semaphore/files/swarm/stack.yml

version: '3.13'
# https://github.com/akhil/traefik-docker-swarm-example/blob/master/traefik.yml
# services:
#   traefik:
#     # Image tag (replace with yours)
#     image: traefik:latest
#     command:
#       - "--log.level=DEBUG"
#       - "--accesslog=true"
#       - "--api.dashboard=true"
#       - "--api.insecure=true"
#       - "--entryPoints.web.address=:80"
#       - "--entryPoints.websecure.address=:443"
#       - "--providers.docker=true"
#       - "--providers.docker.watch=true"
#       - "--providers.swarm=true"
#       - "--providers.docker.network=public"
#       - "--providers.docker.endpoint=unix:///var/run/docker.sock"
#       - "--providers.docker.exposedByDefault=false"
#       - "--providers.file.filename=/etc/traefik/configs/traefik-dynamic-configuration.yml"
#       # - "--metrics.prometheus=true"
#       # - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
#       - "--global.checkNewVersion=true"
#       - "--global.sendAnonymousUsage=false"
#     volumes:
#       - /var/run/docker.sock:/var/run/docker.sock
#     networks:
#       - public
#     ports:
#       - "80:80"
#       - "443:443"
#       # For Mattermost
#       # - "8443:8443"
#     configs:
#       - source: traefik-dynamic-configuration
#         target: /etc/traefik/configs/traefik-dynamic-configuration.yml
#     secrets:
#       - wildcard-jingoh-private.crt
#       - wildcard-jingoh-private.key
#     deploy:
#       mode: replicated
#       replicas: 1
#       placement:
#         constraints:
#           - node.role == manager
#       update_config:
#         delay: 15s
#         parallelism: 1
#         monitor: 10s
#         failure_action: rollback
#         max_failure_ratio: 0.55
#       # Container resources (replace with yours)
#       resources:
#         limits:
#           cpus: '1.55'
#           memory: 2G
#         reservations:
#           cpus: '0.55'
#           memory: 1G
#       labels:
#         - "traefik.enable=true"
#         # Traefik URL (replace with yours)
#         - "traefik.http.routers.dashboard.rule=Host(`traefikswarm.jingoh.private`)"
#         - "traefik.http.routers.dashboard.service=api@internal"
#         - "traefik.http.routers.dashboard.entrypoints=websecure"
#         - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
#         - "traefik.http.routers.dashboard.tls=true"
#         - "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
#         - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
#         - "traefik.http.routers.http-catchall.entrypoints=web"
#         - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
#         - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

#   agent:
#     image: portainer/agent:latest
#     environment:
#       # REQUIRED: Should be equal to the service name prefixed by "tasks." when
#       # deployed inside an overlay network
#       AGENT_CLUSTER_ADDR: tasks.agent
#       # AGENT_PORT: 9001
#       # LOG_LEVEL: debug
#     volumes:
#       - /var/run/docker.sock:/var/run/docker.sock
#       - /var/lib/docker/volumes:/var/lib/docker/volumes
#     networks:
#       - agent_network
#     deploy:
#       mode: global
#       placement:
#         constraints: [node.platform.os == linux]

#   portainer:
#     image: portainer/portainer-ce:latest
#     command: -H tcp://tasks.agent:9001 --tlsskipverify --http-enabled
#     volumes:
#       - /var/run/docker.sock:/var/run/docker.sock
#       - portainer_data:/data
#       - /etc/localtime:/etc/localtime
#     networks:
#       - public
#       - agent_network
#     deploy:
#       mode: replicated
#       replicas: 1
#       placement:
#         constraints: [node.role == manager]
#       labels:
#         - "traefik.enable=true"
#         - "traefik.http.routers.portainer.rule=Host(`portainer.jingoh.private`)"
#         - "traefik.http.routers.portainer.entrypoints=websecure"
#         - "traefik.http.routers.portainer.service=portainer"
#         - "traefik.http.services.portainer.loadbalancer.server.port=9443"
#         - "traefik.http.routers.portainer.tls=true"
#         - "traefik.http.services.portainer.loadbalancer.passhostheader=true"
#         # Edge
#         - "traefik.http.routers.edge.rule=Host(`edge.jingoh.private`)"
#         - "traefik.http.routers.edge.entrypoints=websecure"
#         - "traefik.http.services.edge.loadbalancer.server.port=8000"
#         - "traefik.http.routers.edge.service=edge"
#         - "traefik.http.routers.edge.tls=true"
#         - "traefik.http.services.edge.loadbalancer.passhostheader=true"

#   whoami:
#     image: "traefik/whoami"
#     deploy:
#       labels:
#         - "traefik.enable=true"
#         - "traefik.http.routers.whoami.rule=Host(`whoamitest.jingoh.private`)"
#         - "traefik.http.routers.whoami.entrypoints=websecure"
#         - "traefik.http.services.whoami.loadbalancer.server.port=80"
#         - "traefik.http.routers.whoami.tls=true"
#         - "traefik.http.services.whoami.loadbalancer.passhostheader=true"
#     networks:
#       - public

# networks:
#   public:
#     external: true
#   agent_network:
#     external: true
#     attachable: true
# volumes:
#    portainer_data:



# configs:
#   traefik-dynamic-configuration:
#     external: true

# secrets:
#   wildcard-jingoh-private.crt:
#     external: true

#   wildcard-jingoh-private.key:
#     external: true