init

3.RKE2/traefik/docker-compose.yml

@@ -0,0 +1,44 @@
+version: '3.9'
+services:
+  traefik:
+    image: traefik
+    container_name: traefik
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    ports:
+      - 80:80
+      - 443:443
+      - 6443:6443
+      - 9345:9345
+    extra_hosts:
+      kubernetes.default: 127.0.0.1
+    cap_add:
+      - NET_BIND_SERVICE
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./data/traefik.yml:/traefik.yml:ro
+      - ./data/custom/:/custom/:ro
+      - ./data/acme.json:/acme.json
+      - ./logs/stdout.log:/data/stdout.log:rw
+      - ./logs/access.log:/data/access.log:rw
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.entrypoints=https"
+      - "traefik.http.routers.traefik.rule=Host(`$HOSTNAME`)"
+      - "traefik.http.routers.traefik.tls=true"
+      - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      # global redirect to https
+      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=http"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+    networks:
+      - webproxy
+
+networks:
+  webproxy:
+    name: webproxy