Add: First app traefik

traefik/.env

@@ -0,0 +1,12 @@
+APP_IMAGE=traefik
+APP_VERSION=v2.6.1
+
+APP_PUBLIC_IP="127.0.0.1"
+APP_NETWORK=
+
+APP_DOMAIN=dev
+APP_ADMIN_EMAIL=admin@dev
+
+# Let's encrypt config
+TRAEFIK_CERTRESOLV=default
+TRAEFIK_CERTRESOLV_PROVIDER=

traefik/README.md

@@ -0,0 +1,13 @@
+# Traefik
+
+This stack will deploy a simple Traefik server. It will listen for http and https.
+
+## Quickstart
+
+With paasify:
+```
+paasify install mrjk/docker-compose
+paasify create mrjk/docker-compose/traefik traefik
+paasify build traefik
+```
+

traefik/docker-compose.debug.yml

@@ -0,0 +1,8 @@
+---
+services:
+  traefik:
+    environment:
+      - TRAEFIK_LOG_LEVEL=debug
+      - TRAEFIK_ACCESSLOG=true
+      - TRAEFIK_API_DEBUG=true
+

traefik/docker-compose.dns.yml

@@ -0,0 +1,15 @@
+---
+version: "3.7"
+
+services:
+  traefik:
+    ports:
+      - "$APP_PUBLIC_IP:53:53/tcp"
+      - "$APP_PUBLIC_IP:53:53/udp"
+    environment:
+
+      # Entrypoints
+      - TRAEFIK_ENTRYPOINTS_front-https_ADDRESS=:53/udp
+      - TRAEFIK_ENTRYPOINTS_front-https_ADDRESS=:53/tcp
+
+

traefik/docker-compose.expose-admin.yml

@@ -0,0 +1,7 @@
+---
+
+services:
+  traefik:
+    ports:
+      - "$APP_PUBLIC_IP:8080:8080"
+

traefik/docker-compose.http.yml

@@ -0,0 +1,7 @@
+---
+
+services:
+  traefik:
+    ports:
+      - "$APP_PUBLIC_IP:80:80"
+

traefik/docker-compose.https.yml

@@ -0,0 +1,16 @@
+---
+
+services:
+  traefik:
+    ports:
+      - "$APP_PUBLIC_IP:443:443"
+    environment:
+
+      # Entrypoints
+      - TRAEFIK_ENTRYPOINTS_front-https_ADDRESS=:443 # <== Defining an entrypoint for port :80 named front
+
+      # Forced Http redirect to https
+      - TRAEFIK_ENTRYPOINTS_front-http_HTTP_REDIRECTIONS_ENTRYPOINT_PERMANENT=true
+      - TRAEFIK_ENTRYPOINTS_front-http_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME=https
+      - TRAEFIK_ENTRYPOINTS_front-http_HTTP_REDIRECTIONS_ENTRYPOINT_TO=front-https
+

traefik/docker-compose.letsencrypt.yml

@@ -0,0 +1,22 @@
+---
+
+services:
+
+  traefik:
+    environment:
+
+      # Custom ACME certificates
+      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}=true
+      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_EMAIL=${APP_ADMIN_EMAIL}
+      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_STORAGE=/data/acme-${TRAEFIK_CERTRESOLV}.json
+      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE=true
+      - TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_PROVIDER=${TRAEFIK_CERTRESOLV_PROVIDER}
+        #- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
+        #- TRAEFIK_CERTIFICATESRESOLVERS_${TRAEFIK_CERTRESOLV}_ACME_DNSCHALLENGE_RESOLVERS="167.114.154.30:53,192.99.60.247:53"
+
+      # ACME credentials for ovh-eu
+      # - OVH_ENDPOINT=ovh-eu
+      # - OVH_APPLICATION_KEY=XXX
+      # - OVH_APPLICATION_SECRET=YYY
+      # - OVH_CONSUMER_KEY=ZZZ
+

traefik/docker-compose.yml

@@ -0,0 +1,59 @@
+---
+version: "3.7"
+
+networks:
+  default:
+    name: ${APP_NETWORK}
+
+services:
+  traefik:
+    image: ${APP_IMAGE:-traefik}:${APP_VERSION:-v2.6.1}
+    restart: always
+    networks:
+      default:
+    environment:
+
+      #command:
+      # Core config
+      - TRAEFIK_API=true
+      - TRAEFIK_API_DASHBOARD=true
+      - TRAEFIK_API_DEBUG=true
+      - TRAEFIK_API_INSECURE=true
+      - TRAEFIK_PILOT_DASHBOARD=false
+
+      # Logging
+      - TRAEFIK_LOG_LEVEL=INFO
+      - TRAEFIK_ACCESSLOG=false
+      - TRAEFIK_ACCESSLOG_FILEPATH=/data/access.log
+
+      # Docker configuration
+      - TRAEFIK_PROVIDERS_DOCKER=true
+      - TRAEFIK_PROVIDERS_DOCKER_WATCH=true
+      - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
+      - TRAEFIK_PROVIDERS_DOCKER_NETWORK=$APP_NETWORK
+      - TRAEFIK_PROVIDERS_DOCKER_ENDPOINT=unix:///var/run/docker.sock
+      - TRAEFIK_PROVIDERS_DOCKER_SWARMMODE=false
+
+      # File provider
+      #- TRAEFIK_PROVIDERS.FILE.DIRECTORY=/etc/traefik/configs
+
+      # Entrypoints
+      - TRAEFIK_ENTRYPOINTS_front-http_ADDRESS=:80 # <== Defining an entrypoint for port :80 named front
+
+    volumes:
+      - ./config:/etc/traefik
+      - ./data:/data
+      - ./logs:/logs
+      - /var/run/docker.sock:/var/run/docker.sock
+
+    labels:
+    #### Labels define the behavior and rules of the traefik proxy for this container ####
+      - "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to view it
+      - "traefik.http.routers.dashboard.rule=Host(`${APP_DOMAIN}`)" # <== Setting the domain for the dashboard
+        #- "traefik.http.routers.dashboard.service=api@internal" # <== Enabling the api to be a service to access
+      - "traefik.http.routers.dashboard.service=dashboard" # <== Enabling the api to be a service to access
+      - "traefik.http.routers.dashboard.entrypoints=$TRAEFIK_ENTRYPOINTS"
+        #- "traefik.http.routers.dashboard.tls=true"
+        #- "traefik.http.routers.dashboard.tls.certresolver=tls_barbu_it_net"
+      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
+