LBP
/
ChristianLempa_Boilerplates
-ын хуулбар https://github.com/ChristianLempa/boilerplates.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
							---
kind: compose
metadata:
  name: Traefik
  description: |-
    Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
    This template sets up Traefik with automatic HTTPS using Let's Encrypt and can be integrated with Authentik for SSO.
    ## References
    - **Project:** https://traefik.io/
    - **Documentation:** https://doc.traefik.io/traefik/
    - **GitHub:** https://github.com/traefik/traefik
  version: v3.6.4
  author: Christian Lempa
  date: "2025-11-05"
  tags:
    - swarm
    - volume
  icon:
    provider: simpleicons
    id: traefikproxy
  draft: false
  next_steps: |-
    Start the `{{ service_name }}` project
    {% if swarm_enabled %}
    1. Deploy Traefik to Docker Swarm:
      `docker stack deploy -c docker-compose.yaml {{ service_name }}`
    {% else %}
    1. Copy the project directory for `{{ service_name }}` to the host.
    2. Start Traefik with Docker Compose from the project directory:
      `docker compose up -d`
    {% endif %}
schema: "1.2"
spec:
  general:
    vars:
      service_name:
        default: traefik
  ports:
    vars:
      ports_dashboard:
        description: Dashboard port (external)
        type: int
        default: 8080
        required: true
        needs: [dashboard_enabled=true]
        extra: Only used when dashboard is enabled
      ports_http:
        default: 80
        extra: Maps to entrypoint 'web'
      ports_https:
        default: 443
        extra: Maps to entrypoint 'websecure'
  traefik:
    title: Settings
    vars:
      accesslog_enabled:
        description: Enable Traefik access log
        type: bool
        default: false
      dashboard_enabled:
        description: Enable Traefik dashboard
        type: bool
        default: false
        extra: 'WARNING: Don''t use in production!'
      prometheus_enabled:
        description: Enable Prometheus metrics
        type: bool
        default: false
      security_enabled:
        description: Create production-ready security headers middleware
        type: bool
        default: true
        extra: Enables HSTS, XSS protection, frame denial, etc.
      traefik_network:
        extra: Network that Traefik uses to connect to services
      traefik_network_external:
        description: Use existing Docker network (external)
        type: bool
        default: false
  traefik_tls:
    title: TLS Settings
    vars:
      traefik_tls_acme_email:
        description: Email address for ACME
        type: str
        required: true
      traefik_tls_acme_region:
        description: AWS Region
        type: str
        default: us-east-1
        required: true
        needs: [traefik_tls_certresolver=route53]
      traefik_tls_acme_resource_group:
        description: Azure Resource Group
        type: str
        required: true
        needs: [traefik_tls_certresolver=azure]
      traefik_tls_acme_secret_key:
        description: DNS provider secret key
        type: str
        sensitive: true
        required: true
        needs: ['traefik_tls_certresolver=azure,godaddy,porkbun,route53']
        extra: AZURE_CLIENT_SECRET, GODADDY_API_SECRET, PORKBUN_SECRET_API_KEY, or AWS_SECRET_ACCESS_KEY
      traefik_tls_acme_subscription_id:
        description: Azure Subscription ID
        type: str
        required: true
        needs: [traefik_tls_certresolver=azure]
      traefik_tls_acme_tenant_id:
        description: Azure Tenant ID
        type: str
        required: true
        needs: [traefik_tls_certresolver=azure]
      traefik_tls_acme_token:
        description: DNS provider API token
        type: str
        sensitive: true
        required: true
        needs: ['traefik_tls_certresolver=cloudflare,digitalocean,godaddy,namecheap,porkbun']
        extra: CF_DNS_API_TOKEN, DO_AUTH_TOKEN, GODADDY_API_KEY, NAMECHEAP_API_KEY, or PORKBUN_API_KEY
      traefik_tls_acme_username:
        description: Namecheap API username
        type: str
        required: true
        needs: [traefik_tls_certresolver=namecheap]
      traefik_tls_certresolver:
        description: ACME DNS challenge provider
        options: [cloudflare, porkbun, godaddy, digitalocean, route53, azure, namecheap]
        extra: DNS provider for domain validation
      traefik_tls_enabled:
        description: Enable HTTPS/TLS with ACME
        default: false
      traefik_tls_min_version:
        description: Minimum TLS version
        type: enum
        options: [VersionTLS12, VersionTLS13]
        extra: TLS 1.2 is recommended for compatibility, TLS 1.3 for maximum security
      traefik_tls_redirect:
        description: Redirect all HTTP traffic to HTTPS
        type: bool
        default: true
      traefik_tls_secure_ciphers:
        description: Enable strict cipher suites (recommended)
        type: bool
        extra: Enforces modern, secure cipher suites
      traefik_tls_skipverify:
        description: Skip TLS verification for backend servers
        type: bool
        extra: 'WARNING: Only enable for self-signed certificates in trusted environments'