environment/docker-compose.yml at main · blumilksoftware/environment · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
networks:
  traefik-proxy-network:
    name: ${TRAEFIK_NETWORK_NAME}
    ipam:
      config:
        - subnet: ${NETWORK_SUBNET}

volumes:
  portainer-data-volume:
    name: ${PORTAINER_VOLUME_NAME}

services:
  traefik-proxy-service:
    image: traefik:v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec
    container_name: ${TRAEFIK_CONTAINER_NAME}
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "${TRAEFIK_CUSTOM_LABEL_NAME}=true"
      # HTTP
      - "traefik.http.routers.${TRAEFIK_HTTP_ROUTER_NAME}.rule=Host(`${TRAEFIK_DASHBOARD_SUBDOMAIN}.${TLD}`)"
      - "traefik.http.routers.${TRAEFIK_HTTP_ROUTER_NAME}.service=api@internal"
      - "traefik.http.routers.${TRAEFIK_HTTP_ROUTER_NAME}.entrypoints=web"
      # HTTPS
      - "traefik.http.routers.${TRAEFIK_HTTPS_ROUTER_NAME}.rule=Host(`${TRAEFIK_DASHBOARD_SUBDOMAIN}.${TLD}`)"
      - "traefik.http.routers.${TRAEFIK_HTTPS_ROUTER_NAME}.service=api@internal"
      - "traefik.http.routers.${TRAEFIK_HTTPS_ROUTER_NAME}.entrypoints=websecure"
      - "traefik.http.routers.${TRAEFIK_HTTPS_ROUTER_NAME}.tls=true"
    networks:
      traefik-proxy-network:
        ipv4_address: ${TRAEFIK_IP}
    expose:
      - 80 # web entrypoint
      - 443 # websecure entrypoint
    ports:
      - ${TRAEFIK_REDIRECT_ENTRYPOINT_HOST_PORT}:301 # redirect-301 entrypoint
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # static config file
      - ./traefik/config/static/traefik.yml:/etc/traefik/traefik.yml
      # dynamic config directory
      - ./traefik/config/dynamic:/etc/traefik/config/dynamic
      # self-signed certificates
      - ./traefik/certs:/certs

  portainer-service:
    image: portainer/portainer-ce:2.40.0@sha256:df76590a901e47010977ffe277473908350e13042ac304bbac0798649c63b937
    container_name: ${PORTAINER_CONTAINER_NAME}
    restart: unless-stopped
    command:
      - --admin-password-file
      - /tmp/portainer-admin-password-file
    labels:
      - "traefik.enable=true"
      - "${TRAEFIK_CUSTOM_LABEL_NAME}=true"
      # HTTP
      - "traefik.http.routers.${PORTAINER_TRAEFIK_HTTP_ROUTER_NAME}.rule=Host(`${PORTAINER_DASHBOARD_SUBDOMAIN}.${TLD}`)"
      - "traefik.http.routers.${PORTAINER_TRAEFIK_HTTP_ROUTER_NAME}.entrypoints=web"
      # HTTPS
      - "traefik.http.routers.${PORTAINER_TRAEFIK_HTTPS_ROUTER_NAME}.rule=Host(`${PORTAINER_DASHBOARD_SUBDOMAIN}.${TLD}`)"
      - "traefik.http.routers.${PORTAINER_TRAEFIK_HTTPS_ROUTER_NAME}.entrypoints=websecure"
      - "traefik.http.routers.${PORTAINER_TRAEFIK_HTTPS_ROUTER_NAME}.tls=true"
      # LOADBALANCER
      - "traefik.http.services.${PORTAINER_TRAEFIK_SERVICE}.loadbalancer.server.port=9000"
    networks:
      - traefik-proxy-network
    expose:
      - 9000
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer-data-volume:/data
      - ./portainer/portainer-admin-password-file:/tmp/portainer-admin-password-file

  dnsmasq-blumilk-local-service:
    image: dockurr/dnsmasq:2.92@sha256:e84feecd6551b586cf86f830f111ef36c399b0ca26a9bb6dae4a8ceb11626373
    container_name: ${DNSMASQ_CONTAINER_NAME}
    restart: unless-stopped
    networks:
      traefik-proxy-network:
        ipv4_address: ${DNS_IP}
    expose:
      - 53/tcp
      - 53/udp
    volumes:
      - ./dns/dnsmasq/dnsmasq.d/:/etc/dnsmasq.d/