43 lines
1.5 KiB
YAML
43 lines
1.5 KiB
YAML
services:
|
|
portainer:
|
|
image: portainer/portainer-ee:2.33.7
|
|
container_name: portainer
|
|
restart: unless-stopped
|
|
|
|
volumes:
|
|
- /opt/portainer/secrets/portainer:/run/secrets/portainer:ro,Z
|
|
- /opt/portainer/secrets/portainer:/run/portainer/portainer:ro,Z
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- /opt/portainer/data:/data:Z
|
|
|
|
security_opt:
|
|
- label=disable
|
|
|
|
networks:
|
|
- proxy
|
|
|
|
labels:
|
|
- "traefik.enable=true"
|
|
- "traefik.docker.network=proxy"
|
|
|
|
# 1) UI protegida Authentik
|
|
- "traefik.http.routers.portainer.rule=Host(`portainer.thehomelesssherlock.com`)"
|
|
- "traefik.http.routers.portainer.entrypoints=websecure"
|
|
- "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.portainer.middlewares=ths-authentik@docker"
|
|
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|
|
|
|
# 2) API/App móvil SIN Authentik, SOLO por VPN (WireGuard)
|
|
- "traefik.http.middlewares.portainer-api-ip.ipallowlist.sourcerange=10.8.0.0/24,172.18.0.1/32"
|
|
- "traefik.http.routers.portainer-direct.rule=Host(`portainer-api.thehomelesssherlock.com`)"
|
|
- "traefik.http.routers.portainer-direct.entrypoints=websecure"
|
|
- "traefik.http.routers.portainer-direct.tls.certresolver=letsencrypt"
|
|
- "traefik.http.routers.portainer-direct.middlewares=portainer-api-ip"
|
|
- "traefik.http.routers.portainer-direct.service=portainer"
|
|
- "traefik.http.routers.portainer-direct.priority=100"
|
|
|
|
networks:
|
|
proxy:
|
|
external: true
|
|
|