Hello,
I have a few questions regarding my docker compose file.
- Do I need to explicitly set
entryPoints.websecure.http.tls = true
if I set a certResolver, same goes for dnschallenge? - Do I have to set the certresolver within labels when I set it to letsEncrypt in the static configuration, does this apply to other containers as well where I enable Traefik?
- Can TLS be set to minimum TLS1.3 within the compose file? (Currently using a external file)
tls:
options:
default:
minVersion: VersionTLS13
- Can I improve my compose file in any way?
services:
traefik:
container_name: traefik
image: traefik:v3.0.1
ports:
- 80:80
- 443:443
restart: unless-stopped
security_opt:
- no-new-privileges:true
command:
# API
- --api=true
- --api.disabledashboardad=true
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --providers.docker.network=traefik_backend
- --providers.file.directory=/container/rules
# Entry-Points: Web & Websecure
- --entryPoints.web.address=:80
- --entryPoints.web.http.redirections.entryPoint.to=websecure
- --entryPoints.websecure.address=:443
- --entryPoints.websecure.asDefault=true
- --entryPoints.websecure.http3=true
- --entryPoints.websecure.http.tls=true
- --entryPoints.websecure.http.tls.certResolver=letsEncrypt
- --entryPoints.websecure.http.tls.domains[0].main=${DOMAIN}
- --entryPoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}
- --entryPoints.websecure.http.tls.options=tls@file
# Certificate Resolvers: LetsEncrypt - DNS Challenge
#- --certificatesresolvers.letsEncrypt.acme.caserver=https://acme-v02.api.letsencrypt.org/directory # Default
- --certificatesresolvers.letsEncrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory # Staging
- --certificatesresolvers.letsEncrypt.acme.dnschallenge=true
- --certificatesresolvers.letsEncrypt.acme.dnschallenge.provider=cloudflare
- --certificatesresolvers.letsEncrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesresolvers.letsEncrypt.acme.email=${CF_EMAIL}
- --certificatesresolvers.letsEncrypt.acme.storage=/container/tls/acme.json
environment:
- DOMAIN=${DOMAIN}
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- CF_EMAIL=${CF_EMAIL}
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
- CF_ZONE_API_TOKEN=${CF_ZONE_API_TOKEN}
- TRAEFIK_BASICAUTH=${TRAEFIK_BASICAUTH}
labels:
- traefik.enable=true
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
- traefik.http.routers.traefik.tls.certresolver=letsEncrypt
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.middlewares=auth
- traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_BASICAUTH}
networks:
frontend:
backend:
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/rules:/container/rules
- ./data/tls:/container/tls
networks:
frontend:
backend:
ipv4_addres: 10.0.0.1
I tried to piece everything together myself but I have a really hard time with the docs.