version: '3.8' services: traefik: image: traefik:v3.5 container_name: traefik restart: unless-stopped # Puertos expuestos ports: - "80:80" # HTTP - "443:443" # HTTPS - "8080:8080" # Dashboard (solo si api.insecure=true) - "8082:8082" # Métricas Prometheus # Variables de entorno environment: - TZ=America/Argentina/Buenos_Aires - CLOUDFLARE_DNS_API_TOKEN=${CF_API_TOKEN} - CLOUDFLARE_ZONE_API_TOKEN=${CF_API_TOKEN} # Volúmenes volumes: # Configuración estática - ./traefik/traefik.yml:/etc/traefik/traefik.yml:ro # Configuración dinámica - ./dynamic:/etc/traefik/dynamic:ro # Socket de Docker (para auto-descubrimiento) - /var/run/docker.sock:/var/run/docker.sock:ro # Almacenamiento de certificados SSL - traefik-letsencrypt:/letsencrypt # Logs - traefik-logs:/var/log/traefik # Redes networks: - traefik-network - principal # Labels para el dashboard de Traefik labels: - "traefik.enable=true" # Dashboard en traefik.nucleoriofrio.com - "traefik.http.routers.dashboard.rule=Host(`traefik.nucleoriofrio.com`)" - "traefik.http.routers.dashboard.entrypoints=websecure" - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt" - "traefik.http.routers.dashboard.tls.domains[0].main=nucleoriofrio.com" - "traefik.http.routers.dashboard.tls.domains[0].sans=*.nucleoriofrio.com" - "traefik.http.routers.dashboard.service=api@internal" # Middleware de autenticación básica para el dashboard - "traefik.http.routers.dashboard.middlewares=dashboard-auth" - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$apr1$$cJ7gew7R$$OtpXnfijB8Nj/XXRp4rHq1" # Usuario: admin, Password: admin (CAMBIAR ESTO!) # Genera tu propio hash con: htpasswd -nb admin tu-password # o en línea: https://hostingcanada.org/htpasswd-generator/ # Redes networks: traefik-network: name: traefik-network driver: bridge principal: external: true # Volúmenes volumes: traefik-letsencrypt: name: traefik-letsencrypt traefik-logs: name: traefik-logs