forked from coop-cloud/traefik
Compare commits
17 Commits
1.0.0+v2.5
...
master
Author | SHA1 | Date |
---|---|---|
appletalk | 737b4ebe15 | |
decentral1se | df49a1f3b2 | |
3wc | 099dcfaed0 | |
decentral1se | 1d7542cd5f | |
decentral1se | 5e1604322e | |
decentral1se | 36707989d2 | |
decentral1se | 29f90fe409 | |
decentral1se | 8a48c5e507 | |
decentral1se | 612d0cc6cc | |
3wordchant | 36c7b740ab | |
3wc | 59b0f8d645 | |
3wc | 556c448c05 | |
3wc | 26fcaaea69 | |
3wc | 02ebb1412f | |
3wc | 8e91a5a3ee | |
decentral1se | 3048d09cd8 | |
decentral1se | 2c9e980809 |
22
.env.sample
22
.env.sample
|
@ -1,6 +1,6 @@
|
|||
TYPE=traefik
|
||||
|
||||
DOMAIN=traefik.example.com
|
||||
DOMAIN={{ .Domain }}
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
LETS_ENCRYPT_EMAIL=certs@example.com
|
||||
|
@ -8,8 +8,7 @@ LETS_ENCRYPT_EMAIL=certs@example.com
|
|||
# WARN, INFO etc.
|
||||
LOG_LEVEL=WARN
|
||||
|
||||
# This is here so later lines can extend the definition; you likely don't wanna
|
||||
# edit
|
||||
# This is here so later lines can extend it; you likely don't wanna edit
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
#####################################################################
|
||||
|
@ -45,6 +44,12 @@ COMPOSE_FILE="compose.yml"
|
|||
#GANDI_ENABLED=1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||
|
||||
## Cloudflare, https://cloudflare.com
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
|
||||
#CLOUDFLARE_ENABLED=1
|
||||
#SECRET_CLOUDFLARE_EMAIL_VERSION=v1
|
||||
#SECRET_CLOUDFLARE_API_KEY=v1
|
||||
|
||||
#####################################################################
|
||||
# Keycloak log-in #
|
||||
#####################################################################
|
||||
|
@ -52,6 +57,9 @@ COMPOSE_FILE="compose.yml"
|
|||
## Enable Keycloak
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
|
||||
#KEYCLOAK_MIDDLEWARE_ENABLED=1
|
||||
#KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
|
||||
#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
|
||||
#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app
|
||||
|
||||
#####################################################################
|
||||
# Prometheus metrics #
|
||||
|
@ -69,6 +77,10 @@ COMPOSE_FILE="compose.yml"
|
|||
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||
#SMTP_ENABLED=1
|
||||
|
||||
## Compy
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.compy.yml"
|
||||
#COMPY_ENABLED=1
|
||||
|
||||
## Gitea SSH
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
|
||||
# GITEA_SSH_ENABLED=1
|
||||
|
@ -92,3 +104,7 @@ COMPOSE_FILE="compose.yml"
|
|||
## Mumble
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"
|
||||
#MUMBLE_ENABLED=1
|
||||
|
||||
## Matrix
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
|
||||
#MATRIX_FEDERATION_ENABLED=1
|
||||
|
|
|
@ -7,11 +7,11 @@
|
|||
<!-- metadata -->
|
||||
* **Category**: Utilities
|
||||
* **Status**: ?
|
||||
* **Image**: [`traefik`](https://hub.docker.com/_/traefik), ❶💚, upstream
|
||||
* **Image**: [`traefik`](https://hub.docker.com/_/traefik), 4, upstream
|
||||
* **Healthcheck**: Yes
|
||||
* **Backups**: No
|
||||
* **Email**: N/A
|
||||
* **Tests**: ❷💛
|
||||
* **Tests**: 2
|
||||
* **SSO**: ? (Keycloak)
|
||||
<!-- endmetadata -->
|
||||
|
||||
|
|
4
abra.sh
4
abra.sh
|
@ -1,3 +1,3 @@
|
|||
export TRAEFIK_YML_VERSION=v12
|
||||
export FILE_PROVIDER_YML_VERSION=v2
|
||||
export TRAEFIK_YML_VERSION=v14
|
||||
export FILE_PROVIDER_YML_VERSION=v6
|
||||
export ENTRYPOINT_VERSION=v2
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- CLOUDFLARE_EMAIL_FILE=/run/secrets/cloudflare_email
|
||||
- CLOUDFLARE_API_KEY_FILE=/run/secrets/cloudflare_api_key
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
||||
secrets:
|
||||
- cloudflare_email
|
||||
- cloudflare_api_key
|
||||
|
||||
secrets:
|
||||
cloudflare_email:
|
||||
name: ${STACK_NAME}_cloudflare_email_${SECRET_CLOUDFLARE_EMAIL_VERSION}
|
||||
external: true
|
||||
cloudflare_api_key:
|
||||
name: ${STACK_NAME}_cloudflare_api_key_${SECRET_CLOUDFLARE_API_KEY}
|
||||
external: true
|
|
@ -0,0 +1,7 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- COMPY_ENABLED
|
||||
ports:
|
||||
- "9999:9999"
|
|
@ -12,4 +12,3 @@ services:
|
|||
- "traefik.http.services.traefik.loadbalancer.server.port=web"
|
||||
- "traefik.http.routers.traefik.entrypoints=web-secure"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "coop-cloud.${STACK_NAME}.app.version=v2.4.9-be23e1f6"
|
||||
|
|
|
@ -5,6 +5,9 @@ services:
|
|||
app:
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.http.routers.traefik.middlewares=keycloak@file"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=keycloak@file"
|
||||
environment:
|
||||
- KEYCLOAK_MIDDLEWARE_ENABLED
|
||||
- KEYCLOAK_TFA_SERVICE
|
||||
- KEYCLOAK_MIDDLEWARE_2_ENABLED
|
||||
- KEYCLOAK_TFA_SERVICE_2
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- MATRIX_FEDERATION_ENABLED
|
||||
ports:
|
||||
- "8448:8448"
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- MINIO_CONSOLE_ENABLED
|
||||
ports:
|
||||
- "9001:9001"
|
|
@ -3,7 +3,7 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
app:
|
||||
image: "traefik:v2.5.2"
|
||||
image: "traefik:v2.5.6"
|
||||
# Note(decentral1se): *please do not* add any additional ports here.
|
||||
# Doing so could break new installs with port conflicts. Please use
|
||||
# the usual `compose.$app.yml` approach for any additional ports
|
||||
|
@ -26,6 +26,8 @@ services:
|
|||
environment:
|
||||
- DASHBOARD_ENABLED
|
||||
- LOG_LEVEL
|
||||
- LETS_ENCRYPT_EMAIL
|
||||
- LETS_ENCRYPT_ENV
|
||||
healthcheck:
|
||||
test: ["CMD", "traefik", "healthcheck"]
|
||||
interval: 30s
|
||||
|
@ -47,7 +49,7 @@ services:
|
|||
- "traefik.http.routers.traefik.tls.options=default@file"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.routers.traefik.middlewares=security@file"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+v2.5.2"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.1+v2.5.6"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
|
|
@ -11,4 +11,9 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
|
|||
export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "CLOUDFLARE_ENABLED") "1" }}
|
||||
export CLOUDFLARE_EMAIL=$(cat "$CLOUDFLARE_EMAIL_FILE")
|
||||
export CLOUDFLARE_API_KEY=$(cat "$CLOUDFLARE_API_KEY_FILE")
|
||||
{{ end }}
|
||||
|
||||
/entrypoint.sh "$@"
|
||||
|
|
|
@ -4,7 +4,15 @@ http:
|
|||
{{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
|
||||
keycloak:
|
||||
forwardAuth:
|
||||
address: "http://traefik-forward-auth:4181"
|
||||
address: "http://{{ env "KEYCLOAK_TFA_SERVICE" }}:4181"
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-Forwarded-User
|
||||
{{ end }}
|
||||
{{ if eq (env "KEYCLOAK_MIDDLEWARE_2_ENABLED") "1" }}
|
||||
keycloak2:
|
||||
forwardAuth:
|
||||
address: "http://{{ env "KEYCLOAK_TFA_SERVICE_2" }}:4181"
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-Forwarded-User
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:base"
|
||||
]
|
||||
}
|
|
@ -54,10 +54,18 @@ entrypoints:
|
|||
mumble-udp:
|
||||
address: ":64738/udp"
|
||||
{{ end }}
|
||||
{{ if eq (env "COMPY_ENABLED") "1" }}
|
||||
compy:
|
||||
address: ":9999"
|
||||
{{ end }}
|
||||
{{ if eq (env "METRICS_ENABLED") "1" }}
|
||||
metrics:
|
||||
address: ":8082"
|
||||
{{ end }}
|
||||
{{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
|
||||
matrix-federation:
|
||||
address: ":9001"
|
||||
{{ end }}
|
||||
|
||||
ping:
|
||||
entryPoint: web
|
||||
|
@ -69,30 +77,36 @@ metrics:
|
|||
{{ end }}
|
||||
|
||||
certificatesResolvers:
|
||||
{{ if eq (env "LETS_ENCRYPT_ENV") "staging" }}
|
||||
staging:
|
||||
acme:
|
||||
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
||||
storage: /etc/letsencrypt/staging-acme.json
|
||||
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||
dnsChallenge:
|
||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "8.8.8.8:53"
|
||||
{{ else }}
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ if eq (env "LETS_ENCRYPT_ENV") "production" }}
|
||||
production:
|
||||
acme:
|
||||
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
||||
storage: /etc/letsencrypt/production-acme.json
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||
dnsChallenge:
|
||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "8.8.8.8:53"
|
||||
{{ else }}
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
|
Loading…
Reference in New Issue