about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEmile <hanemile@protonmail.com>2019-10-09 12:40:20 +0200
committerEmile <hanemile@protonmail.com>2019-10-09 12:40:20 +0200
commit1ab5b3b9fca800a0f9187eb6b7942a33ff4f5f2d (patch)
tree6b630dae8cb43873f03e6bc9c63d8acf3952d1c3
parent0aeb3c1718a77f87521d614c163ad204a8d41b40 (diff)
traefik https
-rw-r--r--docker-compose.yml13
1 files changed, 13 insertions, 0 deletions
diff --git a/docker-compose.yml b/docker-compose.yml
index 6b3f885..51539ac 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,16 +9,29 @@ services:
             - "--providers.docker=true"
             - "--providers.docker.exposedbydefault=false"
             - "--entrypoints.web.address=:80"
+            - "--entrypoints.websecure.address=:80"
+            - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
+            - "--certificatesresolvers.mytlschallenge.acme.email=hanemile@protonmail.com"
+            - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
             - "--metrics.prometheus=true"
         ports:
             - "80:80"
+            - "443:443"
             - "8080:8080"
         volumes:
+            - "./letsencrypt:/letsencrypt"
             - "/var/run/docker.sock:/var/run/docker.sock:ro"
         labels:
             - "traefik.enable=true"
             - "traefik.http.routers.traefik.entrypoints=web"
             - "traefik.http.routers.traefik.rule=Host(`traefik.${HOSTNAME}`)"
+            - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
+            - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
+            - "traefik.http.routers.traefik-secure.entrypoints=websecure"
+            - "traefik.http.routers.traefik-secure.rule=Host(`traefik.${HOSTNAME}`)"
+            - "traefik.http.routers.traefik-secure.tls=true"
+            - "traefik.http.routers.traefik-secure.tls.certresolver=mytlschallenge"
+            - "traefik.http.routers.traefik-secure.service=api@internal"
             - "traefik.http.services.traefik.loadbalancer.server.port=8080"
         networks:
             - circus