forked from signalapp/Signal-TLS-Proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcompose.yaml
91 lines (79 loc) · 2.9 KB
/
compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
version: '3'
volumes:
certificates:
name: certificates
networks:
web:
name: web
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
networks:
- web
ports:
- "80:80/tcp"
- "443:443/tcp"
volumes:
- certificates:/certificates
- ./data/traefik/config:/config:Z,ro
- /var/run/docker.sock:/var/run/docker.sock:ro
command:
- --ping
- --log=true
- --accesslog=true
- --global.sendAnonymousUsage=false
- --global.checkNewVersion=false
- --api.dashboard=true
- --entrypoints.web.address=:80/tcp
- --entrypoints.websecure.address=:443/tcp
- [email protected] # FIXME: enter your email here
- --certificatesresolvers.myresolver.acme.storage=/certificates/acme.json
- --certificatesresolvers.myresolver.acme.httpchallenge=true
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
- --certificatesResolvers.myresolver.acme.keyType=EC384
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" # FIXME (OPTIONAL): use staging server for testing
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --providers.file.filename=/config/dynamic.yml
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
labels:
traefik.enable: true
traefik.docker.network: web
# FIXME (OPTIONAL): enable dashboard
# traefik.http.routers.dashboard.service: api@internal
# traefik.http.routers.dashboard.entrypoints: websecure
# traefik.http.routers.dashboard.rule: Host(`YOUR_DOMAIN`) # FIXME: enter your traefik domain here
# traefik.http.routers.dashboard.tls: true
# traefik.http.routers.dashboard.tls.certresolver: myresolver
signal-proxy:
image: nginx:alpine
container_name: signal-proxy
restart: unless-stopped
networks:
- web
depends_on:
- traefik
volumes:
- ./data/nginx-relay/nginx.conf:/etc/nginx/nginx.conf:Z,ro
security_opt:
- no-new-privileges:true
cap_drop:
- ALL
cap_add:
- SETUID
- SETGID
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; /usr/sbin/nginx -s reload; done & /usr/sbin/nginx -c /etc/nginx/nginx.conf -g \"daemon off;\"'"
labels:
traefik.enable: true
traefik.docker.network: web
traefik.tcp.routers.signal-proxy.rule: HostSNI(`YOUR_SIGNAL_PROXY_DOMAIN`) # FIXME: enter your signal proxy domain here
traefik.tcp.routers.signal-proxy.service: signal-proxy
traefik.tcp.routers.signal-proxy.entrypoints: websecure
traefik.tcp.routers.signal-proxy.tls: true
traefik.tcp.routers.signal-proxy.tls.certresolver: myresolver
traefik.tcp.services.signal-proxy.loadbalancer.server.port: 4433