version: "2.4" networks: web: # All containers that are routed through traefik needs to be on this network external: true services: # Autheal will restart any container that has the label # autoheal: true # and fail their healthcheck autoheal: container_name: autoheal restart: always image: willfarrell/autoheal volumes: - /var/run/docker.sock:/var/run/docker.sock # Traefik reverse proxy. Routes http and ssh trafic to the righ containers # Controlled by container labels, see bottom of this compose file traefik: container_name: traefik image: traefik restart: always depends_on: - authelia environment: - EMAIL - PRIVATE_DOMAIN - PUBLIC_DOMAIN - TRAEFIK_CERTIFICATERESOLVERS_LE_ACME_EMAIL networks: web: ipv4_address: 172.18.1.2 command: - "--configFile=/data/traefik.yaml" ports: - 80:80 - 443:443 # Open port 8080 for debugging emergencies - 8080:8080 volumes: - /var/run/docker.sock:/var/run/docker.sock - ./traefik:/data - /var/log/traefik:/log healthcheck: # Sometimes, traefik loses connection to authelia. The only thing that works then is a restart, handled by autoheal. # I haven't checked for quite a while if this is still a problem, but might as well leave it in there. test: ["CMD", "wget", "-O", "-", "authelia:9091/api/state"] labels: traefik.enable: true traefik.http.services.traefik.loadbalancer.server.port: 8080 traefik.http.routers.traefik.rule: Host(`traefik.${PRIVATE_DOMAIN}`) traefik.http.routers.traefik.middlewares: auth@file traefik.http.routers.traefik.tls.certResolver: le autoheal: "true" # Authelia handles access control with 2FA authelia: container_name: authelia image: authelia/authelia restart: always volumes: - ./authelia:/config environment: # - ENVIRONMENT=dev - NODE_TLS_REJECT_UNAUTHORIZED=1 - AUTHELIA_JWT_SECRET - AUTHELIA_SESSION_SECRET - AUTHELIA_SESSION_DOMAIN - AUTHELIA_TOTP_ISSUER - TZ=Europe/Stockholm networks: web: healthcheck: test: ["CMD", "wget", "-O", "-", "127.0.0.1:9091/api/state"] labels: traefik.enable: true traefik.http.routers.authelia.rule: Host(`auth.${PRIVATE_DOMAIN}`) traefik.http.routers.authelia.tls.certResolver: le traefik.http.routers.authelia.entrypoints: websecure autoheal: "true" # Homer provides a dashboard for all services. Configured through ./homer/config.yml homer: container_name: homer image: b4bz/homer restart: always volumes: - ./homer:/www/assets environment: UID: 1000 GID: 1001 networks: web: labels: traefik.enable: true traefik.http.routers.homer.rule: Host(`${PRIVATE_DOMAIN}`) || Host(`www.${PRIVATE_DOMAIN}`) traefik.http.routers.homer.tls.certResolver: le # Dozzle is an easy way to view docker logs through a web interface dozzle: image: amir20/dozzle restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock networks: web: labels: traefik.enable: true traefik.http.routers.dozzle.rule: Host(`logs.${PRIVATE_DOMAIN}`) traefik.http.routers.dozzle.tls.certResolver: le traefik.http.routers.dozzle.middlewares: auth@file analytics: image: gregyankovoy/goaccess volumes: - ./analytics:/config - /var/log/traefik:/opt/log networks: web: labels: traefik.enable: true traefik.http.routers.analytics.rule: Host(`analytics.${PRIVATE_DOMAIN}`) traefik.http.routers.analytics.tls.certResolver: le traefik.http.routers.analytics.middlewares: auth@file # labels: # The following three labels are always needed. Make sure to replace with a unique name # traefik.enable: true # traefik.http.routers..tls.certResolver: le # traefik.http.routers..rule: Host(`.${PRIVATE_DOMAIN}`) # Alternatives: # traefik.http.routers..rule: Host(`.${PUBLIC_DOMAIN}`) # traefik.http.routers..rule: Host(`.${PRIVATE_DOMAIN}`) || HOST(`.${PUBLIC_DOMAIN}`) # Require authentication: # traefik.http.routers..middlewares: auth@file # If more than one port is exposed by the container: # traefik.http.services..loadbalancer.server.port: # If container uses more than one network: # traefik.docker.network: web # Restart automatically if healthchech fails: # autoheal: "true"