60 lines
1.9 KiB
YAML
60 lines
1.9 KiB
YAML
---
|
|
name: traefik
|
|
|
|
services:
|
|
traefik:
|
|
image: traefik:v3.6
|
|
container_name: traefik
|
|
restart: unless-stopped
|
|
network_mode: host
|
|
command:
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--providers.file.directory=/etc/traefik/dynamic"
|
|
- "--providers.file.watch=true"
|
|
volumes:
|
|
- ./dynamic:/etc/traefik/dynamic:ro
|
|
depends_on:
|
|
- external-whitelist-auth-gate
|
|
|
|
external-whitelist-auth-gate:
|
|
build:
|
|
context: ./external-whitelist-auth-gate
|
|
image: local/external-whitelist-auth-gate:1.0
|
|
container_name: external-whitelist-auth-gate
|
|
restart: unless-stopped
|
|
read_only: true
|
|
tmpfs:
|
|
- /tmp
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_drop:
|
|
- ALL
|
|
environment:
|
|
WHITELIST_URL: "https://example.com/network-whitelist.txt"
|
|
REFRESH_INTERVAL_SECONDS: "300"
|
|
BASIC_AUTH_REALM: "${EXTERNAL_WHITELIST_AUTH_REALM:-Protected Area}"
|
|
BASIC_AUTH_USER: "${EXTERNAL_WHITELIST_AUTH_USER:?set EXTERNAL_WHITELIST_AUTH_USER in .env}"
|
|
BASIC_AUTH_PASSWORD: "${EXTERNAL_WHITELIST_AUTH_PASSWORD:?set EXTERNAL_WHITELIST_AUTH_PASSWORD in .env}"
|
|
BASIC_AUTH_USER_2: "${EXTERNAL_WHITELIST_AUTH_USER_2:-}"
|
|
BASIC_AUTH_PASSWORD_2: "${EXTERNAL_WHITELIST_AUTH_PASSWORD_2:-}"
|
|
BASIC_AUTH_PASSWORD_SHA256_2: "${EXTERNAL_WHITELIST_AUTH_PASSWORD_SHA256_2:-}"
|
|
BASIC_AUTH_USER_3: "${EXTERNAL_WHITELIST_AUTH_USER_3:-}"
|
|
BASIC_AUTH_PASSWORD_3: "${EXTERNAL_WHITELIST_AUTH_PASSWORD_3:-}"
|
|
BASIC_AUTH_PASSWORD_SHA256_3: "${EXTERNAL_WHITELIST_AUTH_PASSWORD_SHA256_3:-}"
|
|
CLIENT_IP_STRATEGY: "rightmost"
|
|
ports:
|
|
- "127.0.0.1:9180:8080"
|
|
networks:
|
|
traefik_backend:
|
|
ipv4_address: 172.23.93.11
|
|
|
|
networks:
|
|
traefik_backend:
|
|
name: traefik-backend.dockernetwork.local
|
|
driver: bridge
|
|
ipam:
|
|
config:
|
|
- subnet: 172.23.93.0/24
|
|
gateway: 172.23.93.1
|