Newer
Older
version: "2.1"
services:
proxy:
image: traefik:{{ traefik_version }}
container_name: inverseproxy
environment:
TZ: "{{ timezone }}"
networks:
shared:
{% if inventory_hostname in groups['docker_auth'] | union(groups['docker_nagios']) or cloud_collabora or cloud_onlyoffice %}
aliases:
{% if inventory_hostname in groups['docker_auth'] %}
- {{ ldap_url }}
- {{ sso_url }}
{% endif %}
{% if inventory_hostname in groups['docker_nagios'] %}
- {{ nagios_url }}
{% endif %}
{% if inventory_hostname in groups['docker_nextcloud'] | union(groups['docker_owncloud']) %}
- {{ cloud_url }}
{% if cloud_collabora %}
- {{ cloud_collabora_url }}
{% endif %}
{% if cloud_onlyoffice %}
- {{ cloud_onlyoffice_url }}
{% endif %}
{% endif %}
{% endif %}
{% if metabase %}
bi:
{% endif %}
smtp:
private:
{% if restrict_internet_access %}
public:
{% endif %}
volumes:
- cert:/etc/traefik/acme:rw,Z
- logs:/var/log/traefik/:rw
- ./traefik.toml:/etc/traefik/traefik.toml:ro
ports:
- "80:80"
- "443:443"
depends_on:
- dockersocket
restart: unless-stopped
dockersocket:
image: tecnativa/docker-socket-proxy
container_name: inverseproxy_socket
privileged: true
userns_mode: "host"
networks:
private:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
CONTAINERS: 1
NETWORKS: 1
SERVICES: 1
SWARM: 1
TASKS: 1
restart: unless-stopped
networks:
shared:
{% if restrict_internet_access %}
internal: true
{% endif %}
driver_opts:
encrypted: 1
{% if metabase %}
bi:
internal: true
driver_opts:
encrypted: 1
{% endif %}
smtp:
internal: true
driver_opts:
encrypted: 1
private:
internal: true
driver_opts:
encrypted: 1
{% if restrict_internet_access %}
public:
driver_opts:
encrypted: 1
{% endif %}
volumes:
cert:
logs: