Creation

2020-06-27 14:55:16 +02:00 · 2020-06-27 14:55:16 +02:00 · fadf30f052
commit fadf30f052
parent 7d3bdc0643
9 changed files with 166 additions and 0 deletions
--- a/.env.default
+++ b/.env.default
@ -0,0 +1,2 @@
+SITE=localhost
+TZ=Europe/Paris
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.env
--- a/1-docker/docker-compose.yml
+++ b/1-docker/docker-compose.yml
@ -0,0 +1,6 @@
+version: '3'
+
+networks:
+  default:
+  srv:
+
--- a/glances/docker-compose.yml
+++ b/glances/docker-compose.yml
@ -0,0 +1,20 @@
+version: '3'
+
+services:
+  glances:
+    container_name: glances
+    image: vimagick/glances
+    volumes:
+      - glances_data:/etc/glances
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - GLANCES_OPT=-w
+    pid: host
+    restart: unless-stopped
+    networks:
+      - srv
+    expose:
+      - 61208
+  
+volumes:
+  glances_data:
--- a/portainer/docker-compose.yml
+++ b/portainer/docker-compose.yml
@ -0,0 +1,17 @@
+version: '3'
+
+services:
+  portainer:
+    container_name: portainer
+    image: portainer/portainer
+    command: -H unix:///var/run/docker.sock
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_data:/data
+    networks:
+      - srv
+    restart: unless-stopped
+
+
+volumes:
+  portainer_data:
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@ -0,0 +1,37 @@
+version: '3'
+
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:v2.2
+    command: --providers.docker --api.insecure=true
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - oueb
+    restart: unless-stopped
+    labels:
+      - traefik.enable=true
+      - traefik.port=8080
+      - traefik.http.routers.service-http.rule=Host(${SITE})
+      - traefik.http.routers.service-http.entrypoints=web
+      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
+      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
+      - traefik.http.routers.service-http.middlewares=https-redirect@docker
+      - traefik.http.routers.service-https.rule=Host(${SITE})
+      - traefik.http.routers.service-https.entrypoints=websecure
+      - traefik.http.routers.service-https.tls=true
+      - traefik.http.routers.service-https.tls.certresolver=letsencrypt
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      - /srv/docker/server/traefik/traefik.toml:/etc/traefik/traefik.toml:ro
+      - /srv/docker/server/traefik/traefik_dynamic.toml:/etc/traefik/traefik_dynamic.toml:ro
+      - /srv/docker/server/traefik/acme.json:/acme.json
+      - /srv/docker/server/traefik/logs:/logs
+
+networks:
+  oueb:
+    driver: bridge
--- a/traefik/logs/.gitkeep
+++ b/traefik/logs/.gitkeep
--- a/traefik/traefik.toml
+++ b/traefik/traefik.toml
@ -0,0 +1,42 @@
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
+
+[log]
+  level = "WARNING"
+  filePath = "/logs/traefik.log"
+  format   = "json"
+
+[accessLog]
+  filePath = "/logs/access.log"
+  format = "json"
+  bufferingSize = 100
+
+[api]
+  dashboard = true
+  debug = false
+  insecure = true
+
+[providers]
+  [providers.docker]
+    watch = true
+    exposedByDefault = false
+    swarmMode = false
+    network = "oueb"
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+  [entryPoints.websecure]
+    address = ":443"
+
+[certificatesResolvers]
+  [certificatesResolvers.letsencrypt]
+    [certificatesResolvers.letsencrypt.acme]
+      email = "kianby@madyanne.fr"
+      caServer = "https://acme-v02.api.letsencrypt.org/directory"
+      storage = "acme.json"
+      keyType = "EC384"
+      [certificatesResolvers.letsencrypt.acme.httpChallenge]
+        entryPoint = "web"
+
--- a/traefik/traefik_dynamic.toml
+++ b/traefik/traefik_dynamic.toml
@ -0,0 +1,41 @@
+[tls]
+  [tls.options]
+    [tls.options.default]
+      minVersion = "VersionTLS12"
+      sniStrict = true
+      cipherSuites = [
+        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+        "TLS_AES_128_GCM_SHA256",
+        "TLS_AES_256_GCM_SHA384",
+        "TLS_CHACHA20_POLY1305_SHA256"
+      ]
+      curvePreferences = ["CurveP521","CurveP384"]
+
+[http]
+  [http.middlewares.compression.compress]
+    excludedContentTypes = ["text/event-stream"]
+
+  [http.middlewares.https-redirect.redirectScheme]
+    scheme = "https"
+    permanent = true
+
+  [http.middlewares.security.headers]
+    accessControlAllowMethods = ["GET", "OPTIONS", "PUT"]
+    accessControlAllowOrigin = "origin-list-or-null"
+    accessControlMaxAge = 100
+    addVaryHeader = true
+    browserXssFilter = true
+    contentTypeNosniff = true
+    forceSTSHeader = true
+    frameDeny = true
+    stsIncludeSubdomains = true
+    stsPreload = true
+    customFrameOptionsValue = "SAMEORIGIN"
+    referrerPolicy = "same-origin"
+    featurePolicy = "vibrate 'self'"
+    stsSeconds = 315360000