-
Notifications
You must be signed in to change notification settings - Fork 20
/
docker-compose.proxy-services.yml
executable file
·61 lines (61 loc) · 2.2 KB
/
docker-compose.proxy-services.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
version: "3.7"
services:
fail2ban:
container_name: fail2ban
image: crazymax/fail2ban:latest
restart: always
network_mode: "host"
depends_on:
- "pihole"
cap_add:
- NET_ADMIN
- NET_RAW
volumes:
#this needs to read the traefik log
- ${USERDIR}/traefik/log:/var/log:ro
- ${USERDIR}/fail2ban/data:/data
traefik:
hostname: traefik
image: traefik:maroilles
container_name: traefik
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
# create these toml files first
- ${USERDIR}/traefik/traefik.toml:/etc/traefik/traefik.toml:ro
- ${USERDIR}/traefik/rules.toml:/etc/traefik/rules.toml:ro
- ${USERDIR}/traefik/acme:/etc/traefik/acme
- ${USERDIR}/shared:/shared
- ${USERDIR}/traefik/log:/var/log
ports:
- "80:80"
- "443:443"
#- "8090:8080"
networks:
- default
- traefik_proxy
environment:
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- CLOUDFLARE_API_KEY=${CLOUDFLARE_API_KEY}
command:
- --web
- --accessLog.filePath=/var/log/access.log
- --accessLog.filters.statusCodes=400-499
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik.${DOMAINNAME}"
- "traefik.frontend.auth.basic: ${HTTP_USERNAME}:${HTTP_PASSWORD}"
- "traefik.port=8080"
- "traefik.docker.network=traefik_proxy"
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=${DOMAINNAME}.com"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
- "traefik.frontend.headers.contentSecurityPolicy=upgrade-insecure-requests"
- "traefik.frontend.headers.customResponseHeaders=X-Robots-Tag:noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"