# Traefik v2

Docker compose file:

docker-compose
services:
  traefik:
    image: traefik:v2.11
    container_name: traefik
    ports:
      - 80:80
      - 443:443
      # -- (Optional) Enable Dashboard, don't do in production
      - 8080:8080
    volumes:
      - /etc/traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped

Folder structure on host system:

/etc/traefik/
|── certs
│   ├── certs-key.pem
│   ├── certs.pem
│   ├── pubkey.crt
│   ├── private.key
└── traefik.yml

Example traefik config:

global:
  checkNewVersion: false
  sendAnonymousUsage: false

# -- (Optional) Change Log Level and Format here...
#     - loglevels [DEBUG, INFO, WARNING, ERROR, CRITICAL]
#     - format [common, json, logfmt]
# log:
#  level: ERROR
#  format: common
#  filePath: /var/log/traefik/traefik.log

# -- (Optional) Enable Accesslog and change Format here...
#     - format [common, json, logfmt]
# accesslog:
#   format: common
#   filePath: /var/log/traefik/access.log

# -- (Optional) Enable API and Dashboard here, don't do in production
api:
  dashboard: true
  insecure: true

# -- Change EntryPoints here...
entryPoints:
  web:
    address: :80
    # -- (Optional) Redirect all HTTP to HTTPS
    # http:
    #   redirections:
    #     entryPoint:
    #       to: websecure
    #       scheme: https
  websecure:
    address: :443
  # -- (Optional) Add custom Entrypoint
  # custom:
  #   address: :8080

# -- Configure your CertificateResolver here...
# certificatesResolvers:
#   staging:
#     acme:
#       email: your-email@example.com
#       storage: /etc/traefik/certs/acme.json
#       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
#       -- (Optional) Remove this section, when using DNS Challenge
#       httpChallenge:
#         entryPoint: web
#       -- (Optional) Configure DNS Challenge
#       dnsChallenge:
#         provider: your-resolver (e.g. cloudflare)
#         resolvers:
#           - "1.1.1.1:53"
#           - "8.8.8.8:53"
#   production:
#     acme:
#       email: your-email@example.com
#       storage: /etc/traefik/certs/acme.json
#       caServer: "https://acme-v02.api.letsencrypt.org/directory"
#       -- (Optional) Remove this section, when using DNS Challenge
#       httpChallenge:
#         entryPoint: web
#       -- (Optional) Configure DNS Challenge
#       dnsChallenge:
#         provider: your-resolver (e.g. cloudflare)
#         resolvers:
#           - "1.1.1.1:53"
#           - "8.8.8.8:53"

# -- (Optional) Disable TLS Cert verification check
# serversTransport:
#   insecureSkipVerify: true

# -- (Optional) Overwrite Default Certificates
tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/traefik/certs/certs.pem
        keyFile: /etc/traefik/certs/certs-key.pem
  certificates:
    - certFile: /etc/traefik/certs/portainer.crt
      keyFile: /etc/traefik/certs/portainer.key
    - certFile: /etc/traefik/certs/pdnsadmin.crt
      keyFile: /etc/traefik/certs/pdnsadmin.key
    - certFile: /etc/traefik/certs/paperless.crt
      keyFile: /etc/traefik/certs/paperless.key
    - certFile: /etc/traefik/certs/homepage.crt
      keyFile: /etc/traefik/certs/homepage.key
# -- (Optional) Disable TLS version 1.0 and 1.1
  options:
    default:
      minVersion: VersionTLS12

providers:
  docker:
    # -- (Optional) Enable this, if you want to expose all containers automatically
    exposedByDefault: false
    network: traefik_default
  file:
    directory: /etc/traefik
    watch: true