-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.https.yml
61 lines (50 loc) · 2.12 KB
/
docker-compose.https.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
version: "3.8"
services:
# Reverse proxy
traefik:
# Static configuration of Traefik
environment:
# Entrypoints
- TRAEFIK_ENTRYPOINTS_websecure_ADDRESS=:443
# Catch-all redirection from http to https
- TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=websecure
- TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME=https
# TLS certificate through Let's Encrypt
- TRAEFIK_CERTIFICATESRESOLVERS_leresolver=true
- TRAEFIK_CERTIFICATESRESOLVERS_leresolver_ACME_EMAIL=${PONTOS_ACME_EMAIL}
- TRAEFIK_CERTIFICATESRESOLVERS_leresolver_ACME_HTTPCHALLENGE=true
- TRAEFIK_CERTIFICATESRESOLVERS_leresolver_ACME_HTTPCHALLENGE_ENTRYPOINT=web
- TRAEFIK_CERTIFICATESRESOLVERS_leresolver_ACME_STORAGE=/letsencrypt/acme.json
#- TRAEFIK_CERTIFICATESRESOLVERS_leresolver_ACME_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory
ports:
- "${PONTOS_HUB_HTTPS_PORT:-443}:443"
volumes:
- vol-traefik-letsencrypt:/letsencrypt
# MQTT broker
emqx:
labels:
- "traefik.http.routers.emqx-ws.entryPoints=websecure"
- "traefik.http.routers.emqx-ws.rule=Host(`${PONTOS_HOST}`) && PathPrefix(`/mqtt`)"
- "traefik.http.routers.emqx-ws.tls.certresolver=leresolver"
# REST api
api:
environment:
- PGRST_OPENAPI_SERVER_PROXY_URI=https://${PONTOS_HOST}/api
labels:
- "traefik.http.routers.postgrest.entryPoints=websecure"
- "traefik.http.routers.postgrest.rule=Host(`${PONTOS_HOST}`) && PathPrefix(`/api`)"
- "traefik.http.routers.postgrest.tls.certresolver=leresolver"
# REST api
swagger:
labels:
- "traefik.http.routers.swagger.entryPoints=websecure"
- "traefik.http.routers.swagger.rule=Host(`${PONTOS_HOST}`) && PathPrefix(`/api/docs`)"
- "traefik.http.routers.swagger.tls.certresolver=leresolver"
# JWT issuer
jwt:
labels:
- "traefik.http.routers.jwt.entryPoints=websecure"
- "traefik.http.routers.jwt.rule=Host(`${PONTOS_HOST}`) && PathPrefix(`/token`)"
- "traefik.http.routers.jwt.tls.certresolver=leresolver"
volumes:
vol-traefik-letsencrypt: