51 lines
1.9 KiB
YAML
51 lines
1.9 KiB
YAML
name: reverse-proxy
|
|
|
|
services:
|
|
traefik:
|
|
hostname: traefik
|
|
image: traefik
|
|
user: ${NASCOMPOSE_UID?}:${NASCOMPOSE_GID?}
|
|
environment:
|
|
NASCOMPOSE_DOMAIN: ${NASCOMPOSE_DOMAIN?}
|
|
#CF_DNS_API_TOKEN_FILE: /run/secrets/cf_dns_token
|
|
#TRAEFIK_CERTIFICATESRESOLVERS_DEFAULTRESOLVER_ACME_EMAIL: admin@${NASCOMPOSE_DOMAIN?}
|
|
#TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_DOMAINS_0_MAIN: '*.${NASCOMPOSE_DOMAIN?}'
|
|
#LEGO_DISABLE_CNAME_SUPPORT: true
|
|
networks:
|
|
- reverse-proxy
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_acme/:/etc/traefik/acme/
|
|
- ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_logs/:/var/log/traefik/
|
|
# Config
|
|
- ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/traefik.yml:/etc/traefik/traefik.yml:ro
|
|
- ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/dynamic:/etc/traefik/dynamic:ro
|
|
# Secrets
|
|
- ${NASCOMPOSE_SERVICES?}/reverse-proxy/secrets/cf_dns_token:/run/secrets/cf_dns_token:ro
|
|
restart: unless-stopped
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.routers.traefik.service: api@internal
|
|
traefik.http.routers.traefik.middlewares: authelia@file
|
|
crowdsec:
|
|
hostname: crowdsec
|
|
image: crowdsecurity/crowdsec
|
|
environment:
|
|
COLLECTIONS: "crowdsecurity/traefik"
|
|
GID: ${NASCOMPOSE_GID?}
|
|
networks:
|
|
- reverse-proxy
|
|
volumes:
|
|
- ${NASCOMPOSE_SERVICES?}/reverse-proxy/configs/crowdsec_acquis.yml:/etc/crowdsec/acquis.yaml
|
|
- ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/crowdsec_config/:/etc/crowdsec/
|
|
- ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/crowdsec_data/:/var/lib/crowdsec/data/
|
|
- ${NASCOMPOSE_SERVICES?}/reverse-proxy/volumes/traefik_logs/:/var/log/traefik/:ro
|
|
restart: unless-stopped
|
|
labels:
|
|
traefik.enable: true
|
|
traefik.http.routers.crowdsec.middlewares: authelia@file
|
|
|
|
networks:
|
|
reverse-proxy:
|
|
name: reverse-proxy
|