Traefik

Traefik

The Cloud Native Application Proxy

The Cloud Native Application Proxy

🏠 Home: https://traefik.io/
📜 Source: https://github.com/traefik/traefik
Comparison with nginx: https://blog.lrvt.de/nginx-proxy-manager-versus-traefik/
Customizing error pages in Traefik: https://www.imandrea.me/blog/traefik-custom-404/

TODO Log rotation - https://doc.traefik.io/traefik/observability/access-logs/

name: traefik
services:
  traefik:
    image: traefik:v3.1
    container_name: traefik
    restart: unless-stopped
    environment:
      TZ: ${TIMEZONE}
      MYDOMAIN: ${MYDOMAIN}
      MAIN_NODE_IP: ${MAIN_NODE_IP}
      CLOUDFLARE_DNS_API_TOKEN: ${CLOUDFLARE_DNS_API_TOKEN}
      # Used in static configuration (traefik.yml)
      # TRAEFIK_PROVIDERS_DOCKER_DEFAULTRULE: 'Host(`{{ index .Labels "com.docker.compose.service"}}.${MYDOMAIN}`)'
      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_DOMAINS_0_MAIN: "${MYDOMAIN}"
      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_DOMAINS_0_SANS: "*.${MYDOMAIN}"
      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: "${ADMIN_EMAIL}"
    volumes:
      # kics-scan ignore-line
      - /var/run/docker.sock:/var/run/docker.sock:ro # So that Traefik can listen to the Docker events
      - ./traefik:/etc/traefik/
      - ${DOCKER_VOLUMES}/traefik/logs:/logs
      - ${DOCKER_VOLUMES}/traefik/letsencrypt:/letsencrypt
    ports:
      - 80:80 # HTTP
      - 443:443/tcp # HTTPS
      - 443:443/udp # HTTP/3 - QUIC
    networks:
      - proxy
    extra_hosts:
      - host.docker.internal:host-gateway
    labels:
      traefik.enable: true
      traefik.http.routers.api.rule: Host(`traefik.${MYDOMAIN}`) # Define the subdomain for the traefik dashboard
      traefik.http.routers.api.service: api@internal # Enable Traefik API
      traefik.http.routers.api.middlewares: https-local@file
      homepage.group: Infra
      homepage.name: Traefik
      homepage.icon: traefik.png
      homepage.href: https://traefik.${MYDOMAIN}/
      homepage.description: The Cloud Native Application Proxy
      homepage.widget.type: traefik
      homepage.widget.url: https://traefik.${MYDOMAIN}/

    # https://community.traefik.io/t/how-does-log-rotation-work-especially-when-running-traefik-in-container/21349
    #
    # initContainers: # Add the initContainers section
    #   - name: logrotate
    #     image: traefik:v2.10 # Use the same image as the traefik service
    #     command: ["/bin/sh", "-c"]
    #     args:
    #       - |
    #         apk add --no-cache logrotate
    #         echo '/logs/*.log {
    #             weekly
    #             rotate 4
    #             compress
    #             missingok
    #             notifempty
    #         }' > /etc/logrotate.d/traefik
    #     volumeMounts:
    #       - mountPath: /logs
    #         name: logs-volume

networks:
  proxy:
    external: true