From fadf30f0521d2c1637b821650b1403844c892ba5 Mon Sep 17 00:00:00 2001
From: Yax <1949284+kianby@users.noreply.github.com>
Date: Sat, 27 Jun 2020 14:55:16 +0200
Subject: [PATCH] Creation

---
 .env.default                 |  2 ++
 .gitignore                   |  1 +
 1-docker/docker-compose.yml  |  6 ++++++
 glances/docker-compose.yml   | 20 +++++++++++++++++
 portainer/docker-compose.yml | 17 +++++++++++++++
 traefik/docker-compose.yml   | 37 +++++++++++++++++++++++++++++++
 traefik/logs/.gitkeep        |  0
 traefik/traefik.toml         | 42 ++++++++++++++++++++++++++++++++++++
 traefik/traefik_dynamic.toml | 41 +++++++++++++++++++++++++++++++++++
 9 files changed, 166 insertions(+)
 create mode 100644 .env.default
 create mode 100644 .gitignore
 create mode 100644 1-docker/docker-compose.yml
 create mode 100644 glances/docker-compose.yml
 create mode 100644 portainer/docker-compose.yml
 create mode 100644 traefik/docker-compose.yml
 create mode 100644 traefik/logs/.gitkeep
 create mode 100644 traefik/traefik.toml
 create mode 100644 traefik/traefik_dynamic.toml

diff --git a/.env.default b/.env.default
new file mode 100644
index 0000000..cddb4c4
--- /dev/null
+++ b/.env.default
@@ -0,0 +1,2 @@
+SITE=localhost
+TZ=Europe/Paris
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4c49bd7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/1-docker/docker-compose.yml b/1-docker/docker-compose.yml
new file mode 100644
index 0000000..b5c5dd2
--- /dev/null
+++ b/1-docker/docker-compose.yml
@@ -0,0 +1,6 @@
+version: '3'
+
+networks:
+  default:
+  srv:
+
diff --git a/glances/docker-compose.yml b/glances/docker-compose.yml
new file mode 100644
index 0000000..77cb169
--- /dev/null
+++ b/glances/docker-compose.yml
@@ -0,0 +1,20 @@
+version: '3'
+
+services:
+  glances:
+    container_name: glances
+    image: vimagick/glances
+    volumes:
+      - glances_data:/etc/glances
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    environment:
+      - GLANCES_OPT=-w
+    pid: host
+    restart: unless-stopped
+    networks:
+      - srv
+    expose:
+      - 61208
+  
+volumes:
+  glances_data:
diff --git a/portainer/docker-compose.yml b/portainer/docker-compose.yml
new file mode 100644
index 0000000..061151f
--- /dev/null
+++ b/portainer/docker-compose.yml
@@ -0,0 +1,17 @@
+version: '3'
+
+services:
+  portainer:
+    container_name: portainer
+    image: portainer/portainer
+    command: -H unix:///var/run/docker.sock
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_data:/data
+    networks:
+      - srv
+    restart: unless-stopped
+
+
+volumes:
+  portainer_data:
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
new file mode 100644
index 0000000..725d360
--- /dev/null
+++ b/traefik/docker-compose.yml
@@ -0,0 +1,37 @@
+version: '3'
+
+services:
+  traefik:
+    container_name: traefik
+    image: traefik:v2.2
+    command: --providers.docker --api.insecure=true
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - oueb
+    restart: unless-stopped
+    labels:
+      - traefik.enable=true
+      - traefik.port=8080
+      - traefik.http.routers.service-http.rule=Host(${SITE})
+      - traefik.http.routers.service-http.entrypoints=web
+      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
+      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
+      - traefik.http.routers.service-http.middlewares=https-redirect@docker
+      - traefik.http.routers.service-https.rule=Host(${SITE})
+      - traefik.http.routers.service-https.entrypoints=websecure
+      - traefik.http.routers.service-https.tls=true
+      - traefik.http.routers.service-https.tls.certresolver=letsencrypt
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      - /srv/docker/server/traefik/traefik.toml:/etc/traefik/traefik.toml:ro
+      - /srv/docker/server/traefik/traefik_dynamic.toml:/etc/traefik/traefik_dynamic.toml:ro
+      - /srv/docker/server/traefik/acme.json:/acme.json
+      - /srv/docker/server/traefik/logs:/logs
+
+networks:
+  oueb:
+    driver: bridge
diff --git a/traefik/logs/.gitkeep b/traefik/logs/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/traefik/traefik.toml b/traefik/traefik.toml
new file mode 100644
index 0000000..9ea728d
--- /dev/null
+++ b/traefik/traefik.toml
@@ -0,0 +1,42 @@
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
+
+[log]
+  level = "WARNING"
+  filePath = "/logs/traefik.log"
+  format   = "json"
+
+[accessLog]
+  filePath = "/logs/access.log"
+  format = "json"
+  bufferingSize = 100
+
+[api]
+  dashboard = true
+  debug = false
+  insecure = true
+
+[providers]
+  [providers.docker]
+    watch = true
+    exposedByDefault = false
+    swarmMode = false
+    network = "oueb"
+
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+  [entryPoints.websecure]
+    address = ":443"
+
+[certificatesResolvers]
+  [certificatesResolvers.letsencrypt]
+    [certificatesResolvers.letsencrypt.acme]
+      email = "kianby@madyanne.fr"
+      caServer = "https://acme-v02.api.letsencrypt.org/directory"
+      storage = "acme.json"
+      keyType = "EC384"
+      [certificatesResolvers.letsencrypt.acme.httpChallenge]
+        entryPoint = "web"
+
diff --git a/traefik/traefik_dynamic.toml b/traefik/traefik_dynamic.toml
new file mode 100644
index 0000000..afde8cc
--- /dev/null
+++ b/traefik/traefik_dynamic.toml
@@ -0,0 +1,41 @@
+[tls]
+  [tls.options]
+    [tls.options.default]
+      minVersion = "VersionTLS12"
+      sniStrict = true
+      cipherSuites = [
+        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+        "TLS_AES_128_GCM_SHA256",
+        "TLS_AES_256_GCM_SHA384",
+        "TLS_CHACHA20_POLY1305_SHA256"
+      ]
+      curvePreferences = ["CurveP521","CurveP384"]
+
+[http]
+  [http.middlewares.compression.compress]
+    excludedContentTypes = ["text/event-stream"]
+
+  [http.middlewares.https-redirect.redirectScheme]
+    scheme = "https"
+    permanent = true
+
+  [http.middlewares.security.headers]
+    accessControlAllowMethods = ["GET", "OPTIONS", "PUT"]
+    accessControlAllowOrigin = "origin-list-or-null"
+    accessControlMaxAge = 100
+    addVaryHeader = true
+    browserXssFilter = true
+    contentTypeNosniff = true
+    forceSTSHeader = true
+    frameDeny = true
+    stsIncludeSubdomains = true
+    stsPreload = true
+    customFrameOptionsValue = "SAMEORIGIN"
+    referrerPolicy = "same-origin"
+    featurePolicy = "vibrate 'self'"
+    stsSeconds = 315360000