socketproxy: services: networks: image: tecnativa/docker-socket-proxy - socketproxy volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" environment: NETWORKS: 1 SERVICES: 1 TASKS: 1 # Non Default permissions CONTAINERS: 1 # BUILD: 1 # COMMIT: 1 # CONFIGS: 1 # CONTAINERS: 1 # DISTRIBUTION: 1 # EXEC: 1 # GRPC: 1 # IMAGES: 1 # INFO: 1 # NETWORKS: 1 # NODES: 1 # PLUGINS: 1 # SERVICES: 1 # SESSION: 1 # SWARM: 1 # SYSTEM: 1 # TASKS: 1 # VOLUMES: 1 deploy: endpoint_mode: dnsrr placement: constraints: - node.role == manager update_config: order: start-first failure_action: rollback delay: 0s parallelism: 1 restart_policy: condition: on-failure traefik-http: image: traefik:v2 command: - "--providers.docker.endpoint=http://socketproxy_socketproxy:2375" - "--log.level=ERROR" - "--global.checknewversion=false" - "--global.sendanonymoususage=false" - "--providers.docker.swarmMode=true" - "--providers.docker.exposedbydefault=false" - "--providers.docker.network=traefik" - "--serverstransport.insecureskipverify=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - "--entrypoints.web.http.redirections.entryPoint.permanent=true" # Permanent redirect - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true" - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.letsencryptresolver.acme.email=admin@nixc.us" - "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json" - "--api.dashboard=true" - "--entryPoints.websecure.forwardedHeaders.insecure=true" - "--entryPoints.websecure.transport.respondingTimeouts.idleTimeout=600s" - "--entryPoints.websecure.transport.respondingTimeouts.readTimeout=600s" - "--entryPoints.websecure.transport.respondingTimeouts.writeTimeout=600s" ports: - target: 80 published: 80 protocol: tcp mode: host - target: 443 published: 443 protocol: tcp mode: host volumes: - /mnt/tank/persist/nixc.us/traefik/production/config:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock:ro networks: - traefik - socketproxy deploy: endpoint_mode: dnsrr placement: constraints: - node.hostname == {{hostname}} labels: homepage.group: Infrastructure homepage.name: Ingress homepage.href: https://{{url}}/ homepage.description: us.nixc.autodeploy: "true" traefik.enable: "true" traefik.docker.network: traefik traefik.http.routers.traefik_traefik-http.tls: "true" traefik.http.routers.traefik_traefik-http.rule: "Host(`{{url}}`)" traefik.http.routers.traefik_traefik-http.entrypoints: "websecure" traefik.http.routers.traefik_traefik-http.tls.certresolver: "letsencryptresolver" traefik.http.routers.traefik_traefik-http.service: "api@internal" traefik.http.services.traefik_traefik-http.loadbalancer.server.port: "888" update_config: order: stop-first failure_action: rollback delay: 15s parallelism: 1 restart_policy: condition: on-failure # docker network create --driver=overlay socketproxy networks: socketproxy: external: true traefik: external: true