33 lines
977 B
YAML
33 lines
977 B
YAML
# Example: Internal-only service (Portainer)
|
|
# Accessible only via Tailscale/VPN
|
|
|
|
version: "3.8"
|
|
|
|
networks:
|
|
services:
|
|
external: true
|
|
|
|
volumes:
|
|
portainer-data:
|
|
|
|
services:
|
|
portainer:
|
|
image: portainer/portainer-ce:latest
|
|
container_name: portainer
|
|
restart: unless-stopped
|
|
networks:
|
|
- services
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- portainer-data:/data
|
|
labels:
|
|
- "traefik.enable=true"
|
|
# Internal entrypoint only - NOT exposed to internet
|
|
- "traefik.http.routers.portainer.rule=Host(`docker.local.lemonlink.eu`)"
|
|
- "traefik.http.routers.portainer.entrypoints=internal"
|
|
- "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
|
|
# Optional: Skip Authelia for Portainer if it has its own auth
|
|
# Or keep it for extra security
|
|
- "traefik.http.routers.portainer.middlewares=authelia@docker"
|
|
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
|