| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288 |
- kind: compose
- metadata:
- name: Traefik
- description: 'Traefik is a modern HTTP reverse proxy and load balancer that makes
- deploying microservices easy.
- This template sets up Traefik with automatic HTTPS using Let''s Encrypt and can
- be integrated with Authentik for SSO.
- ## References
- - **Project:** https://traefik.io/
- - **Documentation:** https://doc.traefik.io/traefik/
- - **GitHub:** https://github.com/traefik/traefik'
- version: v3.6.8
- author: Christian Lempa
- date: '2026-02-11'
- tags:
- - swarm
- - volume
- icon:
- provider: simpleicons
- id: traefikproxy
- draft: false
- next_steps: "Start the `{{ service_name }}` project\n{% if swarm_enabled %}\n1.\
- \ Deploy Traefik to Docker Swarm:\n `docker stack deploy -c compose.yaml {{ service_name\
- \ }}`\n{% else %}\n1. Copy the project directory for `{{ service_name }}` to the\
- \ host.\n2. Start Traefik with Docker Compose from the project directory:\n `docker\
- \ compose up -d`\n{% endif %}"
- schema: '1.2'
- spec:
- general:
- vars:
- service_name:
- default: traefik
- container_name:
- type: str
- container_hostname:
- type: str
- container_timezone:
- type: str
- container_loglevel:
- type: enum
- options:
- - debug
- - info
- - warn
- - error
- restart_policy:
- type: enum
- options:
- - unless-stopped
- - always
- - on-failure
- - 'no'
- default: unless-stopped
- required: true
- ports:
- vars:
- ports_dashboard:
- description: Dashboard port (external)
- type: int
- default: 8080
- required: true
- needs:
- - dashboard_enabled=true
- extra: Only used when dashboard is enabled
- ports_http:
- default: 80
- extra: Maps to entrypoint 'web'
- ports_https:
- default: 443
- extra: Maps to entrypoint 'websecure'
- traefik:
- title: Settings
- vars:
- accesslog_enabled:
- description: Enable Traefik access log
- type: bool
- default: false
- dashboard_enabled:
- description: Enable Traefik dashboard
- type: bool
- default: false
- extra: 'WARNING: Don''t use in production!'
- prometheus_enabled:
- description: Enable Prometheus metrics
- type: bool
- default: false
- security_enabled:
- description: Create production-ready security headers middleware
- type: bool
- default: true
- extra: Enables HSTS, XSS protection, frame denial, etc.
- traefik_network:
- extra: Network that Traefik uses to connect to services
- traefik_network_external:
- description: Use existing Docker network (external)
- type: bool
- default: false
- toggle: dashboard_enabled
- description: Configure Traefik features and settings
- traefik_tls:
- title: TLS Settings
- toggle: traefik_tls_enabled
- vars:
- traefik_tls_enabled:
- description: Enable HTTPS/TLS with ACME
- type: bool
- default: false
- traefik_tls_certresolver:
- description: ACME DNS challenge provider
- type: str
- options:
- - cloudflare
- - porkbun
- - godaddy
- - digitalocean
- - route53
- - azure
- - namecheap
- - ovh
- default: cloudflare
- required: true
- needs:
- - traefik_tls_enabled=true
- extra: DNS provider for domain validation
- traefik_tls_acme_email:
- description: Email address for ACME
- type: str
- required: true
- needs:
- - traefik_tls_enabled=true
- traefik_tls_acme_endpoint:
- description: OVH API endpoint
- type: str
- default: ovh-eu
- required: false
- needs:
- - traefik_tls_enabled=true
- - traefik_tls_certresolver=ovh
- extra: Common values are ovh-eu, ovh-ca, ovh-us
- traefik_tls_acme_region:
- description: AWS Region
- type: str
- default: us-east-1
- required: true
- needs:
- - traefik_tls_enabled=true
- - traefik_tls_certresolver=route53
- traefik_tls_acme_resource_group:
- description: Azure Resource Group
- type: str
- required: true
- needs:
- - traefik_tls_enabled=true
- - traefik_tls_certresolver=azure
- traefik_tls_acme_secret_key:
- description: DNS provider secret key
- type: str
- sensitive: true
- required: true
- needs:
- - traefik_tls_enabled=true
- - traefik_tls_certresolver=azure,godaddy,ovh,porkbun,route53
- extra: AZURE_CLIENT_SECRET, GODADDY_API_SECRET, OVH_APPLICATION_SECRET, PORKBUN_SECRET_API_KEY, or AWS_SECRET_ACCESS_KEY
- traefik_tls_acme_subscription_id:
- description: Azure Subscription ID
- type: str
- required: true
- needs:
- - traefik_tls_enabled=true
- - traefik_tls_certresolver=azure
- traefik_tls_acme_tenant_id:
- description: Azure Tenant ID
- type: str
- required: true
- needs:
- - traefik_tls_enabled=true
- - traefik_tls_certresolver=azure
- traefik_tls_acme_token:
- description: DNS provider API token
- type: str
- sensitive: true
- required: true
- needs:
- - traefik_tls_enabled=true
- - traefik_tls_certresolver=cloudflare,digitalocean,godaddy,namecheap,ovh,porkbun
- extra: CF_DNS_API_TOKEN, DO_AUTH_TOKEN, GODADDY_API_KEY, NAMECHEAP_API_KEY, OVH_APPLICATION_KEY, or PORKBUN_API_KEY
- traefik_tls_acme_username:
- description: Namecheap API username
- type: str
- required: true
- needs:
- - traefik_tls_enabled=true
- - traefik_tls_certresolver=namecheap
- traefik_tls_acme_consumer_key:
- description: OVH Consumer Key
- type: str
- sensitive: true
- required: true
- needs:
- - traefik_tls_enabled=true
- - traefik_tls_certresolver=ovh
- traefik_tls_redirect:
- description: Redirect all HTTP traffic to HTTPS
- type: bool
- default: true
- needs:
- - traefik_tls_enabled=true
- traefik_tls_secure_ciphers:
- description: Enable strict cipher suites (recommended)
- type: bool
- default: false
- needs:
- - traefik_tls_enabled=true
- extra: Enforces modern, secure cipher suites
- traefik_tls_skipverify:
- description: Skip TLS verification for backend servers
- type: bool
- default: false
- needs:
- - traefik_tls_enabled=true
- extra: 'WARNING: Only enable for self-signed certificates in trusted environments'
- volume:
- vars:
- volume_mode:
- type: enum
- options:
- - local
- - mount
- - nfs
- default: local
- required: true
- volume_mount_path:
- type: str
- default: /mnt/storage
- needs:
- - volume_mode=mount
- required: true
- volume_nfs_server:
- type: str
- default: 192.168.1.1
- needs:
- - volume_mode=nfs
- required: true
- volume_nfs_path:
- type: str
- default: /export
- needs:
- - volume_mode=nfs
- required: true
- volume_nfs_options:
- type: str
- default: rw,nolock,soft
- needs:
- - volume_mode=nfs
- required: true
- swarm:
- title: Docker Swarm
- toggle: swarm_enabled
- vars:
- swarm_placement_mode:
- type: enum
- options:
- - replicated
- - global
- default: replicated
- required: true
- swarm_replicas:
- type: int
- default: 1
- needs:
- - swarm_placement_mode=replicated
- required: true
- swarm_placement_host:
- type: str
- description: Target hostname for placement constraint
- default: ''
- needs:
- - swarm_placement_mode=replicated
- extra: Constrains service to run on specific node by hostname
- swarm_enabled:
- type: bool
- default: false
- description: Enable Docker Swarm mode
|
