kovagoadi.hu/traefik
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Commit changes
All checks were successful
Remote Deployment Pipeline / Prepare deployment vars (pull_request) Successful in 2s
Details
Remote Deployment Pipeline / Create remote directory (pull_request) Successful in 8s
Details
Remote Deployment Pipeline / Cleanup MR environment (pull_request) Has been skipped
Details
Remote Deployment Pipeline / Sync repository files (pull_request) Successful in 19s
Details
Remote Deployment Pipeline / Run docker-compose remotely (Dev) (pull_request) Successful in 12s
Details
Remote Deployment Pipeline / Run docker-compose remotely (Staging) (pull_request) Has been skipped
Details
Remote Deployment Pipeline / Run docker-compose remotely (Prod) (pull_request) Has been skipped
Details

Browse Source
This commit is contained in:
kovagoadi
2025-11-25 15:02:55 +01:00
parent 8d35667080
commit e894d4bd07
1 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
docker-compose.yaml
View File

@@ -41,5 +41,49 @@ services:
- traefik.http.routers.https.entrypoints=https
- traefik.http.routers.https.tls=true
- traefik.http.routers.https.tls.certresolver=letsencrypt
catchall-shim:
image: traefik/whoami
labels:
- "traefik.enable=true"
# -------------------------------------------------------
# 1. HTTPS Handling (TCP Passthrough) -> Port 443
# -------------------------------------------------------
# Use a TCP Router for Port 443
- "traefik.tcp.routers.catchall-https.entrypoints=https"
# Match Any Domain (Wildcard SNI)
- "traefik.tcp.routers.catchall-https.rule=HostSNI(`*`)"
# CRITICAL: Passthrough = true
# Traefik will NOT decrypt. It passes the encrypted stream to Nginx.
- "traefik.tcp.routers.catchall-https.tls.passthrough=true"
# Low priority so other specific routes in Traefik override this
# - "traefik.tcp.routers.catchall-https.priority=1"
# Point to the Nginx service
- "traefik.tcp.routers.catchall-https.service=nginx-backend-secure"
# Define the destination IP for HTTPS (Note: 'server.address', not 'url')
# Replace 192.168.1.100 with your Nginx IP
- "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.address=192.168.1.85:443"
- "env=${ENV}"
# -------------------------------------------------------
# 2. HTTP Handling (Standard Proxy) -> Port 80
# -------------------------------------------------------
# Since HTTP is unencrypted, we can use a standard HTTP router.
# This forwards the request to Nginx port 80 (for Certbot challenges/redirects).
- "traefik.http.routers.catchall-http.entrypoints=web"
- "traefik.http.routers.catchall-http.rule=PathPrefix(`/`)"
# - "traefik.http.routers.catchall-http.priority=1"
- "traefik.http.routers.catchall-http.service=nginx-backend-plain"
# Define the destination IP for HTTP
- "traefik.http.services.nginx-backend-plain.loadbalancer.server.url=http://192.168.1.85:80"
networks:
proxy: