forked from coop-cloud/traefik
Compare commits
39 Commits
| Author | SHA1 | Date |
|---|---|---|
 appletalk
|
737b4ebe15 | |
 decentral1se
|
df49a1f3b2
|
|
 3wc
|
099dcfaed0 | |
|
decentral1se
|
1d7542cd5f
|
|
|
decentral1se
|
5e1604322e
|
|
|
decentral1se
|
36707989d2
|
|
|
decentral1se
|
29f90fe409
|
|
|
decentral1se
|
8a48c5e507 | |
|
decentral1se
|
612d0cc6cc
|
|
|
3wordchant
|
36c7b740ab | |
|
3wc
|
59b0f8d645 | |
|
3wc
|
556c448c05 | |
|
3wc
|
26fcaaea69 | |
|
3wc
|
02ebb1412f | |
|
3wc
|
8e91a5a3ee | |
 decentral1se
|
3048d09cd8 | |
|
decentral1se
|
2c9e980809 | |
|
decentral1se
|
ec47f5c9dd | |
|
decentral1se
|
cf81dc543a | |
|
decentral1se
|
48f03d8fcf | |
|
decentral1se
|
8c6fe61e60 | |
 mirsal
|
fc5aa70d27 | |
|
3wordchant
|
9e123afb07 | |
|
3wc
|
baba7ff87d | |
|
3wc
|
e856591c97 | |
|
3wc
|
8bcd8f054e | |
|
3wc
|
a9a513e8da | |
|
3wc
|
46010aeb95 | |
 Comrade Renovate Bot
|
0421dd4747 | |
|
decentral1se
|
eb69ba9309 | |
|
decentral1se
|
21cd25f3d6 | |
|
decentral1se
|
f9b3475086 | |
|
decentral1se
|
ef443bae50 | |
|
Comrade Renovate Bot
|
aacf00309e | |
|
decentral1se
|
f73e38d143 | |
decentral1se
|
661bec4727 | |
|
decentral1se
|
7258b129c4 | |
decentral1se
|
bbbdfc272d | |
 Michael Williams
|
2c81622d9a |
|
|
@ -14,8 +14,9 @@ steps:
|
|||
STACK_NAME: traefik
|
||||
LETS_ENCRYPT_ENV: production
|
||||
LETS_ENCRYPT_EMAIL: helo@autonomic.zone
|
||||
TRAEFIK_YML_VERSION: v3
|
||||
FILE_PROVIDER_YML_VERSION: v2
|
||||
TRAEFIK_YML_VERSION: v4
|
||||
FILE_PROVIDER_YML_VERSION: v3
|
||||
ENTRYPOINT_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- master
|
||||
|
|
@ -24,7 +25,7 @@ kind: pipeline
|
|||
name: recipe release
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: decentral1se/drone-abra:latest
|
||||
image: thecoopcloud/drone-abra:latest
|
||||
settings:
|
||||
command: recipe traefik release
|
||||
deploy_key:
|
||||
|
|
|
|||
96
.env.sample
96
.env.sample
|
|
@ -1,6 +1,6 @@
|
|||
TYPE=traefik
|
||||
|
||||
DOMAIN=traefik.example.com
|
||||
DOMAIN={{ .Domain }}
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
LETS_ENCRYPT_EMAIL=certs@example.com
|
||||
|
|
@ -8,33 +8,103 @@ LETS_ENCRYPT_EMAIL=certs@example.com
|
|||
# WARN, INFO etc.
|
||||
LOG_LEVEL=WARN
|
||||
|
||||
# This is here so later lines can extend it; you likely don't wanna edit
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
#####################################################################
|
||||
# General settings #
|
||||
#####################################################################
|
||||
|
||||
## Host-mode networking
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
|
||||
|
||||
## "Headless mode" (no domain configured)
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"
|
||||
|
||||
#####################################################################
|
||||
# Automatic DNS set-up for Letsencrypt #
|
||||
#####################################################################
|
||||
|
||||
## Enable dns challenge (for wildcard domains)
|
||||
## https://doc.traefik.io/traefik/https/acme/#dnschallenge
|
||||
#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
|
||||
#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
|
||||
|
||||
## OVH, https://ovh.com
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.ovh.yml"
|
||||
#OVH_ENABLED=1
|
||||
#OVH_APPLICATION_KEY=
|
||||
#OVH_ENDPOINT=
|
||||
#SECRET_OVH_APP_SECRET_VERSION=v1
|
||||
#SECRET_OVH_CONSUMER_KEY=v1
|
||||
|
||||
## Gandi, https://gandi.net
|
||||
## note(3wc): only "V5" (new) API is supported, so far
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi.yml"
|
||||
#GANDI_ENABLED=1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||
|
||||
## Cloudflare, https://cloudflare.com
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
|
||||
#CLOUDFLARE_ENABLED=1
|
||||
#SECRET_CLOUDFLARE_EMAIL_VERSION=v1
|
||||
#SECRET_CLOUDFLARE_API_KEY=v1
|
||||
|
||||
#####################################################################
|
||||
# Keycloak log-in #
|
||||
#####################################################################
|
||||
|
||||
## Enable Keycloak
|
||||
#COMPOSE_FILE="compose.yml:compose.keycloak.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
|
||||
#KEYCLOAK_MIDDLEWARE_ENABLED=1
|
||||
#KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
|
||||
#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
|
||||
#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app
|
||||
|
||||
#####################################################################
|
||||
# Prometheus metrics #
|
||||
#####################################################################
|
||||
|
||||
## Enable prometheus metrics collection
|
||||
## used used by the coop-cloud monitoring stack
|
||||
#METRICS_ENABLED=1
|
||||
|
||||
#####################################################################
|
||||
# Additional services #
|
||||
#####################################################################
|
||||
|
||||
## SMTP port 587
|
||||
#COMPOSE_FILE="compose.yml:compose.smtp.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||
#SMTP_ENABLED=1
|
||||
|
||||
## Compy
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.compy.yml"
|
||||
#COMPY_ENABLED=1
|
||||
|
||||
## Gitea SSH
|
||||
# COMPOSE_FILE="compose.yml:compose.gitea.yml"
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
|
||||
# GITEA_SSH_ENABLED=1
|
||||
|
||||
## Foodsoft SMTP
|
||||
# COMPOSE_FILE="compose.yml:compose.foodsoft.yml"
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.foodsoft.yml"
|
||||
# FOODSOFT_SMTP_ENABLED=1
|
||||
|
||||
## Peertube RTMP
|
||||
# COMPOSE_FILE="compose.yml:compose.peertube.yml"
|
||||
# PEERTUBE_RTMP_ENABLED=1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.peertube.yml"
|
||||
#PEERTUBE_RTMP_ENABLED=1
|
||||
|
||||
## Secure Scuttlebutt MUXRPC
|
||||
# COMPOSE_FILE="compose.yml:compose.ssb.yml"
|
||||
# SSB_MUXRPC_ENABLED=1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.ssb.yml"
|
||||
#SSB_MUXRPC_ENABLED=1
|
||||
|
||||
## MSSQL
|
||||
# COMPOSE_FILE="compose.yml:compose.mssql.yml"
|
||||
# MSSQL_ENABLED=1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.mssql.yml"
|
||||
#MSSQL_ENABLED=1
|
||||
|
||||
## Host-mode networking
|
||||
#COMPOSE_FILE="compose.yml:compose.host.yml"
|
||||
## Mumble
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"
|
||||
#MUMBLE_ENABLED=1
|
||||
|
||||
## Matrix
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
|
||||
#MATRIX_FEDERATION_ENABLED=1
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@
|
|||
<!-- metadata -->
|
||||
* **Category**: Utilities
|
||||
* **Status**: ?
|
||||
* **Image**: [`traefik`](https://hub.docker.com/_/traefik), ❶💚, upstream
|
||||
* **Image**: [`traefik`](https://hub.docker.com/_/traefik), 4, upstream
|
||||
* **Healthcheck**: Yes
|
||||
* **Backups**: No
|
||||
* **Email**: N/A
|
||||
* **Tests**: ❷💛
|
||||
* **Tests**: 2
|
||||
* **SSO**: ? (Keycloak)
|
||||
<!-- endmetadata -->
|
||||
|
||||
|
|
|
|||
5
abra.sh
5
abra.sh
|
|
@ -1,2 +1,3 @@
|
|||
export TRAEFIK_YML_VERSION=v8
|
||||
export FILE_PROVIDER_YML_VERSION=v2
|
||||
export TRAEFIK_YML_VERSION=v14
|
||||
export FILE_PROVIDER_YML_VERSION=v6
|
||||
export ENTRYPOINT_VERSION=v2
|
||||
|
|
|
|||
|
|
@ -0,0 +1,20 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- CLOUDFLARE_EMAIL_FILE=/run/secrets/cloudflare_email
|
||||
- CLOUDFLARE_API_KEY_FILE=/run/secrets/cloudflare_api_key
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
||||
secrets:
|
||||
- cloudflare_email
|
||||
- cloudflare_api_key
|
||||
|
||||
secrets:
|
||||
cloudflare_email:
|
||||
name: ${STACK_NAME}_cloudflare_email_${SECRET_CLOUDFLARE_EMAIL_VERSION}
|
||||
external: true
|
||||
cloudflare_api_key:
|
||||
name: ${STACK_NAME}_cloudflare_api_key_${SECRET_CLOUDFLARE_API_KEY}
|
||||
external: true
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- COMPY_ENABLED
|
||||
ports:
|
||||
- "9999:9999"
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- GANDIV5_API_KEY_FILE=/run/secrets/gandiv5_api_key
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
||||
secrets:
|
||||
- gandiv5_api_key
|
||||
|
||||
secrets:
|
||||
gandiv5_api_key:
|
||||
name: ${STACK_NAME}_gandiv5_api_key_${SECRET_GANDIV5_API_KEY_VERSION}
|
||||
external: true
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
deploy:
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.traefik.loadbalancer.server.port=web"
|
||||
- "traefik.http.routers.traefik.entrypoints=web-secure"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
|
|
@ -13,6 +13,3 @@ services:
|
|||
- target: 443
|
||||
published: 443
|
||||
mode: host
|
||||
- target: 2222
|
||||
published: 2222
|
||||
mode: host
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@ services:
|
|||
app:
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.http.routers.traefik.middlewares=keycloak@file"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=keycloak@file"
|
||||
environment:
|
||||
- KEYCLOAK_MIDDLEWARE_ENABLED
|
||||
- KEYCLOAK_TFA_SERVICE
|
||||
- KEYCLOAK_MIDDLEWARE_2_ENABLED
|
||||
- KEYCLOAK_TFA_SERVICE_2
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- MATRIX_FEDERATION_ENABLED
|
||||
ports:
|
||||
- "8448:8448"
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- MINIO_CONSOLE_ENABLED
|
||||
ports:
|
||||
- "9001:9001"
|
||||
|
|
@ -4,4 +4,7 @@ services:
|
|||
environment:
|
||||
- MSSQL_ENABLED
|
||||
ports:
|
||||
- "1433:1433"
|
||||
- target: 1433
|
||||
published: 1433
|
||||
protocol: tcp
|
||||
mode: host
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- MUMBLE_ENABLED
|
||||
ports:
|
||||
- "64738:64738/udp"
|
||||
# note (3wc): see https://github.com/docker/compose/issues/7627
|
||||
- "64737-64739:64737-64739/tcp"
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- OVH_APPLICATION_KEY
|
||||
- OVH_APPLICATION_SECRET_FILE=/run/secrets/ovh_app_secret
|
||||
- OVH_CONSUMER_KEY_FILE=/run/secrets/ovh_consumer_key
|
||||
- OVH_ENABLED
|
||||
- OVH_ENDPOINT
|
||||
secrets:
|
||||
- ovh_app_secret
|
||||
- ovh_consumer_key
|
||||
|
||||
secrets:
|
||||
ovh_app_secret:
|
||||
name: ${STACK_NAME}_ovh_app_secret_${SECRET_OVH_APP_SECRET_VERSION}
|
||||
external: true
|
||||
ovh_consumer_key:
|
||||
name: ${STACK_NAME}_ovh_consumer_key_${SECRET_OVH_CONSUMER_KEY}
|
||||
external: true
|
||||
20
compose.yml
20
compose.yml
|
|
@ -1,7 +1,9 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "traefik:v2.4.8"
|
||||
image: "traefik:v2.5.6"
|
||||
# Note(decentral1se): *please do not* add any additional ports here.
|
||||
# Doing so could break new installs with port conflicts. Please use
|
||||
# the usual `compose.$app.yml` approach for any additional ports
|
||||
|
|
@ -16,17 +18,24 @@ services:
|
|||
target: /etc/traefik/traefik.yml
|
||||
- source: file_provider_yml
|
||||
target: /etc/traefik/file-provider.yml
|
||||
- source: entrypoint
|
||||
target: /custom-entrypoint.sh
|
||||
mode: 0555
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
- DASHBOARD_ENABLED
|
||||
- LOG_LEVEL
|
||||
- LETS_ENCRYPT_EMAIL
|
||||
- LETS_ENCRYPT_ENV
|
||||
healthcheck:
|
||||
test: ["CMD", "traefik", "healthcheck"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
command: traefik
|
||||
entrypoint: /custom-entrypoint.sh
|
||||
deploy:
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
|
|
@ -40,10 +49,12 @@ services:
|
|||
- "traefik.http.routers.traefik.tls.options=default@file"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.routers.traefik.middlewares=security@file"
|
||||
- coop-cloud.${STACK_NAME}.app.version=v2.4.8-d7d63b0d
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.1+v2.5.6"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
configs:
|
||||
traefik_yml:
|
||||
name: ${STACK_NAME}_traefik_yml_${TRAEFIK_YML_VERSION}
|
||||
|
|
@ -53,5 +64,10 @@ configs:
|
|||
name: ${STACK_NAME}_file_provider_yml_${FILE_PROVIDER_YML_VERSION}
|
||||
file: file-provider.yml.tmpl
|
||||
template_driver: golang
|
||||
entrypoint:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
|
||||
volumes:
|
||||
letsencrypt:
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
{{ if eq (env "OVH_ENABLED") "1" }}
|
||||
export OVH_CONSUMER_KEY=$(cat "$OVH_CONSUMER_KEY_FILE")
|
||||
export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "GANDI_ENABLED") "1" }}
|
||||
export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "CLOUDFLARE_ENABLED") "1" }}
|
||||
export CLOUDFLARE_EMAIL=$(cat "$CLOUDFLARE_EMAIL_FILE")
|
||||
export CLOUDFLARE_API_KEY=$(cat "$CLOUDFLARE_API_KEY_FILE")
|
||||
{{ end }}
|
||||
|
||||
/entrypoint.sh "$@"
|
||||
|
|
@ -4,7 +4,15 @@ http:
|
|||
{{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
|
||||
keycloak:
|
||||
forwardAuth:
|
||||
address: "http://traefik-forward-auth:4181"
|
||||
address: "http://{{ env "KEYCLOAK_TFA_SERVICE" }}:4181"
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-Forwarded-User
|
||||
{{ end }}
|
||||
{{ if eq (env "KEYCLOAK_MIDDLEWARE_2_ENABLED") "1" }}
|
||||
keycloak2:
|
||||
forwardAuth:
|
||||
address: "http://{{ env "KEYCLOAK_TFA_SERVICE_2" }}:4181"
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-Forwarded-User
|
||||
|
|
|
|||
|
|
@ -1,6 +0,0 @@
|
|||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:base"
|
||||
]
|
||||
}
|
||||
|
|
@ -48,21 +48,65 @@ entrypoints:
|
|||
mssql:
|
||||
address: ":1433"
|
||||
{{ end }}
|
||||
{{ if eq (env "MUMBLE_ENABLED") "1" }}
|
||||
mumble:
|
||||
address: ":64738"
|
||||
mumble-udp:
|
||||
address: ":64738/udp"
|
||||
{{ end }}
|
||||
{{ if eq (env "COMPY_ENABLED") "1" }}
|
||||
compy:
|
||||
address: ":9999"
|
||||
{{ end }}
|
||||
{{ if eq (env "METRICS_ENABLED") "1" }}
|
||||
metrics:
|
||||
address: ":8082"
|
||||
{{ end }}
|
||||
{{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
|
||||
matrix-federation:
|
||||
address: ":9001"
|
||||
{{ end }}
|
||||
|
||||
ping:
|
||||
entryPoint: web
|
||||
|
||||
{{ if eq (env "METRICS_ENABLED") "1" }}
|
||||
metrics:
|
||||
prometheus:
|
||||
entryPoint: metrics
|
||||
{{ end }}
|
||||
|
||||
certificatesResolvers:
|
||||
{{ if eq (env "LETS_ENCRYPT_ENV") "staging" }}
|
||||
staging:
|
||||
acme:
|
||||
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
||||
storage: /etc/letsencrypt/staging-acme.json
|
||||
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||
dnsChallenge:
|
||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "8.8.8.8:53"
|
||||
{{ else }}
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ if eq (env "LETS_ENCRYPT_ENV") "production" }}
|
||||
production:
|
||||
acme:
|
||||
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
||||
storage: /etc/letsencrypt/production-acme.json
|
||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||
dnsChallenge:
|
||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "8.8.8.8:53"
|
||||
{{ else }}
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
|
|
|||
Loading…
Reference in New Issue