archetecture security fix
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:latest
|
||||
command:
|
||||
- --api.dashboard=false
|
||||
- --api.insecure=false
|
||||
- --providers.docker=true
|
||||
- --providers.docker.exposedbydefault=false
|
||||
- --providers.docker.network=traefik-proxy
|
||||
- --providers.file.directory=/etc/traefik/dynamic
|
||||
- --providers.file.watch=true
|
||||
- --entrypoints.web.address=:80
|
||||
- --entrypoints.websecure.address=:443
|
||||
# Docker layer uploads can legitimately take longer than Traefik's
|
||||
# default request-body read timeout. Disable the hard cutoff so registry
|
||||
# pushes are not aborted mid-upload with 499 errors.
|
||||
- --entrypoints.websecure.transport.respondingTimeouts.readTimeout=0
|
||||
- --entrypoints.websecure.transport.respondingTimeouts.writeTimeout=0
|
||||
- --entrypoints.websecure.transport.respondingTimeouts.idleTimeout=1800s
|
||||
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
||||
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
|
||||
- --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}
|
||||
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
volumes:
|
||||
- traefik-letsencrypt:/letsencrypt
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./dynamic:/etc/traefik/dynamic:ro
|
||||
networks:
|
||||
- traefik-proxy
|
||||
networks:
|
||||
traefik-proxy:
|
||||
external: true
|
||||
volumes:
|
||||
traefik-letsencrypt:
|
||||
Reference in New Issue
Block a user