94 lines
2.9 KiB
YAML
Executable File
94 lines
2.9 KiB
YAML
Executable File
# =============================================================================
|
||
# 04_stack-traefik.yml – Phase 5 (separat, wenn bereit)
|
||
# =============================================================================
|
||
# WANN: Erst wenn Phase 1–4 stabil laufen.
|
||
# NICHT gleichzeitig mit der Netz-Migration starten.
|
||
#
|
||
# Voraussetzungen:
|
||
# - Domain + DNS-Eintrag vorhanden
|
||
# - Port 80 + 443 auf Router weitergeleitet
|
||
# - ./traefik/traefik.yml angelegt (Vorlage unten)
|
||
# - ./traefik/dynamic/middlewares.yml angelegt (Vorlage unten)
|
||
#
|
||
# Nach dem Start pro Container in 03_stack-frontend.yml:
|
||
# - traefik.enable: "false" → "true"
|
||
# - yourdomain.tld anpassen
|
||
# - ports:-Block auskommentieren
|
||
# - docker compose -f 03_stack-frontend.yml up -d --force-recreate <name>
|
||
# =============================================================================
|
||
|
||
networks:
|
||
frontend_net:
|
||
external: true
|
||
|
||
services:
|
||
traefik:
|
||
image: traefik:v3.3
|
||
container_name: traefik
|
||
restart: unless-stopped
|
||
security_opt:
|
||
- no-new-privileges:true
|
||
ports:
|
||
- "80:80"
|
||
- "443:443"
|
||
volumes:
|
||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||
- traefik_certs:/certs
|
||
- ./traefik/traefik.yml:/etc/traefik/traefik.yml:ro
|
||
- ./traefik/dynamic:/etc/traefik/dynamic:ro
|
||
networks:
|
||
frontend_net:
|
||
ipv4_address: 172.20.0.2 # statische IP — Infrastrukturanker
|
||
labels:
|
||
traefik.enable: "true"
|
||
traefik.http.routers.traefik-dash.rule: "Host(`traefik.yourdomain.tld`)"
|
||
traefik.http.routers.traefik-dash.entrypoints: "websecure"
|
||
traefik.http.routers.traefik-dash.tls.certresolver: "letsencrypt"
|
||
traefik.http.routers.traefik-dash.service: "api@internal"
|
||
traefik.http.routers.traefik-dash.middlewares: "auth@file"
|
||
traefik.docker.network: "frontend_net"
|
||
|
||
volumes:
|
||
traefik_certs:
|
||
name: traefik_certs
|
||
|
||
# =============================================================================
|
||
# traefik/traefik.yml (Vorlage):
|
||
# =============================================================================
|
||
# api:
|
||
# dashboard: true
|
||
# entryPoints:
|
||
# web:
|
||
# address: ":80"
|
||
# http:
|
||
# redirections:
|
||
# entryPoint:
|
||
# to: websecure
|
||
# scheme: https
|
||
# websecure:
|
||
# address: ":443"
|
||
# certificatesResolvers:
|
||
# letsencrypt:
|
||
# acme:
|
||
# email: deine@email.de
|
||
# storage: /certs/acme.json
|
||
# httpChallenge:
|
||
# entryPoint: web
|
||
# providers:
|
||
# docker:
|
||
# exposedByDefault: false
|
||
# network: frontend_net
|
||
# file:
|
||
# directory: /etc/traefik/dynamic
|
||
# watch: true
|
||
#
|
||
# =============================================================================
|
||
# traefik/dynamic/middlewares.yml (Vorlage):
|
||
# =============================================================================
|
||
# http:
|
||
# middlewares:
|
||
# auth:
|
||
# basicAuth:
|
||
# users:
|
||
# - "admin:$apr1$..." # htpasswd generieren: htpasswd -nb admin passwort
|