API tools faq
paste
Guest User

traefik + cloudflared compose

a guest
Jan 27th, 2024
3,258
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.21 KB | None | 0 0
raw download clone embed print report
  1. version: "3.8"
  2.  
  3. networks:
  4. cftunnel-transport:
  5. cloud-public:
  6. external: true
  7.  
  8. services:
  9. tunnel:
  10. image: cloudflare/cloudflared
  11. restart: unless-stopped
  12. command: tunnel run
  13. environment:
  14. - TUNNEL_TOKEN=${CLOUDFLARED_TOKEN}
  15. - TUNNEL_LOGLEVEL=debug
  16. networks:
  17. - cftunnel-transport
  18.  
  19. traefik:
  20. image: traefik:v2.10.4
  21. restart: unless-stopped
  22. command:
  23. # Docker settings
  24. - --providers.docker
  25. - --providers.docker.endpoint=unix:///var/run/docker.sock # Use the secure docker socket proxy
  26. - --providers.docker.exposedbydefault=false # Don't expose containers per default
  27. - --providers.docker.swarmmode=false # Enable swarmmode
  28. - --providers.docker.network=cloud-public # Use the cloud-publi docker network
  29. - --providers.docker.constraints=Label(`traefik.constraint-label`, `cloud-public`) # Add a constraint to only use services with the label "traefik.constraint-label=cloud-public"
  30.  
  31. # Entrypoints
  32. - --entrypoints.web.address=:80 # http
  33. - --entrypoints.websecure.address=:443 # https
  34.  
  35. # Dashboard
  36. - --api
  37. - --api.dashboard=false
  38.  
  39. # Certificates
  40. # see certificates.yaml
  41. # in my case I use an origin server certificate from cloudflare
  42. - --providers.file.filename=/certificates.yaml
  43.  
  44. # Logging
  45. - --accesslog=true
  46. - --log.level=debug
  47. deploy:
  48. mode: global
  49. labels:
  50. # traefik.enable is required because we don't expose all containers automatically
  51. - traefik.enable=true
  52. - traefik.docker.network=cloud-public
  53. - traefik.constraint-label=cloud-public
  54.  
  55. # Global redirection: HTTP to HTTPS
  56. - traefik.http.routers.http-redirects.entrypoints=web
  57. - traefik.http.routers.http-redirects.rule=hostregexp(`{host:(www\.)?.+}`)
  58. - traefik.http.routers.http-redirects.middlewares=traefik-ratelimit,redirect-to-non-www-https
  59.  
  60. # Global redirection: HTTPS www to HTTPS non-www
  61. - traefik.http.routers.www-redirects.entrypoints=websecure
  62. - traefik.http.routers.www-redirects.rule=hostregexp(`{host:(www\.).+}`)
  63. - traefik.http.routers.www-redirects.tls=true
  64. - traefik.http.routers.www-redirects.tls.options=default
  65. - traefik.http.routers.www-redirects.middlewares=traefik-ratelimit,redirect-to-non-www-https
  66.  
  67. # Middleware to redirect to bare https
  68. - traefik.http.middlewares.redirect-to-non-www-https.redirectregex.regex=^https?://(?:www\.)?(.+)
  69. - traefik.http.middlewares.redirect-to-non-www-https.redirectregex.replacement=https://$${1}
  70. - traefik.http.middlewares.redirect-to-non-www-https.redirectregex.permanent=true
  71.  
  72. # Extra middleware
  73. - traefik.http.middlewares.traefik-ratelimit.ratelimit.average=100
  74. - traefik.http.middlewares.traefik-ratelimit.ratelimit.burst=50
  75. volumes:
  76. - /data/traefik/certificates:/certificates
  77. - /data/traefik/certificates/origin:/certificates/origin:ro
  78. - /deployments/traefik/certificates.yaml:/certificates.yaml:ro
  79. - /var/run/docker.sock:/var/run/docker.sock:ro
  80. networks:
  81. - cloud-public
  82. - cftunnel-transport
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!