LBP
/
ChristianLempa_Boilerplates
зеркало из https://github.com/ChristianLempa/boilerplates.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139
							---
kind: compose
metadata:
  name: Traefik
  description: |-
    Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
    This template sets up Traefik with automatic HTTPS using Let's Encrypt and can be integrated with Authentik for SSO.
    ## References
    - **Project:** https://traefik.io/
    - **Documentation:** https://doc.traefik.io/traefik/
    - **GitHub:** https://github.com/traefik/traefik
  version: v3.6.5
  author: Christian Lempa
  date: '2025-12-17'
  tags:
    - swarm
    - volume
  icon:
    provider: simpleicons
    id: traefikproxy
  draft: false
spec:
  general:
    vars:
      service_name:
        default: traefik
  ports:
    vars:
      ports_dashboard:
        description: Dashboard port (external)
        type: int
        default: 8080
        required: true
        needs: [dashboard_enabled=true]
        extra: Only used when dashboard is enabled
      ports_http:
        default: 80
        extra: Maps to entrypoint 'web'
      ports_https:
        default: 443
        extra: Maps to entrypoint 'websecure'
  traefik:
    title: Settings
    vars:
      accesslog_enabled:
        description: Enable Traefik access log
        type: bool
        default: false
      dashboard_enabled:
        description: Enable Traefik dashboard
        type: bool
        default: false
        extra: 'WARNING: Don''t use in production!'
      prometheus_enabled:
        description: Enable Prometheus metrics
        type: bool
        default: false
      security_enabled:
        description: Create production-ready security headers middleware
        type: bool
        default: true
        extra: Enables HSTS, XSS protection, frame denial, etc.
      traefik_network:
        extra: Network that Traefik uses to connect to services
      traefik_network_external:
        description: Use existing Docker network (external)
        type: bool
        default: false
  traefik_tls:
    title: TLS Settings
    vars:
      traefik_tls_acme_email:
        description: Email address for ACME
        type: str
        required: true
      traefik_tls_acme_region:
        description: AWS Region
        type: str
        default: us-east-1
        required: true
        needs: [traefik_tls_certresolver=route53]
      traefik_tls_acme_resource_group:
        description: Azure Resource Group
        type: str
        required: true
        needs: [traefik_tls_certresolver=azure]
      traefik_tls_acme_secret_key:
        description: DNS provider secret key
        type: secret
        required: true
        needs: ['traefik_tls_certresolver=azure,godaddy,porkbun,route53']
        extra: AZURE_CLIENT_SECRET, GODADDY_API_SECRET, PORKBUN_SECRET_API_KEY, or AWS_SECRET_ACCESS_KEY
      traefik_tls_acme_subscription_id:
        description: Azure Subscription ID
        type: str
        required: true
        needs: [traefik_tls_certresolver=azure]
      traefik_tls_acme_tenant_id:
        description: Azure Tenant ID
        type: str
        required: true
        needs: [traefik_tls_certresolver=azure]
      traefik_tls_acme_token:
        description: DNS provider API token
        type: secret
        required: true
        needs: ['traefik_tls_certresolver=cloudflare,digitalocean,godaddy,namecheap,porkbun']
        extra: CF_DNS_API_TOKEN, DO_AUTH_TOKEN, GODADDY_API_KEY, NAMECHEAP_API_KEY, or PORKBUN_API_KEY
      traefik_tls_acme_username:
        description: Namecheap API username
        type: str
        required: true
        needs: [traefik_tls_certresolver=namecheap]
      traefik_tls_certresolver:
        description: ACME DNS challenge provider
        config:
          options: [cloudflare, porkbun, godaddy, digitalocean, route53, azure, namecheap]
        extra: DNS provider for domain validation
      traefik_tls_enabled:
        description: Enable HTTPS/TLS with ACME
        default: false
      traefik_tls_min_version:
        description: Minimum TLS version
        type: enum
        config:
          options: [VersionTLS12, VersionTLS13]
        extra: TLS 1.2 is recommended for compatibility, TLS 1.3 for maximum security
      traefik_tls_redirect:
        description: Redirect all HTTP traffic to HTTPS
        type: bool
        default: true
      traefik_tls_secure_ciphers:
        description: Enable strict cipher suites (recommended)
        type: bool
        extra: Enforces modern, secure cipher suites
      traefik_tls_skipverify:
        description: Skip TLS verification for backend servers
        type: bool
        extra: 'WARNING: Only enable for self-signed certificates in trusted environments'