From 485c0bbac6bef227c41eaa84f3432fb45f51c27c Mon Sep 17 00:00:00 2001
From: Conor Flynn <conor-f@users.noreply.github.com>
Date: Mon, 10 Jul 2023 21:37:40 +0200
Subject: [PATCH] Fleshes out docker-compose.traefik.yml for Traefik

This adds a barebones Traefik docker-compose.yml file to get started with.

Anyone with experience with Traefik will quickly grok the parts to pull out for their own setup, and it provides sensible defaults (i.e. nothing exposed, with LetsEncrypt certs and HTTP->HTTPS redirects) for new users.
---
 .../traefik/docker-compose.traefik.yml        | 99 +++++++++++++++++--
 1 file changed, 93 insertions(+), 6 deletions(-)

diff --git a/reverse-proxy/traefik/docker-compose.traefik.yml b/reverse-proxy/traefik/docker-compose.traefik.yml
index 9b3453c..19963f5 100644
--- a/reverse-proxy/traefik/docker-compose.traefik.yml
+++ b/reverse-proxy/traefik/docker-compose.traefik.yml
@@ -1,8 +1,95 @@
-version: "3.3"
+version: '3.3'
+
+networks:
+  live_network:
+    external: true
+  internal_network:
+    external: false
+
 services:
-  rallly:
+  traefik:
+    container_name: "traefik"
+    image: "traefik:v2.9"
+
+    networks:
+      - "live_network"
+      - "internal_network"
+
+    restart: unless-stopped
+
+    command:
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--providers.docker=true"
+      - "--certificatesresolvers.le.acme.email=example@example.com"  # Add your email address here
+      - "--certificatesresolvers.le.acme.storage=/data/acme.json"
+      - "--certificatesresolvers.le.acme.tlschallenge=true"
+
+    ports:
+      - "80:80"
+      - "443:443"
+
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "./data:/data"
+
     labels:
-      traefik.enable: "true"
-      traefik.http.routers.plausible.rule: "Host(`example.com`)" # change to your domain name
-      traefik.http.routers.plausible.entrypoints: "websecure"
-      traefik.http.services.plausible.loadbalancer.server.port: "3000"
+      - "traefik.enable=false"
+
+  rallly:
+    container_name: "rallly"
+    image: lukevella/rallly:latest
+    restart: unless-stopped
+
+    networks:
+      - "live_network"
+      - "internal_network"
+
+    depends_on:
+      rallly-db:
+        condition: service_healthy
+
+    environment:
+      - DATABASE_URL=postgres://postgres:postgres@rallly-db:5432/db
+
+    env_file:
+      - ./config/rallly.env
+
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.rallly.loadbalancer.server.port=3000"
+      - "traefik.docker.network=live_network"
+
+      - "traefik.http.routers.rallly-websecure.rule=Host(`rallly.example.com`)"  # Add your domain here
+      - "traefik.http.routers.rallly-websecure.entrypoints=websecure"
+      - "traefik.http.routers.rallly-websecure.tls=true"
+      - "traefik.http.routers.rallly-websecure.tls.certresolver=le"
+
+      - "traefik.http.routers.rallly-web.rule=Host(`rallly.example.com`)"  # Add your domain here
+      - "traefik.http.routers.rallly-web.entrypoints=web"
+      - "traefik.http.routers.rallly-web.middlewares=rallly-http-redirect"
+
+      - "traefik.http.middlewares.rallly-http-redirect.redirectscheme.scheme=https"
+
+  rallly-db:
+    container_name: "rallly-db"
+    image: postgres:14.2
+    restart: unless-stopped
+
+    networks:
+      - "internal_network"
+
+    environment:
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_DB=db
+
+    volumes:
+      - ./data/db-data:/var/lib/postgresql/data
+
+    labels:
+      - "traefik.enable=false"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5