eth-docker/traefik-aws.yml at main · b0a7/eth-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
x-logging: &logging
  logging:
    driver: json-file
    options:
      max-size: 100m
      max-file: "3"
      tag: '{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}'

services:
  traefik:
    image: traefik:${TRAEFIK_TAG}
    restart: "unless-stopped"
    command:
      # - --accesslog=true
      # - --accesslog.format=json
      # - --accesslog.fields.defaultmode=keep
      # - --accesslog.fields.headers.defaultmode=keep
      # - --certificatesResolvers.letsencrypt.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
      - --log.level=${LOG_LEVEL:-info}
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=route53
      - --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
      - --entrypoints.web.address=:${TRAEFIK_WEB_HTTP_PORT}
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.websecure.address=:${TRAEFIK_WEB_PORT}
      - --metrics
      - --metrics.prometheus
      - --global.sendAnonymousUsage
    ports:
      - ${HOST_IP:-}:${TRAEFIK_WEB_PORT}:${TRAEFIK_WEB_PORT}/tcp
      - ${HOST_IP:-}:${TRAEFIK_WEB_HTTP_PORT}:${TRAEFIK_WEB_HTTP_PORT}/tcp
    environment:
      - AWS_PROFILE=${AWS_PROFILE:-}
      - AWS_HOSTED_ZONE_ID=${AWS_HOSTED_ZONE_ID}
      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - certs:/letsencrypt
      - ~/.aws:/root/.aws:ro
      - /etc/localtime:/etc/localtime:ro
    <<: *logging
    labels:
      - metrics.scrape=true
      - metrics.path=/metrics
      - metrics.port=8080
      - metrics.instance=traefik
      - metrics.network=${NETWORK}
      - logs.collect=true

  ddns:
    image: ddns-aws:local
    pull_policy: never
    build:
      context: ./traefik-utils
    restart: "unless-stopped"
    environment:
      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
      - AWS_PROFILE=${AWS_PROFILE:-}
      - AWS_REGION=${AWS_REGION:-us-east-2}
      - AWS_HOSTED_ZONE_ID=${AWS_HOSTED_ZONE_ID}
      - A_RECORD_NAME=${DDNS_SUBDOMAIN}.${DOMAIN}
      - CNAME_LIST=${CNAME_LIST:-}
      - TTL=${TTL:-300}
      - LOG_LEVEL=${LOG_LEVEL:-info}
    volumes:
      - ~/.aws:/root/.aws:ro
    healthcheck:
      test: ["CMD", "python", "-c", "import boto3; boto3.client('route53').list_hosted_zones()"]
      interval: 1m
      timeout: 5s
      retries: 3
      start_period: 10s
    <<: *logging

volumes:
  certs:

networks:
  default:
    enable_ipv6: ${IPV6:-false}