back to traefik
This commit is contained in:
parent
9bd9f23d9e
commit
4c2bdef32e
16 changed files with 171 additions and 60 deletions
21
.env.default
21
.env.default
|
@ -1,35 +1,42 @@
|
|||
# ssl
|
||||
GANDIV5_API_KEY=xxxxxxxxxxxxxxxxx
|
||||
LETSENCRYPT_EMAIL=root@localhost.localdomain
|
||||
LETSENCRYPT_GENERATE=false
|
||||
|
||||
# sites
|
||||
DOMAIN=localhost.localdomain
|
||||
HOST_BAIKAL=baikal
|
||||
DOMAIN=traefik.me
|
||||
HOST_BAIKAL=
|
||||
HOST_BLOG=blog
|
||||
HOST_DELUGE=deluge
|
||||
HOST_DELUGE_DOWNLOAD=delugedownload
|
||||
HOST_DOKUWIKI=dokuwiki
|
||||
HOST_GLANCES=glances
|
||||
HOST_MAIL=mail
|
||||
HOST_NETDATA=netdata
|
||||
HOST_MAIL=
|
||||
HOST_NETDATA=
|
||||
HOST_PIGALLERY=pigallery
|
||||
HOST_PORTAINER=portainer
|
||||
HOST_SEAFILE=seafile
|
||||
HOST_SELFOSS=selfoss
|
||||
HOST_SHAARLI=shaarli
|
||||
HOST_TRAEFIK=traefik
|
||||
HOST_WALLABAG=wallabag
|
||||
HOST_WWW=www
|
||||
PATH_PORTAINER=/portainer
|
||||
PATH_GLANCES=/glances
|
||||
PATH_DELUGE=/deluge
|
||||
|
||||
# other
|
||||
TZ=Europe/Paris
|
||||
BASIC_AUTH=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/
|
||||
ROOT_INSTALL=/srv
|
||||
DB_ROOT_PASSWORD=rootpassword
|
||||
ADMIN_EMAIL=root@localdomain
|
||||
|
||||
# torrent
|
||||
DELUGE_TORRENT_PORT=6881
|
||||
DOWNLOAD_HTTP_PORT=8000
|
||||
|
||||
# seafile
|
||||
SEAFILE_ADMIN_PASSWORD=abc123456
|
||||
SEAFILE_REGULAR_USER=johndoe
|
||||
SEAFILE_REGULAR_PASSWORD=johnpassword
|
||||
SEAFILE_PHOTO_LIBRARY=12345678
|
||||
SEAFILE_NOTES_LIBRARY=12345678
|
||||
SEAFILE_NOTES_LIBRARY=12345678
|
||||
|
|
|
@ -12,9 +12,13 @@ services:
|
|||
volumes:
|
||||
- baikal_data:/var/www/baikal/Specific:rw
|
||||
- baikal_config:/var/www/baikal/config:rw
|
||||
environment:
|
||||
- VIRTUAL_HOST=${HOST_BAIKAL}.${DOMAIN}
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.baikal.rule=Host(`${HOST_BAIKAL}.${DOMAIN}`)
|
||||
- traefik.http.routers.baikal.entrypoints=websecure
|
||||
- traefik.http.routers.baikal.tls=true
|
||||
- traefik.http.services.baikal.loadbalancer.server.port=80
|
||||
|
||||
volumes:
|
||||
baikal_config:
|
||||
baikal_data:
|
||||
baikal_data:
|
||||
|
|
|
@ -21,6 +21,9 @@ services:
|
|||
restart: unless-stopped
|
||||
expose:
|
||||
- 80
|
||||
environment:
|
||||
- VIRTUAL_HOST=${HOST_BLOG}.${DOMAIN}
|
||||
- LETSENCRYPT_HOST=${HOST_BLOG}.${DOMAIN}
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.blog.rule=Host(`${HOST_BLOG}.${DOMAIN}`)
|
||||
- traefik.http.routers.blog.entrypoints=websecure
|
||||
- traefik.http.routers.blog.tls=true
|
||||
- traefik.http.services.blog.loadbalancer.server.port=80
|
||||
|
|
|
@ -17,10 +17,19 @@ services:
|
|||
- ${DELUGE_TORRENT_PORT}:${DELUGE_TORRENT_PORT}/udp
|
||||
volumes:
|
||||
- deluge_config:/config:rw
|
||||
- deluge_downloads:/downloads:rw
|
||||
environment:
|
||||
- VIRTUAL_HOST=${HOST_DELUGE}.${DOMAIN}
|
||||
- VIRTUAL_PORT=8112
|
||||
- deluge_downloads:/downloads:rw
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.deluge.rule=Host(`${HOST_WWW}.${DOMAIN}`) && PathPrefix(`${PATH_DELUGE}`)
|
||||
- traefik.http.routers.deluge.entrypoints=websecure
|
||||
- traefik.http.routers.deluge.tls=true
|
||||
- traefik.http.services.deluge.loadbalancer.server.port=8112
|
||||
- traefik.http.routers.deluge.middlewares=delugeHeader,sameOriginHeader,delugeRedir,delugePStrip
|
||||
- traefik.http.middlewares.delugeHeader.headers.customrequestheaders.X-Deluge-Base=${PATH_DELUGE}/
|
||||
- traefik.http.middlewares.sameOriginHeader.headers.customrequestheaders.X-Frame-Options=SAMEORIGIN
|
||||
- traefik.http.middlewares.delugePStrip.stripprefix.prefixes=${PATH_DELUGE}
|
||||
- traefik.http.middlewares.delugeRedir.redirectregex.regex=^(.*)${PATH_DELUGE}$$
|
||||
- traefik.http.middlewares.delugeRedir.redirectregex.replacement=$${1}${PATH_DELUGE}/
|
||||
|
||||
torrent:
|
||||
container_name: torrent
|
||||
|
@ -32,11 +41,10 @@ services:
|
|||
- deluge_downloads:/downloads:ro
|
||||
expose:
|
||||
- 80
|
||||
environment:
|
||||
- HTTPS_METHOD=nohttps
|
||||
- VIRTUAL_HOST=${HOST_DELUGE_DOWNLOAD}.${DOMAIN}
|
||||
- LETSENCRYPT_HOST=${HOST_DELUGE_DOWNLOAD}.${DOMAIN}
|
||||
# shortcut to bypass traefik limitation
|
||||
ports:
|
||||
- ${DOWNLOAD_HTTP_PORT}:80
|
||||
|
||||
volumes:
|
||||
deluge_config:
|
||||
deluge_downloads:
|
||||
deluge_downloads:
|
||||
|
|
|
@ -13,7 +13,12 @@ services:
|
|||
volumes:
|
||||
- ${ROOT_INSTALL}/data/dokuwiki:/config
|
||||
networks:
|
||||
- srv
|
||||
environment:
|
||||
- VIRTUAL_HOST=${HOST_DOKUWIKI}.${DOMAIN}
|
||||
- LETSENCRYPT_HOST=${HOST_DOKUWIKI}.${DOMAIN}
|
||||
- srv
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.dokuwiki.rule=Host(`${HOST_DOKUWIKI}.${DOMAIN}`)
|
||||
- traefik.http.routers.dokuwiki.entrypoints=websecure
|
||||
- traefik.http.routers.dokuwiki.tls=true
|
||||
- traefik.http.services.dokuwiki.loadbalancer.server.port=80
|
||||
|
||||
|
||||
|
|
|
@ -6,14 +6,21 @@ services:
|
|||
image: nicolargo/glances:3.2.3.1
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- GLANCES_OPT=-w
|
||||
pid: host
|
||||
networks:
|
||||
- srv
|
||||
expose:
|
||||
- 61208
|
||||
environment:
|
||||
- GLANCES_OPT=-w
|
||||
- VIRTUAL_PORT=61208
|
||||
- VIRTUAL_HOST=${HOST_GLANCES}.${DOMAIN}
|
||||
- LETSENCRYPT_HOST=${HOST_GLANCES}.${DOMAIN}
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.glances.rule=Host(`${HOST_WWW}.${DOMAIN}`) && PathPrefix(`${PATH_GLANCES}`)
|
||||
- traefik.http.routers.glances.entrypoints=websecure
|
||||
- traefik.http.routers.glances.tls=true
|
||||
- traefik.http.services.glances.loadbalancer.server.port=61208
|
||||
- traefik.http.routers.glances.middlewares=glancesRedir,glancesPStrip
|
||||
- traefik.http.middlewares.glancesPStrip.stripprefix.prefixes=${PATH_GLANCES}
|
||||
- traefik.http.middlewares.glancesRedir.redirectregex.regex=^(.*)${PATH_GLANCES}$$
|
||||
- traefik.http.middlewares.glancesRedir.redirectregex.replacement=$${1}${PATH_GLANCES}/
|
||||
|
||||
|
|
0
nginx-proxy/docker-compose.nginx.yml
Executable file → Normal file
0
nginx-proxy/docker-compose.nginx.yml
Executable file → Normal file
|
@ -5,8 +5,6 @@ services:
|
|||
container_name: pigallery2
|
||||
environment:
|
||||
NODE_ENV: production
|
||||
VIRTUAL_HOST: ${HOST_PIGALLERY}.${DOMAIN}
|
||||
LETSENCRYPT_HOST: ${HOST_PIGALLERY}.${DOMAIN}
|
||||
image: bpatrik/pigallery2:1.9.0-alpine
|
||||
networks:
|
||||
- srv
|
||||
|
@ -26,9 +24,15 @@ services:
|
|||
cap_add:
|
||||
- SYS_ADMIN
|
||||
healthcheck:
|
||||
disable: true
|
||||
disable: true
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.pigallery_config.rule=Host(`${HOST_PIGALLERY}.${DOMAIN}`)
|
||||
- traefik.http.routers.pigallery_config.entrypoints=websecure
|
||||
- traefik.http.routers.pigallery_config.tls=true
|
||||
- traefik.http.services.pigallery_config.loadbalancer.server.port=80
|
||||
|
||||
volumes:
|
||||
pigallerydb_data:
|
||||
pigallery_tmp:
|
||||
pigallery_config:
|
||||
pigallery_config:
|
||||
|
|
|
@ -12,11 +12,17 @@ services:
|
|||
- srv
|
||||
restart: unless-stopped
|
||||
expose:
|
||||
- 9000
|
||||
environment:
|
||||
- VIRTUAL_PORT=9000
|
||||
- VIRTUAL_HOST=${HOST_PORTAINER}.${DOMAIN}
|
||||
- LETSENCRYPT_HOST=${HOST_PORTAINER}.${DOMAIN}
|
||||
- 9000
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.portainer.rule=Host(`${HOST_WWW}.${DOMAIN}`) && PathPrefix(`${PATH_PORTAINER}`)
|
||||
- traefik.http.routers.portainer.entrypoints=websecure
|
||||
- traefik.http.routers.portainer.tls=true
|
||||
- traefik.http.services.portainer.loadbalancer.server.port=9000
|
||||
- traefik.http.routers.portainer.middlewares=portainerRedir,portainerPStrip
|
||||
- traefik.http.middlewares.portainerPStrip.stripprefix.prefixes=${PATH_PORTAINER}
|
||||
- traefik.http.middlewares.portainerRedir.redirectregex.regex=^(.*)${PATH_PORTAINER}$$
|
||||
- traefik.http.middlewares.portainerRedir.redirectregex.replacement=$${1}${PATH_PORTAINER}/
|
||||
|
||||
volumes:
|
||||
portainer_data:
|
||||
|
|
|
@ -32,8 +32,6 @@ services:
|
|||
SEAFILE_SERVER_HOSTNAME: ${HOST_SEAFILE}.${DOMAIN}
|
||||
SEAFILE_SERVER_LETSENCRYPT: "false"
|
||||
TIME_ZONE: ${TZ}
|
||||
VIRTUAL_HOST: ${HOST_SEAFILE}.${DOMAIN}
|
||||
LETSENCRYPT_HOST: ${HOST_SEAFILE}.${DOMAIN}
|
||||
image: seafileltd/seafile-mc:latest
|
||||
networks:
|
||||
- srv
|
||||
|
@ -50,7 +48,13 @@ services:
|
|||
privileged: true
|
||||
cap_add:
|
||||
- SYS_ADMIN
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.seafile.rule=Host(`${HOST_SEAFILE}.${DOMAIN}`)
|
||||
- traefik.http.routers.seafile.entrypoints=websecure
|
||||
- traefik.http.routers.seafile.tls=true
|
||||
- traefik.http.services.seafile.loadbalancer.server.port=80
|
||||
|
||||
volumes:
|
||||
seafile_db:
|
||||
seafile_data:
|
||||
seafile_data:
|
||||
|
|
|
@ -11,10 +11,12 @@ services:
|
|||
restart: unless-stopped
|
||||
expose:
|
||||
- 8888
|
||||
environment:
|
||||
- VIRTUAL_PORT=8888
|
||||
- VIRTUAL_HOST=${HOST_SELFOSS}.${DOMAIN}
|
||||
- LETSENCRYPT_HOST=${HOST_SELFOSS}.${DOMAIN}
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.selfoss.rule=Host(`${HOST_SELFOSS}.${DOMAIN}`)
|
||||
- traefik.http.routers.selfoss.entrypoints=websecure
|
||||
- traefik.http.routers.selfoss.tls=true
|
||||
- traefik.http.services.selfoss.loadbalancer.server.port=8888
|
||||
|
||||
volumes:
|
||||
selfoss_data:
|
||||
selfoss_data:
|
||||
|
|
|
@ -12,10 +12,13 @@ services:
|
|||
restart: unless-stopped
|
||||
expose:
|
||||
- 80
|
||||
environment:
|
||||
- VIRTUAL_HOST=${HOST_SHAARLI}.${DOMAIN}
|
||||
- LETSENCRYPT_HOST=${HOST_SHAARLI}.${DOMAIN}
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.shaarli.rule=Host(`${HOST_SHAARLI}.${DOMAIN}`)
|
||||
- traefik.http.routers.shaarli.entrypoints=websecure
|
||||
- traefik.http.routers.shaarli.tls=true
|
||||
- traefik.http.services.shaarli.loadbalancer.server.port=80
|
||||
|
||||
volumes:
|
||||
shaarli-data:
|
||||
shaarli-cache:
|
||||
shaarli-cache:
|
||||
|
|
0
traefik/acme.json
Normal file
0
traefik/acme.json
Normal file
52
traefik/docker-compose.traefik.yml
Executable file
52
traefik/docker-compose.traefik.yml
Executable file
|
@ -0,0 +1,52 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
traefik:
|
||||
container_name: traefik
|
||||
image: traefik:v2.2.1
|
||||
command:
|
||||
- --providers.docker=true
|
||||
- --providers.docker.exposedbydefault=false
|
||||
- --api=true
|
||||
- --entrypoints.web.address=:80
|
||||
- --entrypoints.websecure.address=:443
|
||||
- --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
|
||||
- --certificatesresolvers.letsencrypt.acme.storage=/acme.json
|
||||
- --certificatesResolvers.letsencrypt.acme.dnsChallenge=true
|
||||
- --certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
|
||||
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=gandiv5
|
||||
- --certificatesResolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=0
|
||||
# staging server
|
||||
#- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
environment:
|
||||
- GANDIV5_API_KEY=${GANDIV5_API_KEY}
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
|
||||
- traefik.http.routers.api.entrypoints=web
|
||||
- traefik.http.routers.api.entrypoints=websecure
|
||||
- traefik.http.routers.api.service=api@internal
|
||||
- traefik.http.routers.api.middlewares=auth
|
||||
- traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}
|
||||
# request widlcard certificate
|
||||
- traefik.http.routers.api.tls.certresolver=letsencrypt
|
||||
- traefik.http.routers.api.tls.domains[0].main=${DOMAIN}
|
||||
- traefik.http.routers.api.tls.domains[0].sans=*.${DOMAIN}
|
||||
# global redirect to https
|
||||
- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
|
||||
- traefik.http.routers.http-catchall.entrypoints=web
|
||||
- traefik.http.routers.http-catchall.middlewares=redirect-to-https
|
||||
# middleware redirect
|
||||
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
|
||||
- traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
expose:
|
||||
- 8080
|
||||
networks:
|
||||
- srv
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ${ROOT_INSTALL}/hosting/traefik/acme.json:/acme.json
|
|
@ -14,10 +14,14 @@ services:
|
|||
- wallabag_images:/var/www/wallabag/web/assets/images:rw
|
||||
environment:
|
||||
- SYMFONY__ENV__DOMAIN_NAME="https://${HOST_WALLABAG}.${DOMAIN}"
|
||||
- SYMFONY__ENV__FOSUSER_REGISTRATION=false
|
||||
- VIRTUAL_HOST=${HOST_WALLABAG}.${DOMAIN}
|
||||
- LETSENCRYPT_HOST=${HOST_WALLABAG}.${DOMAIN}
|
||||
- SYMFONY__ENV__FOSUSER_REGISTRATION=false
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.wallabag.rule=Host(`${HOST_WALLABAG}.${DOMAIN}`)
|
||||
- traefik.http.routers.wallabag.entrypoints=websecure
|
||||
- traefik.http.routers.wallabag.tls=true
|
||||
- traefik.http.services.wallabag.loadbalancer.server.port=80
|
||||
|
||||
volumes:
|
||||
wallabag_data:
|
||||
wallabag_images:
|
||||
wallabag_images:
|
||||
|
|
|
@ -9,7 +9,9 @@ services:
|
|||
- srv
|
||||
expose:
|
||||
- 80
|
||||
environment:
|
||||
- VIRTUAL_HOST=${DOMAIN},${HOST_WWW}.${DOMAIN}
|
||||
- LETSENCRYPT_HOST=${DOMAIN},${HOST_WWW}.${DOMAIN}
|
||||
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.www.rule=Host(`${HOST_WWW}.${DOMAIN}`)
|
||||
- traefik.http.routers.www.entrypoints=websecure
|
||||
- traefik.http.routers.www.tls=true
|
||||
- traefik.http.services.www.loadbalancer.server.port=80
|
||||
|
|
Loading…
Add table
Reference in a new issue