devops/docker-compose/traefik/compose.yml

services:
  # For routing external http / https requests
  traefik:
    image: ${TREFIK_IMAGE}
    container_name: ${TREFIK_CONTAINER_NAME}
    hostname: ${TREFIK_HOST_NAME}
    ports:
      - 80:80
      - 443:443
    networks:
      - proxy
    restart: always
    logging:
      options:
        max-size: "50M"
        max-file: "3"    
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.admin-auth.basicauth.users=${TRAEFIK_BASIC_AUTH}
      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
      - traefik.http.routers.traefik-public-http.rule=Host(`${TRAEFIK_URL}`)
      - traefik.http.routers.traefik-public-http.entrypoints=http
      - traefik.http.routers.traefik-public-http.middlewares=https-redirect
      - traefik.http.routers.traefik-public-https.rule=Host(`${TRAEFIK_URL}`)
      - traefik.http.routers.traefik-public-https.entrypoints=https
      - traefik.http.routers.traefik-public-https.tls=true
      - traefik.http.routers.traefik-public-https.service=api@internal
      - traefik.http.routers.traefik-public-https.tls.certresolver=letsEncrypt
      - traefik.http.routers.traefik-public-https.middlewares=admin-auth
      - traefik.http.services.traefik-public.loadbalancer.server.port=8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /data/${CI_PROJECT_NAME}/traefik/traefik-public-certificates:/certificates
      - /data/${CI_PROJECT_NAME}/traefik/tmp:/tmp
    command:
      - --global.checkNewVersion=true
      - --serversTransport.insecureSkipVerify=true
      - --api.dashboard=true
      - --log.level=DEBUG
      - --log.filePath=/tmp/traefik.log
      - --log.maxSize=10
      - --log.maxBackups=2
      - --log.maxAge=1
      - --log.compress=true
      - --accesslog.addInternals=true
      - --accesslog.filePath=/tmp/access.log
      - --accesslog.bufferingSize=1000
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --entryPoints.http.address=:80
      - --entryPoints.http.transport.respondingTimeouts.readTimeout=0s
      - --entryPoints.http.http.encodeQuerySemicolons=true
      - --entryPoints.http.http.redirections.entryPoint.to=https
      - --entryPoints.http.http.redirections.entryPoint.scheme=https
      - --entryPoints.https.address=:443
      - --entryPoints.https.transport.respondingTimeouts.readTimeout=0s
      - --entryPoints.https.http.encodeQuerySemicolons=true
      - --certificatesresolvers.letsEncrypt.acme.email=${TRAEFIK_EMAIL}
      - --certificatesresolvers.letsEncrypt.acme.storage=/certificates/acme.json
      - --certificatesresolvers.letsEncrypt.acme.tlschallenge=true
      - --certificatesresolvers.letsEncrypt.acme.httpchallenge=true
      - --certificatesresolvers.letsEncrypt.acme.httpchallenge.entrypoint=http
networks:
  proxy:
    name: proxy
    external: true