HomeAudit/stacks/core/traefik.yml

version: '3.9'

services:
  traefik:
    image: traefik:v2.10
    user: "0:0"  # Run as root to ensure Docker socket access
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.swarmMode=true
      - --providers.docker.endpoint=tcp://172.17.0.1:2375
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --api.dashboard=true
      - --api.insecure=false
      - --log.level=INFO
      - --accesslog=true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:rw
      - traefik_letsencrypt:/letsencrypt
      - traefik_logs:/logs
    networks:
      - traefik-public
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    deploy:
      placement:
        constraints:
          - node.role == manager
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M
      labels:
        - traefik.enable=true
        - traefik.http.routers.dashboard.rule=Host(`traefik.localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
        - traefik.http.routers.dashboard.service=api@internal
        - traefik.http.routers.dashboard.entrypoints=websecure
        - traefik.http.routers.dashboard.tls=true
        - traefik.http.routers.dashboard.middlewares=auth
        - traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$10$$xvzBkbKKvRX.jGG6F7L.ReEMyEx.7BkqNGQO2rFt/1aBgx8jPElXW
        - traefik.http.services.dummy-svc.loadbalancer.server.port=9999

volumes:
  traefik_letsencrypt:
    driver: local
  traefik_logs:
    driver: local

networks:
  traefik-public:
    external: true