# ============================================================================== # DOCKER COMPOSE - INFRAESTRUCTURA TRAEFIK (ESTÁNDAR OGNIR) # ============================================================================== version: "3.9" services: traefik-socket-proxy: image: tecnativa/docker-socket-proxy:latest container_name: traefik-socket-proxy restart: always networks: - services-internal-net volumes: - /var/run/docker.sock:/var/run/docker.sock:ro environment: - CONTAINERS=1 - NETWORKS=1 - SERVICES=1 - VERSION=1 - EVENTS=1 # Recuperado del original para estabilidad del socket - CONNECT_TIMEOUT=30 - SERVER_TIMEOUT=30 - CLIENT_TIMEOUT=30 traefik: image: traefik:v3.0 container_name: traefik restart: always user: "1032:100" depends_on: traefik-socket-proxy: condition: service_started labels: - "traefik.enable=true" - "traefik.http.routers.traefik-dash.rule=Host(`traefik.ognir-server.synology.me`)" - "traefik.http.routers.traefik-dash.entrypoints=websecure" - "traefik.http.routers.traefik-dash.tls=true" - "traefik.http.routers.traefik-dash.tls.certresolver=letsencrypt" - "traefik.http.routers.traefik-dash.service=api@internal" # Middleware de seguridad (debe existir en /dynamic/middlewares.yml) - "traefik.http.routers.traefik-dash.middlewares=seguridad-general@file" networks: proxy-macvlan-net: ipv4_address: 192.168.178.25 services-internal-net: # Recuperado íntegramente del original healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:8080/ping"] interval: 30s timeout: 10s retries: 3 start_period: 20s volumes: - /volume1/docker/configs/traefik:/etc/traefik:ro - /volume1/docker/data/traefik:/letsencrypt - /volume1/docker/data/traefik/logs:/var/log/traefik command: # Única instrucción necesaria: cargar el archivo documentado - "--configFile=/etc/traefik/traefik.yml" networks: proxy-macvlan-net: external: true services-internal-net: external: true