - --certificatesresolvers.le.acme.email=${LETSENCRYPT_EMAIL} - --certificatesresolvers.le.acme.storage=/certificates/acme.json - --certificatesresolvers.le.acme.dnschallenge.provider=cloudflare - --certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 # debug, uncomment for testing #- --certificatesresolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory #- --log.level=DEBUG - --accesslog=true - --log=true # Enable the traefik dashboard - --api=true - --providers.file.filename=/static.toml environment: - CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL} - CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY} #jekyll: # image: jibby0/docker-jekyll-webhook:test # deploy: # placement: # # TODO I don't know why the 2nd replica 502s all the time if I don't do this # constraints: # - node.labels.cpu-intensive == true # replicas: 2 # labels: # - traefik.enable=true # - traefik.http.routers.jekyll.tls=true # - traefik.http.routers.jekyll.rule=Host(`${DOMAIN}`) # - traefik.http.services.jekyll.loadbalancer.server.port=80 # environment: # - TZ=America/New_York # - WEBHOOK_SECRET=${WEBHOOK_SECRET} # - REPO=https://github.com/jibby0/blog.git # restart: always # volumes: # - ${CONTAINERS_DIR}/jekyll/vendor_cache:/vendor # postgres: # image: postgres:13.2 # deploy: # placement: # constraints: # - node.labels.cpu-intensive == true # volumes: # - ${CONTAINERS_DIR}/postgres/data:/var/lib/postgresql/data # - ${CONTAINERS_DIR}/postgres/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d # environment: # - POSTGRES_USER=${POSTGRES_USER} # - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} # restart: always #nextcloud: # image: nextcloud:23.0.0 # deploy: # placement: # constraints: # - node.labels.cpu-intensive == true # labels: # - traefik.enable=true # - traefik.http.routers.nextcloud.tls=true # - traefik.http.routers.nextcloud.rule=Host(`nextcloud.${DOMAIN}`) # - traefik.http.services.nextcloud.loadbalancer.server.port=80 # expose: # - "80" # links: # - postgres # - redis # volumes: # - ${CONTAINERS_DIR}/nextcloud:/var/www/html # environment: # - REDIS_HOST=redis # restart: always #redis: # image: redis:6.2.6 # deploy: # placement: # constraints: # - node.labels.cpu-intensive == true # command: redis-server --save 60 1 --loglevel warning # volumes: # - ${CONTAINERS_DIR}/redis:/data # restart: always # gogs: # image: gogs/gogs:0.12.0 # deploy: # labels: # - traefik.enable=true # - traefik.http.routers.gogs.tls=true # - traefik.http.routers.gogs.rule=Host(`gogs.${DOMAIN}`) # - traefik.http.services.gogs.loadbalancer.server.port=3000 # expose: # - "3000" # volumes: # - ${CONTAINERS_DIR}/gogs:/data # # NOTE: My gogs instance isn't happy with postgres. For now, it's a small server # # and sqlite is fine, but I should fix this eventually. # #links: # # - postgres # restart: always # matrix: # image: matrixdotorg/synapse:v1.55.2 # deploy: # placement: # constraints: # - node.labels.cpu-intensive == true # labels: # - traefik.enable=true # - traefik.http.routers.matrix.tls=true # - traefik.http.routers.matrix.rule=Host(`matrix.${DOMAIN}`) # - traefik.http.services.matrix.loadbalancer.server.port=8008 # expose: # - "8008" # links: # - postgres # volumes: # - ${CONTAINERS_DIR}/matrix:/data # restart: always # matrix_wellknown: # image: adrianrudnik/matrix-wellknown-server:1.0.1 # volumes: # - ${CONTAINERS_DIR}/matrix/wellknown:/var/schema # deploy: # labels: # - traefik.enable=true # - traefik.http.routers.matrix-wellknown.tls=true # - traefik.http.routers.matrix-wellknown.rule=Host(`matrix.${DOMAIN}`) && PathPrefix(`/.well-known/matrix/`) # - traefik.http.services.matrix-wellknown.loadbalancer.server.port=8080 # expose: # - "8080" # selfoss: # image: jibby0/selfoss:2.18 # deploy: # # TODO `postgres` is only accesssible on the same node ???? # placement: # constraints: # - node.labels.media-encoding == true # labels: # - traefik.enable=true # - traefik.http.routers.selfoss.tls=true # - traefik.http.routers.selfoss.rule=Host(`selfoss.${DOMAIN}`) # - traefik.http.services.selfoss.loadbalancer.server.port=8888 # expose: # - "8888" # links: # - postgres # volumes: # - ${CONTAINERS_DIR}/selfoss:/selfoss/data # environment: # - CRON_PERIOD=5m # restart: always