version: '3.7'
services:
traefik:
image: traefik:2.1.6
command:
- "--api"
- "--api.dashboard"
# - "--api.insecure=true" # added by lg to debug, for dashboard
- "--log.level=DEBUG"
- "--providers.docker"
- "--providers.docker.swarmMode=true"
- "--providers.docker.network=traefikbig" # changed by lg from traefik to traefikbig
- "--entryPoints.web.address=:80"
- "--entryPoints.web.forwardedHeaders.trustedIPs={{ proxy_ip }}" # The ips of our upstream proxies: eci
- "--entryPoints.webs.address=:443"
- "--entryPoints.webs.forwardedHeaders.trustedIPs={{ proxy_ip }}" # The ips of our upstream proxies: eci
ports:
{% if dashboard_port is defined %}
- {{ dashboard_port }}:8080 # added by lg to debug, for dashboard
{% endif %}
- {{ http_port }}:80
{% if if https_port is defined %}
- {{ https_port }}:443
{% endif %}
networks:
- traefikbig
volumes:
- /var/run/docker.sock:/var/run/docker.sock
deploy:
placement:
constraints:
- node.role == manager
labels:
# - "traefik.http.routers.traefik-api.rule=PathPrefix(`/traefik`)"
- "traefik.http.routers.traefik-api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`) || PathPrefix(`/traefik`)" # lg
{% if https_port is defined %}
- "traefik.http.routers.traefik-api.tls=true"
- "traefik.http.routers.traefik-api.entryPoints=webs"
{% else %}
- "traefik.http.routers.traefik-api.entryPoints={{ entrypoint }}" # lg
{% endif %}
- "traefik.http.routers.traefik-api.service=api@internal"
- "traefik.http.middlewares.traefik-strip.stripprefix.prefixes=/traefik"
- "traefik.http.middlewares.traefik-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.abims-gga.sb-roscoff.fr/"
- "traefik.http.middlewares.traefik-auth.forwardauth.trustForwardHeader=true"
# - "traefik.http.routers.traefik-api.middlewares=traefik-auth,traefik-strip"
- "traefik.http.routers.traefik-api.middlewares=traefik-strip" # lg
# Dummy service for Swarm port detection. The port can be any valid integer value.
- "traefik.http.services.traefik-svc.loadbalancer.server.port=9999"
# Some generally useful middlewares for organisms hosting
- "traefik.http.middlewares.sp-auth.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.abims-gga.sb-roscoff.fr/"
- "traefik.http.middlewares.sp-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.sp-auth.forwardauth.authResponseHeaders=Remote-User,Remote-Groups"
{% if https_port is defined %}
- "traefik.http.middlewares.sp-trailslash.redirectregex.regex=^(https?://[^/]+/sp/[^/]+)$$"
{% else %}
- "traefik.http.middlewares.sp-trailslash.redirectregex.regex=^(http?://[^/]+/sp/[^/]+)$$" # lg
{% endif %}
- "traefik.http.middlewares.sp-trailslash.redirectregex.replacement=$${1}/"
- "traefik.http.middlewares.sp-trailslash.redirectregex.permanent=true"
{% if https_port is defined %}
- "traefik.http.middlewares.sp-app-trailslash.redirectregex.regex=^(https?://[^/]+/sp/[^/]+/[^/]+)$$"
{% else %}
- "traefik.http.middlewares.sp-app-trailslash.redirectregex.regex=^(http?://[^/]+/sp/[^/]+/[^/]+)$$" # lg
{% endif %}
- "traefik.http.middlewares.sp-app-trailslash.redirectregex.replacement=$${1}/"
- "traefik.http.middlewares.sp-app-trailslash.redirectregex.permanent=true"
- "traefik.http.middlewares.sp-prefix.stripprefixregex.regex=/sp/[^/]+"
- "traefik.http.middlewares.sp-app-prefix.stripprefixregex.regex=/sp/[^/]+/[^/]+"
- "traefik.http.middlewares.tripal-addprefix.addprefix.prefix=/tripal"
- "traefik.http.middlewares.sp-big-req.buffering.maxRequestBodyBytes=50000000"
- "traefik.http.middlewares.sp-huge-req.buffering.maxRequestBodyBytes=2000000000"
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
authelia:
image: authelia/authelia:4.12.0
networks:
- traefikbig
depends_on:
- authelia-redis
- authelia-db
volumes:
- ./authelia/:/etc/authelia/:ro
deploy:
labels:
- "traefik.http.routers.authelia.rule=Host(`{{ auth_hostname }}`)"
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
authelia-redis:
image: redis:5.0.7-alpine
command: ["redis-server", "--appendonly", "yes"]
volumes:
- ./authelia-redis/:/data/
networks:
- traefikbig
deploy:
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
authelia-db:
image: postgres:12.2-alpine
environment:
POSTGRES_PASSWORD: z3A,hQ-9
volumes:
- ./docker_data/authelia_db/:/var/lib/postgresql/data/
networks:
- traefikbig
deploy:
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
networks:
traefikbig:
driver: overlay
name: traefikbig
ipam:
config:
- subnet: 10.50.0.0/16