diff --git a/.env.default b/.env.default index ea85789..5783623 100644 --- a/.env.default +++ b/.env.default @@ -2,17 +2,16 @@ GANDIV5_API_KEY=xxxxxxxxxxxxxxxxx LETSENCRYPT_EMAIL=root@localhost.localdomain -# sites -DOMAIN=traefik.me +# off sites HOST_BAIKAL= -HOST_BLOG=blog -HOST_DELUGE=deluge -HOST_DOKUWIKI=dokuwiki -HOST_GLANCES=glances HOST_MAIL= HOST_NETDATA= + +# sites +DOMAIN=traefik.me +HOST_BLOG=blog +HOST_DOKUWIKI=dokuwiki HOST_PIGALLERY=pigallery -HOST_PORTAINER=portainer HOST_SEAFILE=seafile HOST_SELFOSS=selfoss HOST_SHAARLI=shaarli diff --git a/baikal/docker-compose.baikal.yml b/baikal/docker-compose.baikal.yml index b3452da..57e9a25 100644 --- a/baikal/docker-compose.baikal.yml +++ b/baikal/docker-compose.baikal.yml @@ -15,7 +15,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.baikal.rule=Host(`${HOST_BAIKAL}.${DOMAIN}`) - - traefik.http.routers.baikal.entrypoints=websecure + - traefik.http.routers.baikal.entrypoints=https - traefik.http.routers.baikal.tls=true - traefik.http.services.baikal.loadbalancer.server.port=80 diff --git a/blog/docker-compose.blog.yml b/blog/docker-compose.blog.yml index 870ffa3..21efa75 100755 --- a/blog/docker-compose.blog.yml +++ b/blog/docker-compose.blog.yml @@ -24,6 +24,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.blog.rule=Host(`${HOST_BLOG}.${DOMAIN}`) - - traefik.http.routers.blog.entrypoints=websecure + - traefik.http.routers.blog.entrypoints=https - traefik.http.routers.blog.tls=true - traefik.http.services.blog.loadbalancer.server.port=80 diff --git a/deluge/docker-compose.deluge.yml b/deluge/docker-compose.deluge.yml index 525783a..9bc6519 100755 --- a/deluge/docker-compose.deluge.yml +++ b/deluge/docker-compose.deluge.yml @@ -21,7 +21,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.deluge.rule=Host(`${HOST_WWW}.${DOMAIN}`) && PathPrefix(`${PATH_DELUGE}`) - - traefik.http.routers.deluge.entrypoints=websecure + - traefik.http.routers.deluge.entrypoints=https - traefik.http.routers.deluge.tls=true - traefik.http.services.deluge.loadbalancer.server.port=8112 - traefik.http.routers.deluge.middlewares=delugeHeader,sameOriginHeader,delugeRedir,delugePStrip diff --git a/dokuwiki/docker-compose.dokuwiki.yml b/dokuwiki/docker-compose.dokuwiki.yml index fddf39f..1be4eec 100755 --- a/dokuwiki/docker-compose.dokuwiki.yml +++ b/dokuwiki/docker-compose.dokuwiki.yml @@ -17,7 +17,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.dokuwiki.rule=Host(`${HOST_DOKUWIKI}.${DOMAIN}`) - - traefik.http.routers.dokuwiki.entrypoints=websecure + - traefik.http.routers.dokuwiki.entrypoints=https - traefik.http.routers.dokuwiki.tls=true - traefik.http.services.dokuwiki.loadbalancer.server.port=80 diff --git a/glances/docker-compose.glances.yml b/glances/docker-compose.glances.yml index 7be2e51..744d433 100755 --- a/glances/docker-compose.glances.yml +++ b/glances/docker-compose.glances.yml @@ -16,7 +16,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.glances.rule=Host(`${HOST_WWW}.${DOMAIN}`) && PathPrefix(`${PATH_GLANCES}`) - - traefik.http.routers.glances.entrypoints=websecure + - traefik.http.routers.glances.entrypoints=https - traefik.http.routers.glances.tls=true - traefik.http.services.glances.loadbalancer.server.port=61208 - traefik.http.routers.glances.middlewares=glancesRedir,glancesPStrip diff --git a/netdata/docker-compose.netdata.yml b/netdata/docker-compose.netdata.yml index 159dba0..e9ddb7f 100644 --- a/netdata/docker-compose.netdata.yml +++ b/netdata/docker-compose.netdata.yml @@ -27,7 +27,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.netdata.rule=Host(`${HOST_NETDATA}.${DOMAIN}`) - - traefik.http.routers.netdata.entrypoints=websecure + - traefik.http.routers.netdata.entrypoints=https - traefik.http.routers.netdata.tls=true - traefik.http.routers.netdata.middlewares=auth - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH} diff --git a/nginx-proxy/docker-compose.nginx.yml b/nginx-proxy/docker-compose.nginx.yml deleted file mode 100644 index fa62325..0000000 --- a/nginx-proxy/docker-compose.nginx.yml +++ /dev/null @@ -1,48 +0,0 @@ -version: '3' - -services: - nginx-proxy: - container_name: nginx-proxy - image: nginxproxy/nginx-proxy - ports: - - 80:80 - - 443:443 - labels: - - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true - environment: - - DEFAULT_HOST=${HOST_WWW}.${DOMAIN} - - DHPARAM_GENERATION=${LETSENCRYPT_GENERATE} - networks: - - srv - volumes: - - /var/run/docker.sock:/tmp/docker.sock:ro - - ${ROOT_INSTALL}/data/nginx-proxy/conf.d:/etc/nginx/conf.d - - ${ROOT_INSTALL}/data/nginx-proxy/vhost.d:/etc/nginx/vhost.d - - ${ROOT_INSTALL}/data/nginx-proxy/dhparam:/etc/nginx/dhparam - - ${ROOT_INSTALL}/data/nginx-proxy/html:/usr/share/nginx/html - - ${ROOT_INSTALL}/data/nginx-proxy/certs:/etc/nginx/certs:ro - - ${ROOT_INSTALL}/data/nginx-proxy/htpasswd:/etc/nginx/htpasswd:ro - - acme-companion: - image: nginxproxy/acme-companion - container_name: nginx-proxy-acme - environment: - - DEFAULT_EMAIL=${LETSENCRYPT_EMAIL} - - NGINX_PROXY_CONTAINER=nginx-proxy -# - ACME_CA_URI=https://acme-staging-v02.api.letsencrypt.org/directory - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - ${ROOT_INSTALL}/data/nginx-proxy/conf.d:/etc/nginx/conf.d - - ${ROOT_INSTALL}/data/nginx-proxy/vhost.d:/etc/nginx/vhost.d - - ${ROOT_INSTALL}/data/nginx-proxy/html:/usr/share/nginx/html - - ${ROOT_INSTALL}/data/nginx-proxy/certs:/etc/nginx/certs:rw - - ${ROOT_INSTALL}/data/nginx-proxy/acme.sh:/etc/acme.sh - networks: - - srv - -volumes: - conf: - dhparam: - html: - certs: - acme: \ No newline at end of file diff --git a/photo/docker-compose.photo.yml b/photo/docker-compose.photo.yml index 46e3eab..63da3c3 100755 --- a/photo/docker-compose.photo.yml +++ b/photo/docker-compose.photo.yml @@ -28,7 +28,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.pigallery_config.rule=Host(`${HOST_PIGALLERY}.${DOMAIN}`) - - traefik.http.routers.pigallery_config.entrypoints=websecure + - traefik.http.routers.pigallery_config.entrypoints=https - traefik.http.routers.pigallery_config.tls=true - traefik.http.services.pigallery_config.loadbalancer.server.port=80 diff --git a/portainer/docker-compose.portainer.yml b/portainer/docker-compose.portainer.yml index 0f1df9d..77c197b 100755 --- a/portainer/docker-compose.portainer.yml +++ b/portainer/docker-compose.portainer.yml @@ -16,7 +16,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.portainer.rule=Host(`${HOST_WWW}.${DOMAIN}`) && PathPrefix(`${PATH_PORTAINER}`) - - traefik.http.routers.portainer.entrypoints=websecure + - traefik.http.routers.portainer.entrypoints=https - traefik.http.routers.portainer.tls=true - traefik.http.services.portainer.loadbalancer.server.port=9000 - traefik.http.routers.portainer.middlewares=portainerRedir,portainerPStrip diff --git a/posteio/docker-compose.posteio.yml b/posteio/docker-compose.posteio.yml index 484fca6..839be28 100644 --- a/posteio/docker-compose.posteio.yml +++ b/posteio/docker-compose.posteio.yml @@ -17,7 +17,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.posteio.rule=Host(`${HOST_MAIL}.${DOMAIN}`) - - traefik.http.routers.posteio.entrypoints=websecure + - traefik.http.routers.posteio.entrypoints=https - traefik.http.routers.posteio.tls=true - traefik.http.services.posteio.loadbalancer.server.port=80 networks: diff --git a/seafile/docker-compose.seafile.yml b/seafile/docker-compose.seafile.yml index 2121608..974f348 100755 --- a/seafile/docker-compose.seafile.yml +++ b/seafile/docker-compose.seafile.yml @@ -51,7 +51,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.seafile.rule=Host(`${HOST_SEAFILE}.${DOMAIN}`) - - traefik.http.routers.seafile.entrypoints=websecure + - traefik.http.routers.seafile.entrypoints=https - traefik.http.routers.seafile.tls=true - traefik.http.services.seafile.loadbalancer.server.port=80 diff --git a/selfoss/docker-compose.selfoss.yml b/selfoss/docker-compose.selfoss.yml index f57f4b5..fa3c35b 100755 --- a/selfoss/docker-compose.selfoss.yml +++ b/selfoss/docker-compose.selfoss.yml @@ -14,7 +14,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.selfoss.rule=Host(`${HOST_SELFOSS}.${DOMAIN}`) - - traefik.http.routers.selfoss.entrypoints=websecure + - traefik.http.routers.selfoss.entrypoints=https - traefik.http.routers.selfoss.tls=true - traefik.http.services.selfoss.loadbalancer.server.port=8888 diff --git a/shaarli/docker-compose.shaarli.yml b/shaarli/docker-compose.shaarli.yml index 040980e..3e638dd 100755 --- a/shaarli/docker-compose.shaarli.yml +++ b/shaarli/docker-compose.shaarli.yml @@ -15,7 +15,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.shaarli.rule=Host(`${HOST_SHAARLI}.${DOMAIN}`) - - traefik.http.routers.shaarli.entrypoints=websecure + - traefik.http.routers.shaarli.entrypoints=https - traefik.http.routers.shaarli.tls=true - traefik.http.services.shaarli.loadbalancer.server.port=80 diff --git a/traefik/docker-compose.traefik-local.yml b/traefik/docker-compose.traefik-local.yml new file mode 100755 index 0000000..99f3637 --- /dev/null +++ b/traefik/docker-compose.traefik-local.yml @@ -0,0 +1,65 @@ +version: '3' + +services: + traefik: + container_name: traefik + image: traefik:v2.2.1 + command: + - --providers.docker=true + - --providers.docker.exposedbydefault=false + - --api=true + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + # - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL} + # - --certificatesresolvers.letsencrypt.acme.storage=/acme.json + # - --certificatesResolvers.letsencrypt.acme.dnsChallenge=true + # - --certificatesResolvers.letsencrypt.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53 + # - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=gandiv5 + # - --certificatesResolvers.letsencrypt.acme.dnsChallenge.delayBeforeCheck=0 + # staging server + #- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory + # environment: + # - GANDIV5_API_KEY=${GANDIV5_API_KEY} + #labels: + # - traefik.enable=true + # - traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`) + # - traefik.http.routers.api.entrypoints=web + # - traefik.http.routers.api.entrypoints=websecure + # - traefik.http.routers.api.service=api@internal + # - traefik.http.routers.api.middlewares=auth + # - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH} + # request widlcard certificate + # - traefik.http.routers.api.tls.certresolver=letsencrypt + # - traefik.http.routers.api.tls.domains[0].main=${DOMAIN} + # - traefik.http.routers.api.tls.domains[0].sans=*.${DOMAIN} + # global redirect to https + # - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) + # - traefik.http.routers.http-catchall.entrypoints=web + # - traefik.http.routers.http-catchall.middlewares=redirect-to-https + # middleware redirect + # - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https + # - traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true + ports: + - 80:80 + - 443:443 + expose: + - 8080 + networks: + - srv + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ${ROOT_INSTALL}/hosting/traefik/traefik.yml:/etc/traefik/traefik.yml + - ${ROOT_INSTALL}/hosting/traefik/tls.yml:/etc/traefik/tls.yml + - certs:/etc/ssl/traefik + + reverse-proxy-https-helper: + image: alpine + command: sh -c "cd /etc/ssl/traefik + && wget traefik.me/cert.pem -O cert.pem + && wget traefik.me/privkey.pem -O privkey.pem" + volumes: + - certs:/etc/ssl/traefik + +volumes: + certs: \ No newline at end of file diff --git a/traefik/docker-compose.traefik.yml b/traefik/docker-compose.traefik.yml old mode 100755 new mode 100644 index 270738e..e99e09e --- a/traefik/docker-compose.traefik.yml +++ b/traefik/docker-compose.traefik.yml @@ -8,8 +8,8 @@ services: - --providers.docker=true - --providers.docker.exposedbydefault=false - --api=true - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 + - --entrypoints.http.address=:80 + - --entrypoints.https.address=:443 - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL} - --certificatesresolvers.letsencrypt.acme.storage=/acme.json - --certificatesResolvers.letsencrypt.acme.dnsChallenge=true @@ -23,8 +23,8 @@ services: labels: - traefik.enable=true - traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`) - - traefik.http.routers.api.entrypoints=web - - traefik.http.routers.api.entrypoints=websecure + - traefik.http.routers.api.entrypoints=http + - traefik.http.routers.api.entrypoints=https - traefik.http.routers.api.service=api@internal - traefik.http.routers.api.middlewares=auth - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH} @@ -34,7 +34,7 @@ services: - traefik.http.routers.api.tls.domains[0].sans=*.${DOMAIN} # global redirect to https - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) - - traefik.http.routers.http-catchall.entrypoints=web + - traefik.http.routers.http-catchall.entrypoints=http - traefik.http.routers.http-catchall.middlewares=redirect-to-https # middleware redirect - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https diff --git a/traefik/tls.yml b/traefik/tls.yml new file mode 100644 index 0000000..6afb264 --- /dev/null +++ b/traefik/tls.yml @@ -0,0 +1,9 @@ +tls: + stores: + default: + defaultCertificate: + certFile: /etc/ssl/traefik/cert.pem + keyFile: /etc/ssl/traefik/privkey.pem + certificates: + - certFile: /etc/ssl/traefik/cert.pem + keyFile: /etc/ssl/traefik/privkey.pem \ No newline at end of file diff --git a/traefik/traefik.yml b/traefik/traefik.yml new file mode 100644 index 0000000..ede4b0f --- /dev/null +++ b/traefik/traefik.yml @@ -0,0 +1,20 @@ +logLevel: INFO + +api: + insecure: true + dashboard: true + +entryPoints: + http: + address: ":80" + https: + address: ":443" + +providers: + file: + filename: /etc/traefik/tls.yml + docker: + endpoint: unix:///var/run/docker.sock + watch: true + exposedByDefault: true + defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)" \ No newline at end of file diff --git a/wallabag/docker-compose.wallabag.yml b/wallabag/docker-compose.wallabag.yml index a7f7c81..e38648c 100755 --- a/wallabag/docker-compose.wallabag.yml +++ b/wallabag/docker-compose.wallabag.yml @@ -18,7 +18,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.wallabag.rule=Host(`${HOST_WALLABAG}.${DOMAIN}`) - - traefik.http.routers.wallabag.entrypoints=websecure + - traefik.http.routers.wallabag.entrypoints=https - traefik.http.routers.wallabag.tls=true - traefik.http.services.wallabag.loadbalancer.server.port=80 diff --git a/www/docker-compose.www.yml b/www/docker-compose.www.yml index 1d8bf6d..ea8d388 100755 --- a/www/docker-compose.www.yml +++ b/www/docker-compose.www.yml @@ -12,6 +12,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.www.rule=Host(`${HOST_WWW}.${DOMAIN}`) - - traefik.http.routers.www.entrypoints=websecure + - traefik.http.routers.www.entrypoints=https - traefik.http.routers.www.tls=true - traefik.http.services.www.loadbalancer.server.port=80