[Unit] Description=Traefik Reverse Proxy Documentation=https://doc.traefik.io/traefik/providers/docker [Container] ContainerName=traefik Image=docker.io/library/traefik:{{ traefik_version }} Environment=TZ=Europe/Berlin #Environment=CLOUDFLARE_DNS_API_TOKEN= PublishPort=0.0.0.0:80:80/tcp PublishPort=0.0.0.0:443:443/tcp PublishPort=0.0.0.0:8080:8080/tcp #Network=pasta:-T,auto Network=traefik.network Volume=/etc/traefik:/etc/traefik:rw Volume=/var/run/podman/podman.sock:/var/run/docker.sock:ro Volume=/letsencrypt:/letsencrypt NoNewPrivileges=true DropCapability=All AddCapability=net_bind_service #UserNS=keep-id # Required to access the Podman Socket #SecurityLabelDisable=true PodmanArgs=--userns=keep-id --security-opt label=disable Label="traefik.http.routers.dashboard.tls.certresolver=resolver" Label="traefik.http.routers.dashboard.tls=true" Label="traefik.http.routers.dashboard.rule=Host(`{{ traefik_dashboard_url }}`)" Label="traefik.http.routers.dashboard.service=api@internal" [Service] Restart=on-failure # Restart Delay RestartSec=30 # Allowed time for the service to start. TimeoutStartSec=90 # Allowed time for the service to stop. TimeoutStopSec=90 ExecStartPre=chmod 600 /letsencrypt/acme.json [Install] WantedBy=default.target