version: "3.9" networks: traefik_proxy: external: true services: traefik: image: traefik:v3.1 container_name: traefik restart: unless-stopped command: - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--providers.file.directory=/dynamic" - "--providers.file.watch=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.letsencrypt.acme.email=admin@example.com" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web" ports: - "80:80" - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "./traefik/traefik.yml:/traefik.yml:ro" - "./traefik/acme.json:/letsencrypt/acme.json" - "./traefik/dynamic:/dynamic:ro" networks: - traefik_proxy labels: - "traefik.enable=true" # HTTP -> HTTPS redirect for traefik.example.com - "traefik.http.routers.traefik-http.rule=Host(`traefik.example.com`)" - "traefik.http.routers.traefik-http.entrypoints=web" - "traefik.http.routers.traefik-http.middlewares=traefik-https-redirect" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" # HTTPS router for Traefik dashboard, protected by Authelia - "traefik.http.routers.traefik-https.rule=Host(`traefik.example.com`)" - "traefik.http.routers.traefik-https.entrypoints=websecure" - "traefik.http.routers.traefik-https.tls.certresolver=letsencrypt" - "traefik.http.routers.traefik-https.service=api@internal" - "traefik.http.routers.traefik-https.middlewares=authelia-auth@file" authelia: image: authelia/authelia:latest container_name: authelia restart: unless-stopped volumes: - "./authelia/configuration.yml:/config/configuration.yml:ro" - "./authelia/users_database.yml:/config/users_database.yml:ro" # runtime DB + logs live in /config; optional to bind for backup networks: - traefik_proxy