From 31ee724feebc1d5f91cb17ffd6892c352537f194 Mon Sep 17 00:00:00 2001
From: Kris Lamoureux <kris@lamoureux.io>
Date: Mon, 9 Oct 2023 23:42:46 -0400
Subject: [PATCH] Add basic Traefik docker-compose.yml file

---
 LICENSE            | 12 +++++++++
 README.md          | 61 ++++++++++++++++++++++++++++++++++++++++++++++
 docker-compose.yml | 41 +++++++++++++++++++++++++++++++
 3 files changed, 114 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 README.md
 create mode 100644 docker-compose.yml

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..fba70ca
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,12 @@
+Copyright (C) 2023 by Kris Lamoureux <kris@lamoureux.io>
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..572711f
--- /dev/null
+++ b/README.md
@@ -0,0 +1,61 @@
+# Traefik Deployment Repository
+
+Traefik is excellent as a reverse proxy within Docker environments, boasting
+features like automatic service discovery and automated HTTPS via Let's
+Encrypt. While similar, the docker-compose files available here cater to
+different use cases for deploying Traefik.
+
+## Add services to Traefik
+1. Define the external traefik network on the top-level networks key
+```
+networks:
+  traefik:
+    external: true
+```
+
+2. Attach your web container to Traefik's network via the service-level `networks` key
+```
+    networks:
+      - traefik
+```
+
+3. Define routing for Traefik in labels, replacing "examplerouter" with something unique
+```
+    labels:
+      traefik.http.routers.examplerouter.rule: Host(`www.example.org`)
+      traefik.http.routers.examplerouter.entrypoints: websecure
+      traefik.http.routers.examplerouter.tls: true
+      traefik.http.services.examplerouter.loadbalancer.server.port: 80
+      traefik.docker.network: traefik
+```
+
+## Variables
+Here's a brief explanation of the variables used in the docker-compose files:
+
+### Docker Settings
+- `IMAGE`: The name of the Docker image (default: `traefik`).
+- `VERSION`: The tag of the Docker image (default: `latest`).
+- `NAME`: The name assigned to the created container (default: `traefik`).
+
+### Traefik Settings
+- `DASHBOARD`: Enable(=true) or disable(=false) the Traefik API dashboard (default: `true`).
+- `ROUTER`: Traefik's personal router name used in labels (default: `traefik`).
+- `DOMAIN`: The domain name where Traefik's dashboard is accessible (default: `traefik.local.krislamo.org`).
+- `ENTRYPOINT`: The entry point for the dashboard (default: `local`).
+- `EXPOSED_BY_DEFAULT`: Expose Docker containers by default without needing specific labels (default: `false`).
+
+### Network Settings
+- `NETWORK`: The Docker network to be used (default: `traefik`).
+- `WEB_PORT`: Binding for the regular HTTP traffic (default: `0.0.0.0:80:80`).
+- `WEBSECURE_PORT`: Binding for HTTPS traffic (default: `0.0.0.0:443:443`).
+- `LOCAL_PORT`: Binding for local HTTPS traffic (default: `127.0.0.1:8443:8443`).
+
+### Other Settings
+- `ENABLE`: Enable(=true) or disable(=false) Traefik to expose its API and dashboard (default: `false`).
+- `LOG_LEVEL`: Logging level (default: `ERROR`).
+- `DEBUG`: Enable(=true) or turn off(=false) API debugging (default: `false`).
+
+
+## License
+This project is released under the 0BSD license, which allows for unrestricted
+use, modification, and distribution.
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..b789bf7
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,41 @@
+version: '3.8'
+
+volumes:
+  traefik:
+
+networks:
+  traefik:
+    name: traefik
+
+services:
+  traefik:
+    image: "${IMAGE:-traefik}:${VERSION:-latest}"
+    container_name: "${NAME:-traefik}"
+    command:
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false}
+      - --api.dashboard=${DASHBOARD:-true}
+      - --api.debug=${DEBUG:-false}
+      - --log.level=${LOG_LEVEL:-ERROR}
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --entrypoints.local.address=:8443
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+    ports:
+      - "${WEB_PORT:-0.0.0.0:80:80}"
+      - "${WEBSECURE_PORT:-0.0.0.0:443:443}"
+      - "${LOCAL_PORT:-127.0.0.1:8443:8443}"
+    labels:
+      traefik.http.routers.traefik.rule: Host(`${DOMAIN:-traefik.local.krislamo.org}`)
+      traefik.http.routers.traefik.service: api@internal
+      traefik.http.routers.traefik.entrypoints: ${ENTRYPOINT:-local}
+      traefik.http.routers.traefik.tls: true
+      traefik.docker.network: ${NETWORK:-traefik}
+      traefik.enable: ${ENABLE:-false}
+    networks:
+      - traefik
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - "traefik:/etc/traefik"