From fe15a83eb5b2d6e2e6a7bb525955f2ec7935d553 Mon Sep 17 00:00:00 2001
From: pashko <pm@pm.org.ru>
Date: Tue, 8 Jul 2025 11:20:06 +0800
Subject: [PATCH] Add docker-compose/traefik/compose.yml

---
 docker-compose/traefik/compose.yml | 69 ++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 docker-compose/traefik/compose.yml

diff --git a/docker-compose/traefik/compose.yml b/docker-compose/traefik/compose.yml
new file mode 100644
index 0000000..e3c7f03
--- /dev/null
+++ b/docker-compose/traefik/compose.yml
@@ -0,0 +1,69 @@
+services:
+  # For routing external http / https requests
+  traefik:
+    image: ${TREFIK_IMAGE}
+    container_name: ${TREFIK_CONTAINER_NAME}
+    hostname: ${TREFIK_HOST_NAME}
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - proxy
+    restart: always
+    logging:
+      options:
+        max-size: "50M"
+        max-file: "3"    
+    labels:
+      - traefik.enable=true
+      - traefik.http.middlewares.admin-auth.basicauth.users=${TRAEFIK_BASIC_AUTH}
+      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
+      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
+      - traefik.http.routers.traefik-public-http.rule=Host(`${TRAEFIK_URL}`)
+      - traefik.http.routers.traefik-public-http.entrypoints=http
+      - traefik.http.routers.traefik-public-http.middlewares=https-redirect
+      - traefik.http.routers.traefik-public-https.rule=Host(`${TRAEFIK_URL}`)
+      - traefik.http.routers.traefik-public-https.entrypoints=https
+      - traefik.http.routers.traefik-public-https.tls=true
+      - traefik.http.routers.traefik-public-https.service=api@internal
+      - traefik.http.routers.traefik-public-https.tls.certresolver=letsEncrypt
+      - traefik.http.routers.traefik-public-https.middlewares=admin-auth
+      - traefik.http.services.traefik-public.loadbalancer.server.port=8080
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /data/${CI_PROJECT_NAME}/traefik/traefik-public-certificates:/certificates
+      - /data/${CI_PROJECT_NAME}/traefik/tmp:/tmp
+    command:
+      - --global.checkNewVersion=true
+      - --serversTransport.insecureSkipVerify=true
+      - --api.dashboard=true
+      - --log.level=DEBUG
+      - --log.filePath=/tmp/traefik.log
+      - --log.maxSize=10
+      - --log.maxBackups=2
+      - --log.maxAge=1
+      - --log.compress=true
+      - --accesslog.addInternals=true
+      - --accesslog.filePath=/tmp/access.log
+      - --accesslog.bufferingSize=1000
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.endpoint=unix:///var/run/docker.sock
+      - --entryPoints.http.address=:80
+      - --entryPoints.http.transport.respondingTimeouts.readTimeout=0s
+      - --entryPoints.http.http.encodeQuerySemicolons=true
+      - --entryPoints.http.http.redirections.entryPoint.to=https
+      - --entryPoints.http.http.redirections.entryPoint.scheme=https
+      - --entryPoints.https.address=:443
+      - --entryPoints.https.transport.respondingTimeouts.readTimeout=0s
+      - --entryPoints.https.http.encodeQuerySemicolons=true
+      - --certificatesresolvers.letsEncrypt.acme.email=${TRAEFIK_EMAIL}
+      - --certificatesresolvers.letsEncrypt.acme.storage=/certificates/acme.json
+      - --certificatesresolvers.letsEncrypt.acme.tlschallenge=true
+      - --certificatesresolvers.letsEncrypt.acme.httpchallenge=true
+      - --certificatesresolvers.letsEncrypt.acme.httpchallenge.entrypoint=http
+networks:
+  proxy:
+    name: proxy
+    external: true
+