diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2022-04-24 18:35:25 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2022-04-24 18:35:25 +0200 |
| commit | 4e16dd1ae5a8a21f49ead8aff61115819f43a3dc (patch) | |
| tree | 42f4f217bb6411d41d4954003b6843056269db6d /Docker/freshrss/docker-compose-proxy.yml | |
| parent | 20e0b848b177e7cfd6554eb831489a51dd03964a (diff) | |
Update Docker readme (#4320)
* Update Docker readme
#fix https://github.com/FreshRSS/FreshRSS/issues/3351
* A few more headers
https://github.com/FreshRSS/FreshRSS/issues/3649
https://doc.traefik.io/traefik/middlewares/http/headers/
* Another docker logs example
* More uniform
* Minor details
Diffstat (limited to 'Docker/freshrss/docker-compose-proxy.yml')
| -rw-r--r-- | Docker/freshrss/docker-compose-proxy.yml | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/Docker/freshrss/docker-compose-proxy.yml b/Docker/freshrss/docker-compose-proxy.yml new file mode 100644 index 000000000..980e45e67 --- /dev/null +++ b/Docker/freshrss/docker-compose-proxy.yml @@ -0,0 +1,57 @@ +version: "2.4" + +volumes: + traefik-letsencrypt: + traefik-tmp: + +services: + + traefik: + image: traefik:2.6 + container_name: traefik + restart: unless-stopped + logging: + options: + max-size: 10m + ports: + - 80:80 + - 443:443 + networks: + - network + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - traefik-tmp:/tmp + - traefik-letsencrypt:/etc/traefik/acme + - ./traefik/tls.yaml:/etc/traefik/tls.yaml:ro + command: + - --global.sendAnonymousUsage + - --accesslog=true + - --api=false + - --providers.docker=true + - --providers.docker.exposedByDefault=false + - --log.level=INFO + - --entryPoints.http.address=:80 + - --entryPoints.https.address=:443 + - --entryPoints.http.http.redirections.entryPoint.to=https + - --entryPoints.http.http.redirections.entryPoint.scheme=https + - --certificatesResolvers.letsEncrypt.acme.storage=/etc/traefik/acme/acme.json + - --certificatesResolvers.letsEncrypt.acme.email=${ADMIN_EMAIL} + - --certificatesResolvers.letsEncrypt.acme.tlsChallenge=true + - --providers.file.filename=/etc/traefik/tls.yaml + labels: + - traefik.enable=false + + freshrss: + labels: + - traefik.enable=true + - traefik.http.middlewares.freshrssM1.compress=true + - traefik.http.middlewares.freshrssM2.headers.browserXssFilter=true + - traefik.http.middlewares.freshrssM2.headers.forceSTSHeader=true + - traefik.http.middlewares.freshrssM2.headers.frameDeny=true + - traefik.http.middlewares.freshrssM2.headers.referrerPolicy=no-referrer-when-downgrade + - traefik.http.middlewares.freshrssM2.headers.stsSeconds=31536000 + - traefik.http.routers.freshrss.entryPoints=https + - traefik.http.routers.freshrss.middlewares=freshrssM1,freshrssM2 + - traefik.http.routers.freshrss.rule=Host(`${SERVER_DNS}`) + - traefik.http.routers.freshrss.tls.certResolver=letsEncrypt + - traefik.http.routers.freshrss.tls=true |