-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathadmin-stack.yml
98 lines (95 loc) · 3.27 KB
/
admin-stack.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
version: "3.7"
services:
traefik:
image: traefik:v2.4
deploy:
mode: global
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
# Dashboard router
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.laundrobot.ai`)"
- "traefik.http.routers.traefik-dashboard.service=api@internal"
- "traefik.http.routers.traefik-dashboard.entrypoints=websecure"
- "traefik.http.routers.traefik-dashboard.tls.certresolver=myresolver"
- traefik.http.services.traefik-dashboard.loadbalancer.server.port=5003
- "traefik.docker.network=public"
# Enable Basic Auth on Traefik Dashboard
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$2y$$05$$zXp4YId/ud4GKWGfcurBPe33lyAfwRhTPCKdmPlSYm.hRsyeATcRC" # ! You should double the $ for this to work! Otherwise you'll get stuck on the password screen
- "traefik.http.routers.traefik-dashboard.middlewares=traefik-auth@docker"
command:
# Basic setup
- --api.insecure=false
- --api.dashboard=true
- --providers.docker=true
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
# Setup SSL
- --certificatesresolvers.myresolver.acme.httpchallenge=true
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.myresolver.acme.email=admin@laundrobot.ai
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
# Redirect HTTP to HTTPS
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
# Logging & Debugging
- --accesslog=true
- --accesslog.filepath=./traeffik-logfile.log
- --log.level=DEBUG
ports:
- "80:80"
- "443:443"
- "5003:8080" # Traefik dashboard
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./letsencrypt:/letsencrypt
networks:
- boilerplate-network
- public
agent:
image: portainer/agent
environment:
AGENT_CLUSTER_ADDR: tasks.agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- private
deploy:
mode: global
placement:
constraints:
- node.platform.os == linux
portainer:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- portainer-data:/data
networks:
- private
- public
deploy:
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.docker.network=public
- traefik.http.routers.portainer.rule=Host(`portainer.laundrobot.ai`)
- traefik.http.routers.portainer.entrypoints=websecure
- traefik.http.routers.portainer.tls.certresolver=myresolver
- traefik.http.services.portainer-service.loadbalancer.server.port=9000
networks:
private:
driver: overlay
name: private
public:
external: true
boilerplate-network:
external: true
volumes:
portainer-data: {}