38 lines
1.5 KiB
YAML
38 lines
1.5 KiB
YAML
|
# OPTIONAL reverse proxy — use ONLY if the server has no existing proxy.
|
||
|
|
#
|
||
|
|
# !! DANGER: this binds host ports 80 and 443. If another reverse proxy
|
||
|
|
# !! (nginx / Caddy / another Traefik) is already serving the other live apps
|
||
|
|
# !! on this box, starting this WILL conflict and can take those apps offline.
|
||
|
|
# !! Check first: sudo ss -ltnp '( sport = :80 or sport = :443 )'
|
||
|
|
# !! If something already listens there, DO NOT run this. Instead add a vhost
|
||
|
|
# !! to the existing proxy pointing at 127.0.0.1:3001 (web) and 127.0.0.1:4000
|
||
|
|
# !! (api). See DEPLOY.md.
|
||
|
|
#
|
||
|
|
# Run with:
|
||
|
|
# docker compose --env-file .env -f docker-compose.traefik.yml up -d
|
||
|
|
|
||
|
|
name: buildmymcp-traefik
|
||
|
|
|
||
|
|
services:
|
||
|
|
traefik:
|
||
|
|
image: traefik:v3.2
|
||
|
|
restart: unless-stopped
|
||
|
|
network_mode: host
|
||
|
|
command:
|
||
|
|
- --providers.file.filename=/etc/traefik/dynamic.yml
|
||
|
|
- --providers.file.watch=true
|
||
|
|
- --entrypoints.web.address=:80
|
||
|
|
- --entrypoints.websecure.address=:443
|
||
|
|
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
||
|
|
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||
|
|
- --certificatesresolvers.le.acme.httpchallenge=true
|
||
|
|
- --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
|
||
|
|
- --certificatesresolvers.le.acme.email=${ACME_EMAIL:?set ACME_EMAIL in infra/traefik/.env}
|
||
|
|
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
|
||
|
|
volumes:
|
||
|
|
- ./dynamic.yml:/etc/traefik/dynamic.yml:ro
|
||
|
|
- bmm_letsencrypt:/letsencrypt
|
||
|
|
|
||
|
|
volumes:
|
||
|
|
bmm_letsencrypt:
|