Hi,
Up until now, I was using traefik by configuring it like this:
version: "3.9"
services:
traefik:
image: "traefik:latest"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.delayBeforeCheck=30"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
- "--certificatesresolvers.myresolver.acme.email=my@email.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--providers.docker.network=home-stack_default"
ports:
- "80:80"
- "8080:8080"
- "443:443"
environment:
- "OVH_ENDPOINT=ovh-eu"
- "OVH_APPLICATION_KEY=XXX"
- "OVH_APPLICATION_SECRET=YYYY"
- "OVH_CONSUMER_KEY=ZZZZ"
# - "LEGO_DISABLE_CNAME_SUPPORT=true"
volumes:
- config-letsencrypt:/letsencrypt
- "/var/run/docker.sock:/var/run/docker.sock:ro"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`traefik.mydomain.com`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=myresolver"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
- "traefik.http.middlewares.force-secure.redirectscheme.scheme=https"
- "traefik.http.middlewares.force-secure.redirectscheme.permanent=true"
- traefik.http.routers.http-catchall.rule=HostRegexp(`{any:.+}`)
- traefik.http.routers.http-catchall.entrypoints=web
- traefik.http.routers.http-catchall.middlewares=force-secure
emby:
image: lscr.io/linuxserver/emby:latest
environment:
- PUID=1028
- PGID=100
- TZ=Europe/Zurich
volumes:
- config-emby:/config
- media:/data/
# - media-movies:/data/movies
#- /opt/vc/lib:/opt/vc/lib #optional
ports:
- 8096:8096
labels:
- "traefik.enable=true"
- "traefik.http.routers.emby.rule=Host(`emby.mydomain.com`)"
- "traefik.http.routers.emby.entrypoints=websecure"
- "traefik.http.routers.emby.tls.certresolver=myresolver"
- "traefik.http.services.emby.loadbalancer.server.port=8096"
transmission:
image: lscr.io/linuxserver/transmission:version-3.00-r8
environment:
- PUID=1028
- PGID=100
- TZ=Europe/Zurich
volumes:
- config-transmission:/config
- downloads:/downloads
- movies:/movies
- software:/software
- ebooks:/ebooks
ports:
- 9091:9091
- 51413:51413
- 51413:51413/udp
labels:
- "traefik.enable=true"
- "traefik.http.routers.transmission.rule=Host(`transmission.mydomain.com`)"
- "traefik.http.routers.transmission.entrypoints=websecure"
- "traefik.http.routers.transmission.tls.certresolver=myresolver"
- "traefik.http.services.transmission.loadbalancer.server.port=9091"
medusa:
image: lscr.io/linuxserver/medusa:latest
environment:
- PUID=1028
- PGID=100
- TZ=Europe/London
volumes:
- config-medusa:/config
- downloads:/downloads
- tvshows:/tv
ports:
- 8081:8081
labels:
- "traefik.enable=true"
- "traefik.http.routers.medusa.rule=Host(`medusa.mydomain.com`)"
- "traefik.http.routers.medusa.entrypoints=websecure"
- "traefik.http.routers.medusa.tls.certresolver=myresolver"
- "traefik.http.services.medusa.loadbalancer.server.port=8081"
ddnsupdater:
image: qmcgaw/ddns-updater
volumes:
- config-ddns:/updater/data
ports:
- 8007:8000/tcp
environment:
- PERIOD=5m
- CONFIG=
- UPDATE_COOLDOWN_PERIOD=5m
- PUBLICIP_FETCHERS=all
- PUBLICIP_HTTP_PROVIDERS=all
- PUBLICIPV4_HTTP_PROVIDERS=all
- PUBLICIPV6_HTTP_PROVIDERS=all
- PUBLICIP_DNS_PROVIDERS=all
- PUBLICIP_DNS_TIMEOUT=3s
- HTTP_TIMEOUT=10s
# Web UI
- LISTENING_PORT=8007
- ROOT_URL=/
# Backup
- BACKUP_PERIOD=0 # 0 to disable
- BACKUP_DIRECTORY=/updater/data
# Other
- LOG_LEVEL=info
- LOG_CALLER=hidden
- SHOUTRRR_ADDRESSES=
healthcheck:
disable: true
labels:
- "traefik.enable=true"
- "traefik.http.routers.ddnsupdater.rule=Host(`ddns.mydomain.com`)"
- "traefik.http.routers.ddnsupdater.entrypoints=websecure"
- "traefik.http.routers.ddnsupdater.tls.certresolver=myresolver"
- "traefik.http.services.ddnsupdater.loadbalancer.server.port=8000"
heimdall:
image: lscr.io/linuxserver/heimdall:latest
environment:
- PUID=1028
- PGID=100
- TZ=Europe/London
volumes:
- config-heimdall:/config
ports:
- 444:443
labels:
- "traefik.enable=true"
- "traefik.http.routers.heimdall.rule=Host(`home.mydomain.com`)"
- "traefik.http.routers.heimdall.entrypoints=websecure"
- "traefik.http.routers.heimdall.tls.certresolver=myresolver"
- "traefik.http.routers.heimdall.tls=true"
- "traefik.http.services.heimdall.loadbalancer.server.port=443"
- "traefik.http.services.heimdall.loadbalancer.server.scheme=https"
wireguard:
image: linuxserver/wireguard
cap_add:
- NET_ADMIN
- SYS_MODULE
ports:
- 51820:51820/udp
environment:
- PUID=1028
- PGID=100
- TZ=Europe/London
- SERVERURL=vpn.mydomain.com
- SERVERPORT=51820
- PEERS=5
- ALLOWEDIPS=0.0.0.0/0
volumes:
- config-wireguard:/config
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
paperless-broker:
image: docker.io/library/redis:7
volumes:
- paperless-redis-data:/data
paperless-db:
image: docker.io/library/postgres:15
volumes:
- paperless-pgdata:/var/lib/postgresql/data
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperless
POSTGRES_PASSWORD: paperless
paperless-webserver:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
depends_on:
- paperless-db
- paperless-broker
ports:
- "8010:8000"
volumes:
- paperless-data:/usr/src/paperless/data
- paperless-media:/usr/src/paperless/media
- paperless-export:/usr/src/paperless/export
- paperless-consume:/usr/src/paperless/consume
environment:
PAPERLESS_REDIS: redis://paperless-broker:6379
PAPERLESS_DBHOST: paperless-db
USERMAP_UID: 1028
USERMAP_GID: 100
PAPERLESS_OCR_LANGUAGE: fra
PAPERLESS_CONSUMER_POLLING: 30
PAPERLESS_URL: https://paperless.mydomain.com
labels:
- "traefik.enable=true"
- "traefik.http.routers.paperless.rule=Host(`paperless.mydomain.com`)"
- "traefik.http.routers.paperless.entrypoints=websecure"
- "traefik.http.routers.paperless.tls.certresolver=myresolver"
- "traefik.http.services.paperless.loadbalancer.server.port=8000"
grafana:
image: grafana/grafana-enterprise
ports:
- '3000:3000'
volumes:
- grafana-data:/var/lib/grafana
user: "1028:100"
environment:
GF_SERVER_ROOT_URL: https://grafana.mydomain.com
labels:
- "traefik.enable=true"
- "traefik.http.routers.grafana.rule=Host(`grafana.mydomain.com`)"
- "traefik.http.routers.grafana.entrypoints=websecure"
- "traefik.http.routers.grafana.tls=true"
- "traefik.http.routers.grafana.tls.certresolver=myresolver"
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
influxdb:
image: influxdb:latest
ports:
- 8086:8086
volumes:
- ha-influxDb:/var/lib/influxdb2
labels:
- "traefik.enable=true"
- "traefik.http.routers.influxdb.rule=Host(`influxdb.mydomain.com`)"
- "traefik.http.routers.influxdb.entrypoints=websecure"
- "traefik.http.routers.influxdb.tls.certresolver=myresolver"
- "traefik.http.services.influxdb.loadbalancer.server.port=8086"
n8n:
image: docker.n8n.io/n8nio/n8n
ports:
- 5678:5678
labels:
- "traefik.enable=true"
- "traefik.http.routers.n8n.rule=Host(`n8n.mydomain.com`)"
- "traefik.http.routers.n8n.tls=true"
- "traefik.http.routers.n8n.entrypoints=websecure"
- "traefik.http.routers.n8n.tls.certresolver=myresolver"
- "traefik.http.middlewares.n8n.headers.SSLRedirect=true"
- "traefik.http.middlewares.n8n.headers.STSSeconds=315360000"
- "traefik.http.middlewares.n8n.headers.browserXSSFilter=true"
- "traefik.http.middlewares.n8n.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.n8n.headers.forceSTSHeader=true"
- "traefik.http.middlewares.n8n.headers.SSLHost=mydomain.com"
- "traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true"
- "traefik.http.middlewares.n8n.headers.STSPreload=true"
- "traefik.http.routers.n8n.middlewares=n8n@docker"
environment:
- N8N_HOST=n8n.mydomain.com
- N8N_PORT=5678
- N8N_PROTOCOL=https
- NODE_ENV=production
- WEBHOOK_URL=https://n8n.mydomain.com/
- GENERIC_TIMEZONE=Europe/Berlin
volumes:
- n8n-data:/home/node/.n8n
evcc:
command: ["evcc", "-c", "/root/.evcc/evcc.yaml"]
image: evcc/evcc:latest
ports:
- 7070:7070/tcp
- 8887:8887/tcp
- 7090:7090/udp
- 9522:9522/udp
volumes:
- evcc-config:/root/.evcc
labels:
- "traefik.enable=true"
- "traefik.http.routers.evcc.rule=Host(`evcc.mydomain.com`)"
- "traefik.http.routers.evcc.entrypoints=websecure"
- "traefik.http.routers.evcc.tls.certresolver=myresolver"
- "traefik.http.services.evcc.loadbalancer.server.port=7070"
volumes:
tvshows:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media/tvshows"
movies:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media/movies"
ebooks:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media/ebooks"
media:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media"
software:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media/software"
config-emby:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/config/emby"
config-ddns:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/config/ddns"
downloads:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/work/torrent/downloads"
config-transmission:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/config/transmission"
config-medusa:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/config/medusa"
config-letsencrypt:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/config/letsencrypt"
config-heimdall:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/config/heimdall"
config-wireguard:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/config/wireguard"
paperless-redis-data:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media/scanner/paperless-redis-data"
paperless-pgdata:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media/scanner/paperless-pgdata"
paperless-data:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media/scanner/paperless-data"
paperless-media:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media/scanner/paperless-media"
paperless-export:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/media/scanner/paperless-export"
paperless-consume:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/public/Scans"
grafana-data:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/work/grafana/data"
ha-influxDb:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/work/grafana/ha-influxDb"
n8n-data:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/work/n8n"
evcc-config:
driver_opts:
type: "nfs"
o: "addr=192.168.0.60,nolock,rw,soft"
device: ":/volume2/apps/config/evcc"
It worked great, but I must admit I feel limited:
(warning, I'm not sure that all those assumptions are actually true)
- All my container needs to be in the same compose file, I cannot split this file in multiple file (and then only restart some).
- If some container are not coming from this docker-compose file, I cannot have traeffik providing reverse proxy/certificate for them.
So my question: Is there some guide/tip&tricks to find how to do the same exact configuration in a dedicated file configuration of traefik? Or some things that work in docker-provider but will not with the file provider?