docker-infrastruktur/infrastructure/docker-compose.yaml

---

version: "3.5"

networks:
    services:
        name: services

services:
    traefik:
        image: library/traefik:v2.4.5
        hostname: traefik
        networks:
            - services
        restart: unless-stopped
        command: |
            --log.level=INFO
            --api.dashboard=true
            --providers.docker=true
            --providers.docker.exposedbydefault=false
            --entrypoints.http.address=:80
            --entrypoints.https.address=:443
            --certificatesresolvers.default.acme.httpchallenge=true
            --certificatesresolvers.default.acme.httpchallenge.entrypoint=http
            --certificatesresolvers.default.acme.email=
            --certificatesresolvers.default.acme.storage=/data/acme.json            
        ports:
            - "80:80"
            - "443:443"
        volumes:
            - "/var/run/docker.sock:/var/run/docker.sock:ro"
            - "./data/traefik:/data"
        labels:
            traefik.enable: "true"
            traefik.http.routers.dashboard.rule: Host(`${INFRASTRUCTURE_DOMAIN:?INFRASTRUCTURE_DOMAIN is required}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
            traefik.http.routers.dashboard.service: api@internal
            traefik.http.routers.dashboard.tls.certresolver: default

            # http -> https
            traefik.http.routers.http2https.entrypoints: http
            traefik.http.routers.http2https.rule: PathPrefix(`/`)
            traefik.http.routers.http2https.priority: "900"
            traefik.http.routers.http2https.middlewares: http2https
            traefik.http.middlewares.http2https.redirectscheme.scheme: https