commit f9b355a44624482b896b1ac06d4e85bfc88ebf0e Author: mrjk Date: Fri Jul 15 05:56:59 2022 -0400 Add: First app traefik diff --git a/traefik/.env b/traefik/.env new file mode 100644 index 0000000..664250e --- /dev/null +++ b/traefik/.env @@ -0,0 +1,12 @@ +APP_IMAGE=traefik +APP_VERSION=v2.6.1 + +APP_PUBLIC_IP="127.0.0.1" +APP_NETWORK= + +APP_DOMAIN=dev +APP_ADMIN_EMAIL=admin@dev + +# Let's encrypt config +TRAEFIK_CERTRESOLV=default +TRAEFIK_CERTRESOLV_PROVIDER= diff --git a/traefik/README.md b/traefik/README.md new file mode 100644 index 0000000..2b449a7 --- /dev/null +++ b/traefik/README.md @@ -0,0 +1,13 @@ +# Traefik + +This stack will deploy a simple Traefik server. It will listen for http and https. + +## Quickstart + +With paasify: +``` +paasify install mrjk/docker-compose +paasify create mrjk/docker-compose/traefik traefik +paasify build traefik +``` + diff --git a/traefik/docker-compose.debug.yml b/traefik/docker-compose.debug.yml new file mode 100644 index 0000000..0799e49 --- /dev/null +++ b/traefik/docker-compose.debug.yml @@ -0,0 +1,8 @@ +--- +services: + traefik: + environment: + - TRAEFIK_LOG_LEVEL=debug + - TRAEFIK_ACCESSLOG=true + - TRAEFIK_API_DEBUG=true + diff --git a/traefik/docker-compose.dns.yml b/traefik/docker-compose.dns.yml new file mode 100644 index 0000000..35f1b5d --- /dev/null +++ b/traefik/docker-compose.dns.yml @@ -0,0 +1,15 @@ +--- +version: "3.7" + +services: + traefik: + ports: + - "$APP_PUBLIC_IP:53:53/tcp" + - "$APP_PUBLIC_IP:53:53/udp" + environment: + + # Entrypoints + - TRAEFIK_ENTRYPOINTS_front-https_ADDRESS=:53/udp + - TRAEFIK_ENTRYPOINTS_front-https_ADDRESS=:53/tcp + + diff --git a/traefik/docker-compose.expose-admin.yml b/traefik/docker-compose.expose-admin.yml new file mode 100644 index 0000000..01ac7cf --- /dev/null +++ b/traefik/docker-compose.expose-admin.yml @@ -0,0 +1,7 @@ +--- + +services: + traefik: + ports: + - "$APP_PUBLIC_IP:8080:8080" + diff --git a/traefik/docker-compose.http.yml b/traefik/docker-compose.http.yml new file mode 100644 index 0000000..ddce9b7 --- /dev/null +++ b/traefik/docker-compose.http.yml @@ -0,0 +1,7 @@ +--- + +services: + traefik: + ports: + - "$APP_PUBLIC_IP:80:80" + diff --git a/traefik/docker-compose.https.yml b/traefik/docker-compose.https.yml new file mode 100644 index 0000000..6ba10c0 --- /dev/null +++ b/traefik/docker-compose.https.yml @@ -0,0 +1,16 @@ +--- + +services: + traefik: + ports: + - "$APP_PUBLIC_IP:443:443" + environment: + + # Entrypoints + - TRAEFIK_ENTRYPOINTS_front-https_ADDRESS=:443 # <== Defining an entrypoint for port :80 named front + + # Forced Http redirect to https + - TRAEFIK_ENTRYPOINTS_front-http_HTTP_REDIRECTIONS_ENTRYPOINT_PERMANENT=true + - TRAEFIK_ENTRYPOINTS_front-http_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME=https + - TRAEFIK_ENTRYPOINTS_front-http_HTTP_REDIRECTIONS_ENTRYPOINT_TO=front-https + diff --git a/traefik/docker-compose.letsencrypt.yml b/traefik/docker-compose.letsencrypt.yml new file mode 100644 index 0000000..9f82080 --- /dev/null +++ b/traefik/docker-compose.letsencrypt.yml @@ -0,0 +1,22 @@ +--- + +services: + + traefik: + environment: + + # Custom ACME certificates + - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}=true + - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_EMAIL=${APP_ADMIN_EMAIL} + - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_STORAGE=/data/acme-${TRAEFIK_CERTRESOLV}.json + - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE=true + - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_PROVIDER=${TRAEFIK_CERTRESOLV_PROVIDER} + #- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10 + #- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53" + + # ACME credentials for ovh-eu + # - OVH_ENDPOINT=ovh-eu + # - OVH_APPLICATION_KEY=XXX + # - OVH_APPLICATION_SECRET=YYY + # - OVH_CONSUMER_KEY=ZZZ + diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml new file mode 100644 index 0000000..c2b57cb --- /dev/null +++ b/traefik/docker-compose.yml @@ -0,0 +1,59 @@ +--- +version: "3.7" + +networks: + default: + name: ${APP_NETWORK} + +services: + traefik: + image: ${APP_IMAGE:-traefik}:${APP_VERSION:-v2.6.1} + restart: always + networks: + default: + environment: + + #command: + # Core config + - TRAEFIK_API=true + - TRAEFIK_API_DASHBOARD=true + - TRAEFIK_API_DEBUG=true + - TRAEFIK_API_INSECURE=true + - TRAEFIK_PILOT_DASHBOARD=false + + # Logging + - TRAEFIK_LOG_LEVEL=INFO + - TRAEFIK_ACCESSLOG=false + - TRAEFIK_ACCESSLOG_FILEPATH=/data/access.log + + # Docker configuration + - TRAEFIK_PROVIDERS_DOCKER=true + - TRAEFIK_PROVIDERS_DOCKER_WATCH=true + - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false + - TRAEFIK_PROVIDERS_DOCKER_NETWORK=$APP_NETWORK + - TRAEFIK_PROVIDERS_DOCKER_ENDPOINT=unix:///var/run/docker.sock + - TRAEFIK_PROVIDERS_DOCKER_SWARMMODE=false + + # File provider + #- TRAEFIK_PROVIDERS.FILE.DIRECTORY=/etc/traefik/configs + + # Entrypoints + - TRAEFIK_ENTRYPOINTS_front-http_ADDRESS=:80 # <== Defining an entrypoint for port :80 named front + + volumes: + - ./config:/etc/traefik + - ./data:/data + - ./logs:/logs + - /var/run/docker.sock:/var/run/docker.sock + + labels: + #### Labels define the behavior and rules of the traefik proxy for this container #### + - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to view it + - "traefik.http.routers.dashboard.rule=Host(`${APP_DOMAIN}`)" # <== Setting the domain for the dashboard + #- "traefik.http.routers.dashboard.service=api@internal" # <== Enabling the api to be a service to access + - "traefik.http.routers.dashboard.service=dashboard" # <== Enabling the api to be a service to access + - "traefik.http.routers.dashboard.entrypoints=$TRAEFIK_ENTRYPOINTS" + #- "traefik.http.routers.dashboard.tls=true" + #- "traefik.http.routers.dashboard.tls.certresolver=tls_barbu_it_net" + - "traefik.http.services.dashboard.loadbalancer.server.port=8080" +