apt install apach2-utils

version: '3'
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true #Prevents the UID transition while running a set UID binary
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro #Ensure that docker date matches server time
      - /var/run/docker.sock:/var/run/docker.sock:ro 
      - ./data/traefik.yml:/traefik.yml:ro #traefik configuration files
      - ./data/acme.json:/acme.json #to tell traefik to save ssl certs here
    command:
      --api.insecure=true # Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users= admin:@@$apr1@@$buoyPbo.@@$NOlqTVpSHfumf9lOiMYwI1" #Generated password
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"
networks:
  proxy:
    external: true

api:
  dashboard: true
entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
certificatesResolvers:
  http:
    acme:
      email: <<email.com>>
      storage: acme.json
      httpChallenge:
        entryPoint: http

docker-compose up -d