version: '3.9' services: traefik: image: traefik:v2.10 user: "0:0" # Run as root to ensure Docker socket access command: - --providers.docker=true - --providers.docker.exposedbydefault=false - --providers.docker.swarmMode=true - --providers.docker.endpoint=tcp://172.17.0.1:2375 - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https - --api.dashboard=true - --api.insecure=false - --log.level=INFO - --accesslog=true # Let's Encrypt configuration for DuckDNS - --certificatesresolvers.letsencrypt.acme.email=admin@pressmess.duckdns.org - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web # Security settings - --global.checknewversion=false - --global.sendanonymoususage=false volumes: - /var/run/docker.sock:/var/run/docker.sock:rw - traefik_letsencrypt:/letsencrypt - traefik_logs:/logs networks: - traefik-public ports: - "80:80" - "443:443" - "8080:8080" deploy: placement: constraints: - node.role == manager resources: limits: memory: 512M reservations: memory: 256M labels: - traefik.enable=true - traefik.http.routers.dashboard.rule=Host(`traefik.pressmess.duckdns.org`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)) - traefik.http.routers.dashboard.service=api@internal - traefik.http.routers.dashboard.entrypoints=websecure - traefik.http.routers.dashboard.tls=true - traefik.http.routers.dashboard.tls.certresolver=letsencrypt - traefik.http.routers.dashboard.middlewares=auth - traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$10$$xvzBkbKKvRX.jGG6F7L.ReEMyEx.7BkqNGQO2rFt/1aBgx8jPElXW - traefik.http.services.dummy-svc.loadbalancer.server.port=9999 volumes: traefik_letsencrypt: driver: local traefik_logs: driver: local networks: traefik-public: external: true