From 4c2bdef32e69ce7faf6df4a3a5461ebcd7f39942 Mon Sep 17 00:00:00 2001 From: Yax <1949284+kianby@users.noreply.github.com> Date: Mon, 1 Nov 2021 19:10:42 +0100 Subject: [PATCH] back to traefik --- .env.default | 21 +++++++---- baikal/docker-compose.baikal.yml | 10 +++-- blog/docker-compose.blog.yml | 9 +++-- deluge/docker-compose.deluge.yml | 26 ++++++++----- dokuwiki/docker-compose.dokuwiki.yml | 13 +++++-- glances/docker-compose.glances.yml | 17 ++++++--- nginx-proxy/docker-compose.nginx.yml | 0 photo/docker-compose.photo.yml | 12 ++++-- portainer/docker-compose.portainer.yml | 16 +++++--- seafile/docker-compose.seafile.yml | 10 +++-- selfoss/docker-compose.selfoss.yml | 12 +++--- shaarli/docker-compose.shaarli.yml | 11 ++++-- traefik/acme.json | 0 traefik/docker-compose.traefik.yml | 52 ++++++++++++++++++++++++++ wallabag/docker-compose.wallabag.yml | 12 ++++-- www/docker-compose.www.yml | 10 +++-- 16 files changed, 171 insertions(+), 60 deletions(-) mode change 100755 => 100644 nginx-proxy/docker-compose.nginx.yml create mode 100644 traefik/acme.json create mode 100755 traefik/docker-compose.traefik.yml diff --git a/.env.default b/.env.default index 2f6bd4d..ea85789 100644 --- a/.env.default +++ b/.env.default @@ -1,35 +1,42 @@ # ssl +GANDIV5_API_KEY=xxxxxxxxxxxxxxxxx LETSENCRYPT_EMAIL=root@localhost.localdomain -LETSENCRYPT_GENERATE=false + # sites -DOMAIN=localhost.localdomain -HOST_BAIKAL=baikal +DOMAIN=traefik.me +HOST_BAIKAL= HOST_BLOG=blog HOST_DELUGE=deluge -HOST_DELUGE_DOWNLOAD=delugedownload HOST_DOKUWIKI=dokuwiki HOST_GLANCES=glances -HOST_MAIL=mail -HOST_NETDATA=netdata +HOST_MAIL= +HOST_NETDATA= HOST_PIGALLERY=pigallery HOST_PORTAINER=portainer HOST_SEAFILE=seafile HOST_SELFOSS=selfoss HOST_SHAARLI=shaarli +HOST_TRAEFIK=traefik HOST_WALLABAG=wallabag HOST_WWW=www +PATH_PORTAINER=/portainer +PATH_GLANCES=/glances +PATH_DELUGE=/deluge + # other TZ=Europe/Paris BASIC_AUTH=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/ ROOT_INSTALL=/srv DB_ROOT_PASSWORD=rootpassword ADMIN_EMAIL=root@localdomain + # torrent DELUGE_TORRENT_PORT=6881 DOWNLOAD_HTTP_PORT=8000 + # seafile SEAFILE_ADMIN_PASSWORD=abc123456 SEAFILE_REGULAR_USER=johndoe SEAFILE_REGULAR_PASSWORD=johnpassword SEAFILE_PHOTO_LIBRARY=12345678 -SEAFILE_NOTES_LIBRARY=12345678 \ No newline at end of file +SEAFILE_NOTES_LIBRARY=12345678 diff --git a/baikal/docker-compose.baikal.yml b/baikal/docker-compose.baikal.yml index 81ef286..b3452da 100644 --- a/baikal/docker-compose.baikal.yml +++ b/baikal/docker-compose.baikal.yml @@ -12,9 +12,13 @@ services: volumes: - baikal_data:/var/www/baikal/Specific:rw - baikal_config:/var/www/baikal/config:rw - environment: - - VIRTUAL_HOST=${HOST_BAIKAL}.${DOMAIN} + labels: + - traefik.enable=true + - traefik.http.routers.baikal.rule=Host(`${HOST_BAIKAL}.${DOMAIN}`) + - traefik.http.routers.baikal.entrypoints=websecure + - traefik.http.routers.baikal.tls=true + - traefik.http.services.baikal.loadbalancer.server.port=80 volumes: baikal_config: - baikal_data: \ No newline at end of file + baikal_data: diff --git a/blog/docker-compose.blog.yml b/blog/docker-compose.blog.yml index c90f88b..870ffa3 100755 --- a/blog/docker-compose.blog.yml +++ b/blog/docker-compose.blog.yml @@ -21,6 +21,9 @@ services: restart: unless-stopped expose: - 80 - environment: - - VIRTUAL_HOST=${HOST_BLOG}.${DOMAIN} - - LETSENCRYPT_HOST=${HOST_BLOG}.${DOMAIN} + labels: + - traefik.enable=true + - traefik.http.routers.blog.rule=Host(`${HOST_BLOG}.${DOMAIN}`) + - traefik.http.routers.blog.entrypoints=websecure + - traefik.http.routers.blog.tls=true + - traefik.http.services.blog.loadbalancer.server.port=80 diff --git a/deluge/docker-compose.deluge.yml b/deluge/docker-compose.deluge.yml index 0399a6e..525783a 100755 --- a/deluge/docker-compose.deluge.yml +++ b/deluge/docker-compose.deluge.yml @@ -17,10 +17,19 @@ services: - ${DELUGE_TORRENT_PORT}:${DELUGE_TORRENT_PORT}/udp volumes: - deluge_config:/config:rw - - deluge_downloads:/downloads:rw - environment: - - VIRTUAL_HOST=${HOST_DELUGE}.${DOMAIN} - - VIRTUAL_PORT=8112 + - deluge_downloads:/downloads:rw + labels: + - traefik.enable=true + - traefik.http.routers.deluge.rule=Host(`${HOST_WWW}.${DOMAIN}`) && PathPrefix(`${PATH_DELUGE}`) + - traefik.http.routers.deluge.entrypoints=websecure + - traefik.http.routers.deluge.tls=true + - traefik.http.services.deluge.loadbalancer.server.port=8112 + - traefik.http.routers.deluge.middlewares=delugeHeader,sameOriginHeader,delugeRedir,delugePStrip + - traefik.http.middlewares.delugeHeader.headers.customrequestheaders.X-Deluge-Base=${PATH_DELUGE}/ + - traefik.http.middlewares.sameOriginHeader.headers.customrequestheaders.X-Frame-Options=SAMEORIGIN + - traefik.http.middlewares.delugePStrip.stripprefix.prefixes=${PATH_DELUGE} + - traefik.http.middlewares.delugeRedir.redirectregex.regex=^(.*)${PATH_DELUGE}$$ + - traefik.http.middlewares.delugeRedir.redirectregex.replacement=$${1}${PATH_DELUGE}/ torrent: container_name: torrent @@ -32,11 +41,10 @@ services: - deluge_downloads:/downloads:ro expose: - 80 - environment: - - HTTPS_METHOD=nohttps - - VIRTUAL_HOST=${HOST_DELUGE_DOWNLOAD}.${DOMAIN} - - LETSENCRYPT_HOST=${HOST_DELUGE_DOWNLOAD}.${DOMAIN} + # shortcut to bypass traefik limitation + ports: + - ${DOWNLOAD_HTTP_PORT}:80 volumes: deluge_config: - deluge_downloads: \ No newline at end of file + deluge_downloads: diff --git a/dokuwiki/docker-compose.dokuwiki.yml b/dokuwiki/docker-compose.dokuwiki.yml index 63542ac..fddf39f 100755 --- a/dokuwiki/docker-compose.dokuwiki.yml +++ b/dokuwiki/docker-compose.dokuwiki.yml @@ -13,7 +13,12 @@ services: volumes: - ${ROOT_INSTALL}/data/dokuwiki:/config networks: - - srv - environment: - - VIRTUAL_HOST=${HOST_DOKUWIKI}.${DOMAIN} - - LETSENCRYPT_HOST=${HOST_DOKUWIKI}.${DOMAIN} \ No newline at end of file + - srv + labels: + - traefik.enable=true + - traefik.http.routers.dokuwiki.rule=Host(`${HOST_DOKUWIKI}.${DOMAIN}`) + - traefik.http.routers.dokuwiki.entrypoints=websecure + - traefik.http.routers.dokuwiki.tls=true + - traefik.http.services.dokuwiki.loadbalancer.server.port=80 + + diff --git a/glances/docker-compose.glances.yml b/glances/docker-compose.glances.yml index 3637021..7be2e51 100755 --- a/glances/docker-compose.glances.yml +++ b/glances/docker-compose.glances.yml @@ -6,14 +6,21 @@ services: image: nicolargo/glances:3.2.3.1 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + - GLANCES_OPT=-w pid: host networks: - srv expose: - 61208 - environment: - - GLANCES_OPT=-w - - VIRTUAL_PORT=61208 - - VIRTUAL_HOST=${HOST_GLANCES}.${DOMAIN} - - LETSENCRYPT_HOST=${HOST_GLANCES}.${DOMAIN} + labels: + - traefik.enable=true + - traefik.http.routers.glances.rule=Host(`${HOST_WWW}.${DOMAIN}`) && PathPrefix(`${PATH_GLANCES}`) + - traefik.http.routers.glances.entrypoints=websecure + - traefik.http.routers.glances.tls=true + - traefik.http.services.glances.loadbalancer.server.port=61208 + - traefik.http.routers.glances.middlewares=glancesRedir,glancesPStrip + - traefik.http.middlewares.glancesPStrip.stripprefix.prefixes=${PATH_GLANCES} + - traefik.http.middlewares.glancesRedir.redirectregex.regex=^(.*)${PATH_GLANCES}$$ + - traefik.http.middlewares.glancesRedir.redirectregex.replacement=$${1}${PATH_GLANCES}/ diff --git a/nginx-proxy/docker-compose.nginx.yml b/nginx-proxy/docker-compose.nginx.yml old mode 100755 new mode 100644 diff --git a/photo/docker-compose.photo.yml b/photo/docker-compose.photo.yml index 33858d2..46e3eab 100755 --- a/photo/docker-compose.photo.yml +++ b/photo/docker-compose.photo.yml @@ -5,8 +5,6 @@ services: container_name: pigallery2 environment: NODE_ENV: production - VIRTUAL_HOST: ${HOST_PIGALLERY}.${DOMAIN} - LETSENCRYPT_HOST: ${HOST_PIGALLERY}.${DOMAIN} image: bpatrik/pigallery2:1.9.0-alpine networks: - srv @@ -26,9 +24,15 @@ services: cap_add: - SYS_ADMIN healthcheck: - disable: true + disable: true + labels: + - traefik.enable=true + - traefik.http.routers.pigallery_config.rule=Host(`${HOST_PIGALLERY}.${DOMAIN}`) + - traefik.http.routers.pigallery_config.entrypoints=websecure + - traefik.http.routers.pigallery_config.tls=true + - traefik.http.services.pigallery_config.loadbalancer.server.port=80 volumes: pigallerydb_data: pigallery_tmp: - pigallery_config: \ No newline at end of file + pigallery_config: diff --git a/portainer/docker-compose.portainer.yml b/portainer/docker-compose.portainer.yml index 16dae84..0f1df9d 100755 --- a/portainer/docker-compose.portainer.yml +++ b/portainer/docker-compose.portainer.yml @@ -12,11 +12,17 @@ services: - srv restart: unless-stopped expose: - - 9000 - environment: - - VIRTUAL_PORT=9000 - - VIRTUAL_HOST=${HOST_PORTAINER}.${DOMAIN} - - LETSENCRYPT_HOST=${HOST_PORTAINER}.${DOMAIN} + - 9000 + labels: + - traefik.enable=true + - traefik.http.routers.portainer.rule=Host(`${HOST_WWW}.${DOMAIN}`) && PathPrefix(`${PATH_PORTAINER}`) + - traefik.http.routers.portainer.entrypoints=websecure + - traefik.http.routers.portainer.tls=true + - traefik.http.services.portainer.loadbalancer.server.port=9000 + - traefik.http.routers.portainer.middlewares=portainerRedir,portainerPStrip + - traefik.http.middlewares.portainerPStrip.stripprefix.prefixes=${PATH_PORTAINER} + - traefik.http.middlewares.portainerRedir.redirectregex.regex=^(.*)${PATH_PORTAINER}$$ + - traefik.http.middlewares.portainerRedir.redirectregex.replacement=$${1}${PATH_PORTAINER}/ volumes: portainer_data: diff --git a/seafile/docker-compose.seafile.yml b/seafile/docker-compose.seafile.yml index 451bf8e..2121608 100755 --- a/seafile/docker-compose.seafile.yml +++ b/seafile/docker-compose.seafile.yml @@ -32,8 +32,6 @@ services: SEAFILE_SERVER_HOSTNAME: ${HOST_SEAFILE}.${DOMAIN} SEAFILE_SERVER_LETSENCRYPT: "false" TIME_ZONE: ${TZ} - VIRTUAL_HOST: ${HOST_SEAFILE}.${DOMAIN} - LETSENCRYPT_HOST: ${HOST_SEAFILE}.${DOMAIN} image: seafileltd/seafile-mc:latest networks: - srv @@ -50,7 +48,13 @@ services: privileged: true cap_add: - SYS_ADMIN + labels: + - traefik.enable=true + - traefik.http.routers.seafile.rule=Host(`${HOST_SEAFILE}.${DOMAIN}`) + - traefik.http.routers.seafile.entrypoints=websecure + - traefik.http.routers.seafile.tls=true + - traefik.http.services.seafile.loadbalancer.server.port=80 volumes: seafile_db: - seafile_data: \ No newline at end of file + seafile_data: diff --git a/selfoss/docker-compose.selfoss.yml b/selfoss/docker-compose.selfoss.yml index b4e69c8..f57f4b5 100755 --- a/selfoss/docker-compose.selfoss.yml +++ b/selfoss/docker-compose.selfoss.yml @@ -11,10 +11,12 @@ services: restart: unless-stopped expose: - 8888 - environment: - - VIRTUAL_PORT=8888 - - VIRTUAL_HOST=${HOST_SELFOSS}.${DOMAIN} - - LETSENCRYPT_HOST=${HOST_SELFOSS}.${DOMAIN} + labels: + - traefik.enable=true + - traefik.http.routers.selfoss.rule=Host(`${HOST_SELFOSS}.${DOMAIN}`) + - traefik.http.routers.selfoss.entrypoints=websecure + - traefik.http.routers.selfoss.tls=true + - traefik.http.services.selfoss.loadbalancer.server.port=8888 volumes: - selfoss_data: \ No newline at end of file + selfoss_data: diff --git a/shaarli/docker-compose.shaarli.yml b/shaarli/docker-compose.shaarli.yml index adee4ed..040980e 100755 --- a/shaarli/docker-compose.shaarli.yml +++ b/shaarli/docker-compose.shaarli.yml @@ -12,10 +12,13 @@ services: restart: unless-stopped expose: - 80 - environment: - - VIRTUAL_HOST=${HOST_SHAARLI}.${DOMAIN} - - LETSENCRYPT_HOST=${HOST_SHAARLI}.${DOMAIN} + labels: + - traefik.enable=true + - traefik.http.routers.shaarli.rule=Host(`${HOST_SHAARLI}.${DOMAIN}`) + - traefik.http.routers.shaarli.entrypoints=websecure + - traefik.http.routers.shaarli.tls=true + - traefik.http.services.shaarli.loadbalancer.server.port=80 volumes: shaarli-data: - shaarli-cache: \ No newline at end of file + shaarli-cache: diff --git a/traefik/acme.json b/traefik/acme.json new file mode 100644 index 0000000..e69de29 diff --git a/traefik/docker-compose.traefik.yml b/traefik/docker-compose.traefik.yml new file mode 100755 index 0000000..270738e --- /dev/null +++ b/traefik/docker-compose.traefik.yml @@ -0,0 +1,52 @@ +version: '3' + +services: + traefik: + container_name: traefik + image: traefik:v2.2.1 + command: + - --providers.docker=true + - --providers.docker.exposedbydefault=false + - --api=true + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL} + - --certificatesresolvers.letsencrypt.acme.storage=/acme.json + - --certificatesResolvers.letsencrypt.acme.dnsChallenge=true + - --certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53 + - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=gandiv5 + - --certificatesResolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=0 + # staging server + #- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory + environment: + - GANDIV5_API_KEY=${GANDIV5_API_KEY} + labels: + - traefik.enable=true + - traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`) + - traefik.http.routers.api.entrypoints=web + - traefik.http.routers.api.entrypoints=websecure + - traefik.http.routers.api.service=api@internal + - traefik.http.routers.api.middlewares=auth + - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH} + # request widlcard certificate + - traefik.http.routers.api.tls.certresolver=letsencrypt + - traefik.http.routers.api.tls.domains[0].main=${DOMAIN} + - traefik.http.routers.api.tls.domains[0].sans=*.${DOMAIN} + # global redirect to https + - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) + - traefik.http.routers.http-catchall.entrypoints=web + - traefik.http.routers.http-catchall.middlewares=redirect-to-https + # middleware redirect + - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https + - traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true + ports: + - 80:80 + - 443:443 + expose: + - 8080 + networks: + - srv + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ${ROOT_INSTALL}/hosting/traefik/acme.json:/acme.json diff --git a/wallabag/docker-compose.wallabag.yml b/wallabag/docker-compose.wallabag.yml index 77d678e..a7f7c81 100755 --- a/wallabag/docker-compose.wallabag.yml +++ b/wallabag/docker-compose.wallabag.yml @@ -14,10 +14,14 @@ services: - wallabag_images:/var/www/wallabag/web/assets/images:rw environment: - SYMFONY__ENV__DOMAIN_NAME="https://${HOST_WALLABAG}.${DOMAIN}" - - SYMFONY__ENV__FOSUSER_REGISTRATION=false - - VIRTUAL_HOST=${HOST_WALLABAG}.${DOMAIN} - - LETSENCRYPT_HOST=${HOST_WALLABAG}.${DOMAIN} + - SYMFONY__ENV__FOSUSER_REGISTRATION=false + labels: + - traefik.enable=true + - traefik.http.routers.wallabag.rule=Host(`${HOST_WALLABAG}.${DOMAIN}`) + - traefik.http.routers.wallabag.entrypoints=websecure + - traefik.http.routers.wallabag.tls=true + - traefik.http.services.wallabag.loadbalancer.server.port=80 volumes: wallabag_data: - wallabag_images: \ No newline at end of file + wallabag_images: diff --git a/www/docker-compose.www.yml b/www/docker-compose.www.yml index 8c1dbbb..1d8bf6d 100755 --- a/www/docker-compose.www.yml +++ b/www/docker-compose.www.yml @@ -9,7 +9,9 @@ services: - srv expose: - 80 - environment: - - VIRTUAL_HOST=${DOMAIN},${HOST_WWW}.${DOMAIN} - - LETSENCRYPT_HOST=${DOMAIN},${HOST_WWW}.${DOMAIN} - + labels: + - traefik.enable=true + - traefik.http.routers.www.rule=Host(`${HOST_WWW}.${DOMAIN}`) + - traefik.http.routers.www.entrypoints=websecure + - traefik.http.routers.www.tls=true + - traefik.http.services.www.loadbalancer.server.port=80