11version : ' 3.8'
22
3+ x-env : &env
4+ env_file : .env
5+ environment :
6+ - TZ=${TZ}
7+
38services :
4- # Traefik - reverse proxy with dashboard
59 traefik :
610 image : traefik:v2.10
7- container_name : traefik
8- command :
11+ command :
912 - " --api.insecure=false"
1013 - " --providers.docker=true"
1114 - " --providers.docker.exposedbydefault=false"
1215 - " --entrypoints.web.address=:80"
1316 - " --entrypoints.websecure.address=:443"
14- - " --entrypoints.dashboard.address=:8082 "
15- # Enable automatic HTTPS with Let's Encrypt
17+ - " --entrypoints.dashboard.address=:${DASHBOARD_PORT} "
18+ # Let's Encrypt configuration
1619 - " --certificatesresolvers.leresolver.acme.httpchallenge=true"
1720 - " --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=web"
18- -
" --certificatesresolvers.leresolver.acme.email=[email protected] " 21+ - " --certificatesresolvers.leresolver.acme.email=${LETSENCRYPT_EMAIL} "
1922 - " --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json"
2023 # Enable dashboard
2124 - " --api.dashboard=true"
2225 # Use podman network
23- - " --providers.docker.network=prod_network "
26+ - " --providers.docker.network=podman "
2427 ports :
25- - " 8081 :80" # HTTP traffic (mapped from 80 to 8081)
26- - " 8443 :443" # HTTPS traffic (mapped from 443 to 8443)
27- - " 8082:8080 " # Dashboard - should be restricted in production
28+ - " ${HTTP_PORT} :80" # HTTP
29+ - " ${HTTPS_PORT} :443" # HTTPS
30+ - " ${DASHBOARD_PORT}:${DASHBOARD_PORT} " # Dashboard
2831 volumes :
29- - " /var/ run/docker .sock:/var/run/docker.sock:ro"
32+ - " /run/user/1000/podman/podman .sock:/var/run/docker.sock:ro"
3033 - " ./letsencrypt:/letsencrypt"
3134 - " ./traefik/traefik.log:/traefik.log"
32- - " ./traefik/access.log:/access.log"
3335 environment :
34- - TZ=Europe/Warsaw
35- restart : unless-stopped
36+ - DOCKER_HOST=unix:///var/run/docker.sock
37+ - TZ=${TZ}
3638 networks :
37- - prod_network
39+ - podman
40+ restart : unless-stopped
3841 labels :
3942 - " traefik.enable=true"
4043 # Dashboard protection
41- - " traefik.http.routers.dashboard.rule=Host(`traefik.devopsterminal.com `)"
44+ - " traefik.http.routers.dashboard.rule=Host(`${TRAEFIK_SUBDOMAIN}.${DOMAIN} `)"
4245 - " traefik.http.routers.dashboard.service=api@internal"
4346 - " traefik.http.routers.dashboard.entrypoints=websecure"
4447 - " traefik.http.routers.dashboard.tls.certresolver=leresolver"
4548 - " traefik.http.routers.dashboard.middlewares=auth"
46- # Basic auth for dashboard (user:admin, password:changeme)
47- - " traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$05$$5HXxP9X8wJqTgYz5jK5u8uJq5VZ5QkXJ5zQ9X8wJqTgYz5jK5u8uJ "
49+ # Basic auth for dashboard
50+ - " traefik.http.middlewares.auth.basicauth.users=${TRAEFIK_BASIC_AUTH} "
4851
49- # Project 1 Service
5052 projekt1 :
5153 build : ./projekt1
52- container_name : projekt1
53- restart : unless-stopped
5454 networks :
55- - prod_network
55+ - podman
56+ expose :
57+ - 5000
58+ environment :
59+ - FLASK_ENV=production
60+ restart : unless-stopped
5661 labels :
5762 - " traefik.enable=true"
58- # Main domain
59- - " traefik.http.routers.projekt1.rule=Host(`projekt1.devopsterminal.com`)"
63+ - " traefik.http.routers.projekt1.rule=Host(`${PROJEKT1_SUBDOMAIN}.${DOMAIN}`)"
6064 - " traefik.http.routers.projekt1.entrypoints=websecure"
6165 - " traefik.http.routers.projekt1.tls.certresolver=leresolver"
6266 - " traefik.http.services.projekt1.loadbalancer.server.port=5000"
6367 # Redirect HTTP to HTTPS
64- - " traefik.http.routers.projekt1-http.rule=Host(`projekt1.devopsterminal.com `)"
68+ - " traefik.http.routers.projekt1-http.rule=Host(`${PROJEKT1_SUBDOMAIN}.${DOMAIN} `)"
6569 - " traefik.http.routers.projekt1-http.entrypoints=web"
6670 - " traefik.http.routers.projekt1-http.middlewares=redirect-to-https@docker"
67- environment :
68- - FLASK_ENV=production
6971
70- # Project 2 Service
7172 projekt2 :
7273 build : ./projekt2
73- container_name : projekt2
74- restart : unless-stopped
7574 networks :
76- - prod_network
75+ - podman
76+ expose :
77+ - 5000
78+ environment :
79+ - FLASK_ENV=production
80+ restart : unless-stopped
7781 labels :
7882 - " traefik.enable=true"
79- # Main domain
80- - " traefik.http.routers.projekt2.rule=Host(`projekt2.devopsterminal.com`)"
83+ - " traefik.http.routers.projekt2.rule=Host(`${PROJEKT2_SUBDOMAIN}.${DOMAIN}`)"
8184 - " traefik.http.routers.projekt2.entrypoints=websecure"
8285 - " traefik.http.routers.projekt2.tls.certresolver=leresolver"
8386 - " traefik.http.services.projekt2.loadbalancer.server.port=5000"
8487 # Redirect HTTP to HTTPS
85- - " traefik.http.routers.projekt2-http.rule=Host(`projekt2.devopsterminal.com `)"
88+ - " traefik.http.routers.projekt2-http.rule=Host(`${PROJEKT2_SUBDOMAIN}.${DOMAIN} `)"
8689 - " traefik.http.routers.projekt2-http.entrypoints=web"
8790 - " traefik.http.routers.projekt2-http.middlewares=redirect-to-https@docker"
88- environment :
89- - FLASK_ENV=production
9091
9192 # Global redirect middleware
9293 traefik-http-redirect :
@@ -95,13 +96,13 @@ services:
9596 volumes :
9697 - ./traefik/redirect.toml:/etc/traefik/redirect.toml
9798 networks :
98- - prod_network
99+ - podman
99100 labels :
100101 - " traefik.enable=true"
101102 - " traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
102103 - " traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
103104
104105networks :
105- prod_network :
106- name : prod_network
107- external : false
106+ podman :
107+ name : podman
108+ external : true
0 commit comments