traefik-api/traefik-repo/traefik/docker-compose.yml

version: '3.7'
services:
  traefik:
    image: traefik
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    ports:
      - 80:80
      - 443:443
      # - 6443:6443
    environment:
      HETZNER_API_KEY: ${HETZNER_API_KEY}
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/custom/:/custom/:ro
      - ./data/basic.auth:/basic.auth
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
      - "traefik.http.routers.traefik.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicAuth.usersFile=/basic.auth"

      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    networks:
      - webproxy

  # api:
  #   image: vasyakrg/traefik-api:latest
  #   container_name: traefik_api
  #   restart: unless-stopped
  #   labels:
  #       - "traefik.enable=true"
  #       - "traefik.http.routers.traefik-api.entrypoints=https"
  #       - "traefik.http.routers.traefik-api.rule=Host(`${DOMAIN_API}`)"
  #       - "traefik.http.routers.traefik-api.tls=true"
  #       - "traefik.http.routers.traefik-api.tls.certresolver=letsEncrypt"
  #       - "traefik.http.services.traefik-api-service.loadbalancer.server.port=80"
  #       - "traefik.docker.network=webproxy"
  #   environment:
  #     APP_DEBUG: "true"
  #     APP_ENV: "production"
  #     APP_URL: "${DOMAIN_API}"
  #     ADMIN_TOKEN: ${ADMIN_TOKEN}
  #   volumes:
  #     - ./logs:/var/log/apache2
  #     - ./certs:/etc/letsencrypt/live/
  #   networks:
  #     - webproxy

networks:
  webproxy:
    name: webproxy