2023-09-18 16:42:05 +00:00
|
|
|
[Unit]
|
|
|
|
|
Description=Traefik Reverse Proxy
|
|
|
|
|
Documentation=https://doc.traefik.io/traefik/providers/docker
|
|
|
|
|
|
|
|
|
|
[Container]
|
|
|
|
|
ContainerName=traefik
|
|
|
|
|
Image=docker.io/library/traefik:{{ traefik_version }}
|
|
|
|
|
Environment=TZ=Europe/Berlin
|
|
|
|
|
|
|
|
|
|
#Environment=CLOUDFLARE_DNS_API_TOKEN=<REDACTED>
|
|
|
|
|
|
|
|
|
|
PublishPort=0.0.0.0:80:80/tcp
|
|
|
|
|
PublishPort=0.0.0.0:443:443/tcp
|
|
|
|
|
PublishPort=0.0.0.0:8080:8080/tcp
|
|
|
|
|
|
|
|
|
|
#Network=pasta:-T,auto
|
|
|
|
|
Network=traefik.network
|
|
|
|
|
|
|
|
|
|
Volume=/etc/traefik:/etc/traefik:rw
|
|
|
|
|
Volume=/var/run/podman/podman.sock:/var/run/docker.sock:ro
|
2023-09-19 17:32:08 +00:00
|
|
|
Volume=/letsencrypt:/letsencrypt
|
2023-09-19 17:26:32 +00:00
|
|
|
|
2023-09-18 16:42:05 +00:00
|
|
|
NoNewPrivileges=true
|
|
|
|
|
DropCapability=All
|
|
|
|
|
AddCapability=net_bind_service
|
|
|
|
|
|
|
|
|
|
#UserNS=keep-id
|
|
|
|
|
# Required to access the Podman Socket
|
|
|
|
|
#SecurityLabelDisable=true
|
|
|
|
|
PodmanArgs=--userns=keep-id --security-opt label=disable
|
|
|
|
|
|
2023-09-18 17:16:27 +00:00
|
|
|
Label="traefik.http.routers.dashboard.tls.certresolver=resolver"
|
|
|
|
|
Label="traefik.http.routers.dashboard.tls=true"
|
|
|
|
|
Label="traefik.http.routers.dashboard.rule=Host(`{{ traefik_dashboard_url }}`)"
|
|
|
|
|
Label="traefik.http.routers.dashboard.service=api@internal"
|
|
|
|
|
|
2023-09-18 16:42:05 +00:00
|
|
|
[Service]
|
|
|
|
|
Restart=on-failure
|
|
|
|
|
# Restart Delay
|
|
|
|
|
RestartSec=30
|
|
|
|
|
# Allowed time for the service to start.
|
|
|
|
|
TimeoutStartSec=90
|
|
|
|
|
# Allowed time for the service to stop.
|
|
|
|
|
TimeoutStopSec=90
|
|
|
|
|
|
2023-09-19 18:29:48 +00:00
|
|
|
ExecStartPre=chmod 600 /letsencrypt/acme.json
|
|
|
|
|
|
2023-09-18 16:42:05 +00:00
|
|
|
[Install]
|
|
|
|
|
WantedBy=default.target
|
|
|
|
|
|
