Julien Fastré
76dfaf5d93
Revised proxy settings to dynamically include trusted IPs and ensured HTTPS redirections. Adjusted log mount path in Docker compose to align with application structure. Removed unused Traefik certificate volume for cleanup.
52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
services:
|
|
reverse-proxy:
|
|
# The official v3 Traefik docker image
|
|
image: traefik:v3.2
|
|
# Enables the web UI and tells Traefik to listen to docker
|
|
command:
|
|
{% if traefik_debug|default(False) -%}
|
|
- "--log.level=debug"
|
|
{% endif -%}
|
|
{% if traefik_insecure|default(False) -%}
|
|
- "--api.insecure=true"
|
|
{% endif -%}
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedByDefault=false"
|
|
- "--entryPoints.web.address=:80"
|
|
- "--entryPoints.web.http.redirections.entrypoint.scheme=https"
|
|
- "--entryPoints.websecure.address=:443"
|
|
{%+ for ip in traefik_trusted_ips|default([]) +%}
|
|
- "--entryPoints.websecure.forwardedHeaders.trustedIPs={{ ip }}"
|
|
{%+ endfor +%}
|
|
{%+ for c in chills +%}
|
|
{%+ if c.expose_port is not false +%}
|
|
- "--entryPoints.chill{{ c.chill_environment }}.address=:{{ c.expose_port }}"
|
|
{% endif +%}
|
|
{% endfor +%}
|
|
|
|
ports:
|
|
# The HTTP port
|
|
- "80:80"
|
|
- "443:443"
|
|
# The Web UI (enabled by --api.insecure=true)
|
|
- "8080:8080"
|
|
{% for c in chills +%}
|
|
{% if c.expose_port is not false +%}
|
|
- "{{ c.expose_port }}:{{ c.expose_port }}"
|
|
{% endif +%}
|
|
{%+ endfor +%}
|
|
|
|
volumes:
|
|
# So that Traefik can listen to the Docker events
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
networks:
|
|
- traefik
|
|
|
|
networks:
|
|
traefik:
|
|
name: traefik
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 172.150.0.0/24
|