version: '3'
services:
gateway:
image: traefik:2.1
restart: always
command:
- "--providers.docker"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
- "--certificatesResolvers.le.acme.httpchallenge=true"
- "--certificatesResolvers.le.acme.httpchallenge.entryPoint=http"
- "--certificatesResolvers.le.acme.storage=/acme/acme.json"
#- "--api.insecure=true"
ports:
- 80:80
- 443:443
# API
#- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- acme:/acme
- ./auth:/auth
registry:
restart: always
image: registry:2
environment:
REGISTRY_HTTP_SECRET: change-me
labels:
- "traefik.enable=true"
- "traefik.http.routers.http.rule=Host(`hostname-change-me`)"
- "traefik.http.routers.http.entrypoints=http"
- "traefik.http.routers.https.rule=Host(`hostname-change-me`)"
- "traefik.http.routers.https.entrypoints=https"
- "traefik.http.routers.https.tls=true"
- "traefik.http.routers.https.tls.certresolver=le"
- "traefik.http.middlewares.server-header.headers.customresponseheaders.server=docker-registry"
- "traefik.http.middlewares.redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.auth.basicauth.usersFile=/auth/passwd"
- "traefik.http.middlewares.auth.basicauth.realm=REGISTRY"
- "traefik.http.routers.http.middlewares=redirect,server-header"
- "traefik.http.routers.https.middlewares=server-header,auth"
volumes:
- registry:/var/lib/registry
# Catch-all default vhost
default:
image: nginx:stable
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.default.rule=HostRegexp(`{default:.*}`)"
- "traefik.http.routers.default.entrypoints=http"
- "traefik.http.routers.default.priority=1"
- "traefik.http.routers.default.middlewares=server-header"
volumes:
- ./default/default.conf:/etc/nginx/conf.d/default.conf
volumes:
acme:
registry:
# vim: set tabstop=2 shiftwidth=2 expandtab autoindent indentexpr= nosmartindent :