Traefik deployment example

docker-compose/traefik/.env

@@ -0,0 +1,8 @@
+# Reverse proxy domain and cloudflare token
+DOMAINNAME=example.com
+CF_DNS_API_TOKEN=SOME_CLOUDFLARE_TOKEN
+
+# Database
+DATABASE_NAME=xcdb
+DATABASE_USER=nocodb
+DATABASE_PW=SECURE_PW

docker-compose/traefik/README.md

@@ -0,0 +1,19 @@
+# Example with traefik revers proxy
+
+Look into the `.env` file and update the vaiables before executing `docker-compose up -d`. 
+
+## Traefik configuration
+
+- HTTP redirect to HTTPS
+- Healthcheck
+- SSL certificate via Cloudflare DNS challenge
+
+## Watchtower
+
+Looks for new nocodb image every day at 5:00 and recreates the container.
+
+## NocoDB
+
+- Accessible via `nocodb.DOMAINNAME`
+- Uses postgres db for storage
+- Telemetry is disabled

docker-compose/traefik/docker-compose.yml

@@ -0,0 +1,104 @@
+version: "3.7"
+
+networks:
+    traefik_proxy:
+        name: traefik_proxy
+
+volumes:
+  letsencrypt:
+    name: traefik-letsencrypt
+  nocodb-db:
+    name: nocodb-db
+    
+services:
+   
+    traefik:
+        image: traefik:v2.2
+        container_name: traefik
+        restart: always
+        command:
+            #- "--log.level=DEBUG"
+            - "--providers.docker=true"
+            - "--ping=true"            
+            - "--ping.entryPoint=ping"
+            - "--providers.docker.exposedbydefault=false"
+            - "--providers.docker.network=traefik_proxy"             
+            - "--entryPoints.ping.address=:8081"
+            - "--entrypoints.http.address=:80"
+            - "--entrypoints.https.address=:443"      
+            - "--entrypoints.https.http.tls.certresolver=letsencrypt"
+            - "--entrypoints.https.http.tls.domains[0].main=${DOMAINNAME}"
+            - "--entrypoints.https.http.tls.domains[0].sans=*.${DOMAINNAME}"       
+            - "--entrypoints.http.http.redirections.entryPoint.to=https"
+            - "--entrypoints.http.http.redirections.entryPoint.scheme=https"            
+            - "--certificatesresolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=15"
+            - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
+            - "--certificatesresolvers.letsencrypt.acme.email=info@${DOMAINNAME}"
+            - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
+            - "--certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
+        environment:
+            - CF_DNS_API_TOKEN=${CLOUDFLARE_TOKEN}
+        healthcheck:
+            test: ["CMD", "wget", "-c", "http://localhost:8081/ping"]
+            timeout: 3s
+            retries: 3
+        networks:
+            - default
+            - traefik_proxy
+        ports:
+            - "80:80"         
+            - "443:443"
+        volumes:
+            - "letsencrypt:/letsencrypt"
+            - /var/run/docker.sock:/var/run/docker.sock:ro
+
+    watchtower:
+        image: containrrr/watchtower
+        container_name: watchtower
+        restart: always
+        networks:
+            - traefik_proxy    
+        command: --schedule "0 5 * * *" --cleanup --label-enable
+        
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock:ro
+        labels:
+            - "com.centurylinklabs.watchtower.enable=true"
+            
+    nocodb:
+        container_name: nocodb
+        image: nocodb/nocodb:latest
+        restart: always
+        networks:
+          - traefik_proxy
+        environment:
+          - NC_DB="pg://nocodb-db:5432?u=${DATABASE_USER}&p=${DATABASE_PW}&d=${DATABASE_NAME}"
+          - NC_PUBLIC_URL="https://nocodb.${DOMAINNAME}"
+          - NC_DISABLE_TELE=true
+        labels:
+            - "traefik.enable=true"
+            - "traefik.http.services.nocodb.loadbalancer.server.port=8080"
+            - "traefik.http.routers.nocodb.rule=Host(`nocodb.${DOMAINNAME}`)"
+            - "traefik.http.routers.nocodb.entrypoints=https" 
+            - "com.centurylinklabs.watchtower.enable=true"
+        depends_on:
+          nocodb-db:
+            condition: service_healthy
+            
+    nocodb-db:
+        image: postgres:12.1-alpine
+        container_name: nocodb-db
+        restart: always
+        networks:
+            - traefik_proxy
+        environment:
+           POSTGRES_USER: ${DATABASE_USER}
+           POSTGRES_PASSWORD: ${DATABASE_PW}
+           POSTGRES_DB: ${DATABASE_NAME}
+        volumes:
+          - nocodb-db:/var/lib/postgresql/data
+        healthcheck:
+          test: pg_isready -U ${DATABASE_USER} -d ${DATABASE_NAME}
+          interval: 10s
+          timeout: 2s
+          retries: 10