traefik.yml

version: "3.7"

services:
  proxy:
    image: traefik:2.10
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - "8080:8080"
    volumes:
      - certs:/letsencrypt
      - logs:/srv/logs:rw
    deploy:
      placement:
        constraints: [node.role==manager]
      labels:
        traefik.enable: "true"
        traefik.http.routers.api.entrypoints: http, https
        traefik.http.routers.api.rule: Host(`${DOMAIN_TRAEFIK:?err}`)
        traefik.http.routers.api.middlewares: ipwhitelist
        traefik.http.routers.api.service: api@internal
        traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange: ${IP_WHITELIST:?err}, 127.0.0.1
        traefik.http.routers.api.tls.certresolver: letsencrypt
        traefik.http.services.api.loadbalancer.server.port: "8080"

    configs:
      - source: traefik.toml
        target: /traefik.toml
    networks:
      - dockersocket
      - default

  goaccess:
    image: allinurl/goaccess
    command: /srv/logs/access.log -o /srv/report/index.html --log-format=COMBINED --real-time-html --ws-url=wss://${DOMAIN_GOACCESS:?err}:443/ws
    volumes:
      - logs:/srv/logs:ro
      - report:/srv/report:rw

    networks:
      - default

  goaccess-web:
    image: nginx:stable
    deploy:
      labels:
        traefik.enable: "true"
        traefik.http.routers.goaccess.rule: Host(`${DOMAIN_GOACCESS:?err}`)
        traefik.http.middlewares.ipwhitelist.ipwhitelist.sourcerange: ${IP_WHITELIST:?err}, 127.0.0.1
        traefik.http.routers.goaccess.tls.certresolver: letsencrypt
        traefik.http.services.goaccess.loadbalancer.server.port: "80"
        traefik.http.routers.goaccess.entrypoints: https
    volumes:
      - report:/usr/share/nginx/html:ro
    configs:
      - source: goaccess-nginx.conf
        target: /etc/nginx/conf.d/default.conf


  # restrict access to docker socket 
  dockerproxy:
    image: tecnativa/docker-socket-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      placement:
        constraints: [node.role==manager]
      mode: global
    environment: 
      SERVICES: 1
      NETWORKS: 1
      TASKS: 1
    networks:
      - dockersocket

configs:
  traefik.toml:
    file: ./config/traefik.toml
    name: traefik.toml-${CONFIG_VERSION:-0}
  goaccess-nginx.conf:
    file: ./config/goaccess-nginx.conf
    name: goaccess-nginx.conf-${CONFIG_VERSION:-0}


volumes:
  certs:
  logs:
  report:

networks:
  default:
    name: traefik-net
    driver: overlay
    attachable: true
  dockersocket:
    driver: overlay