trustai-uk/traefik-compose.yml

version: '3.3'

services:
  authelia:
    image: authelia/authelia:4
    volumes:
      - ./authelia:/config
    networks:
      - traefik-public
    deploy:
      labels:
        - 'traefik.enable=true'
        - 'traefik.http.routers.authelia.rule=Host(`auth.trustai.uk`)'
        - 'traefik.http.routers.authelia.entrypoints=web'
        - "traefik.http.services.authelia.loadbalancer.server.port=9091"
        # TLS
        - "traefik.http.routers.authelias.rule=Host(`auth.trustai.uk`)"
        - "traefik.http.routers.authelias.entrypoints=websecure"
        - "traefik.http.routers.authelias.tls.certresolver=myhttpchallenge"
        # Redirect
        - "traefik.http.routers.authelia.middlewares=https_redirect"
        - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
        # Authelia
        - 'traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://auth.trustai.uk'
        - 'traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true'
        - 'traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User, Remote-Groups'
        - "traefik.http.routers.authelia.service=authelia"
  redis:
    image: redis:6-alpine
    # volumes:
    #   - ./redis:/data
    networks:
      - traefik-public
  traefik:
    # The official v2.0 Traefik docker image
    image: traefik:v2.2
    # Enables the web UI and tells Traefik to listen to docker
    command:
      - "--api"
      - "--providers.docker=true"
      - "--providers.docker.swarmMode=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
      - "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.myhttpchallenge.acme.email=wuhanstudio@qq.com"
      - "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host      
    volumes:
      # So that Traefik can listen to the Docker events
      - ./letsencrypt:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      labels:
        - 'traefik.enable=true'
        - 'traefik.http.routers.api.rule=Host(`traefik.trustai.uk`)'
        - 'traefik.http.routers.api.entrypoints=web'
        - 'traefik.http.routers.api.service=api@internal'
        - 'traefik.http.services.traefik.loadbalancer.server.port=80'
        # TLS
        - "traefik.http.routers.apis.rule=Host(`traefik.trustai.uk`)"
        - "traefik.http.routers.apis.entrypoints=websecure"
        - "traefik.http.routers.apis.tls.certresolver=myhttpchallenge"
        # Redirect
        - "traefik.http.routers.api.middlewares=https_redirect"
        - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
        # Authelia
        - 'traefik.http.routers.apis.service=api@internal'
          #- 'traefik.http.routers.apis.middlewares=authelia@docker'
      placement:
        constraints:
          - node.role == manager
    networks:
      - traefik-public
  nginx:
    image: nginx:alpine
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf #:ro
      - ./trustai-mainpage:/usr/share/nginx/html:ro
    networks:
      - traefik-public
    deploy:
      labels:
        - "traefik.enable=true"
        # nginx
        - "traefik.http.routers.nginx.rule=Host(`home.trustai.uk`)"
        - "traefik.http.routers.nginx.entrypoints=web"
        - "traefik.http.services.nginx.loadbalancer.server.port=80"
        # TLS
        - "traefik.http.routers.nginxs.rule=Host(`home.trustai.uk`)"
        - "traefik.http.routers.nginxs.entrypoints=websecure"
        - "traefik.http.routers.nginxs.tls.certresolver=myhttpchallenge"
        # Redirect
        - "traefik.http.routers.nginx.middlewares=https_redirect"
        - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
networks:
  traefik-public:
    external: true