--- version: "3.8" services: traefik: ports: - "80:80" - "443:443" - "8080:8080" volumes: - "/var/run/docker.sock:/var/run/docker.sock" - "letsencrypt:/etc/letsencrypt" configs: - source: traefik-yml-prod-v3 target: /etc/traefik/traefik.yml - source: file-provider-prod-v1 target: /etc/traefik/file-provider.yml networks: - proxy deploy: mode: replicated replicas: 1 update_config: failure_action: rollback placement: constraints: - node.role == manager labels: - "traefik.enable=true" - "traefik.http.services.traefik.loadbalancer.server.port=web" - "traefik.http.routers.traefik.rule=Host(`traefik.swarm.autonomic.zone`)" - "traefik.http.routers.traefik.entrypoints=web-secure" - "traefik.http.routers.traefik.tls.certresolver=staging" - "traefik.http.routers.traefik.service=api@internal" - "traefik.http.routers.traefik.middlewares=keycloak@file" traefik-forward-auth: image: thomseddon/traefik-forward-auth:2 configs: - source: forward-ini-prod-v1 target: /etc/forward.ini networks: - proxy environment: - CONFIG=/etc/forward.ini secrets: - oidc-client-id-v1 - oidc-client-secret-v1 - oidc-issuer-url-v1 - secret-nonce-v1 deploy: labels: - "traefik.enable=true" - "traefik.http.services.tfa.loadBalancer.server.port=4181" - "traefik.http.routers.tfa.rule=Host(`auth.swarm.autonomic.zone`)" - "traefik.http.routers.tfa.entrypoints=web-secure" - "traefik.http.routers.tfa.tls.certresolver=staging" - "traefik.http.routers.tfa.middlewares=keycloak@file" networks: proxy: external: true configs: traefik-yml-prod-v3: file: configs/prod/traefik.yml file-provider-prod-v1: file: configs/prod/file-provider.yml forward-ini-prod-v1: file: configs/prod/forward.ini.tmpl template_driver: golang secrets: secret-nonce-v1: external: true oidc-issuer-url-v1: external: true oidc-client-id-v1: external: true oidc-client-secret-v1: external: true volumes: letsencrypt: