45 lines
1.5 KiB
YAML
45 lines
1.5 KiB
YAML
version: "3.9"
|
|
|
|
networks:
|
|
traefik_proxy:
|
|
external: true
|
|
|
|
services:
|
|
private_static:
|
|
image: nginx:alpine
|
|
container_name: private_static
|
|
restart: unless-stopped
|
|
networks:
|
|
- traefik_proxy
|
|
|
|
# Host-visible content
|
|
volumes:
|
|
- ./html:/usr/share/nginx/html:ro
|
|
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
# =========================
|
|
# HTTP → HTTPS redirect
|
|
# =========================
|
|
# Catch http://example.com/private[...] and redirect to https://
|
|
- "traefik.http.routers.private-http.rule=Host(`example.com`) && PathPrefix(`/private`)"
|
|
- "traefik.http.routers.private-http.entrypoints=web"
|
|
- "traefik.http.routers.private-http.middlewares=private-https-redirect"
|
|
- "traefik.http.middlewares.private-https-redirect.redirectscheme.scheme=https"
|
|
|
|
# =========================
|
|
# HTTPS router (protected)
|
|
# =========================
|
|
# Serve static files at https://example.com/private[...]
|
|
- "traefik.http.routers.private-https.rule=Host(`example.com`) && PathPrefix(`/private`)"
|
|
- "traefik.http.routers.private-https.entrypoints=websecure"
|
|
- "traefik.http.routers.private-https.tls.certresolver=letsencrypt"
|
|
|
|
# Optional: set higher priority if you have a general example.com router
|
|
- "traefik.http.routers.private-https.priority=20"
|
|
|
|
# Require Authelia auth before serving anything under /private
|
|
- "traefik.http.routers.private-https.middlewares=authelia-auth@file"
|
|
|