services: traefik: image: traefik:v2.5 command: - --api.insecure=true - --providers.docker=true - --entrypoints.web.address=:80 - --entrypoints.websecure.address=:443 - --certificatesresolvers.letsencrypt.acme.email=jonathan763@hotmail.com - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json - --certificatesresolvers.letsencrypt.acme.tlschallenge=true - --providers.file.filename=/etc/traefik/traefik_dynamic_config.yml labels: # Define the secure headers middleware - "traefik.http.middlewares.secure-headers.headers.sslredirect=true" - "traefik.http.middlewares.secure-headers.headers.framedeny=true" - "traefik.http.middlewares.secure-headers.headers.stsincludesubdomains=true" - "traefik.http.middlewares.secure-headers.headers.stspreload=true" - "traefik.http.middlewares.secure-headers.headers.stsseconds=63072000" - "traefik.http.middlewares.secure-headers.headers.contenttypenosniff=true" - "traefik.http.middlewares.secure-headers.headers.accesscontrolallowmethods=GET,POST" - "traefik.http.middlewares.secure-headers.headers.accesscontrolalloworiginlist=foobar.com" - "traefik.http.middlewares.secure-headers.headers.accesscontrolmaxage=100" - "traefik.http.middlewares.secure-headers.headers.addvaryheader=true" - "traefik.http.middlewares.secure-headers.headers.contentsecuritypolicy=script-src 'self'" - "traefik.http.middlewares.secure-headers.headers.referrerpolicy=origin-when-cross-origin" ports: - "8080:8080" - "80:80" - "443:443" volumes: - ./letsencrypt:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock - ./traefik_dynamic_config.yml:/etc/traefik/traefik_dynamic_config.yml:ro networks: - traefik_default restart: always nginx1: image: nginx:latest container_name: nginx1 labels: - "traefik.enable=true" - "traefik.http.routers.nginx1.rule=Host(`test1.cloche.ca`)" - "traefik.http.routers.nginx1.entrypoints=websecure" - "traefik.http.routers.nginx1.tls.certresolver=letsencrypt" restart: always networks: - traefik_default networks: traefik_default: external: false vlan2: external: true