Attempt to disable Letsencrypt for self-signed joy

2021-04-17 23:03:30 +02:00
12 changed files with 15 additions and 82 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -19,13 +19,3 @@ steps:
 trigger:
  branch:
    - master
---
-kind: pipeline
-name: recipe release
-steps:
-  - name: release a new version
-    image: decentral1se/drone-abra:latest
-    settings:
-      command: recipe traefik release
-      deploy_key:
-        from_secret: abra_bot_deploy_key
--- a/.env.sample
+++ b/.env.sample
@ -3,6 +3,7 @@ TYPE=traefik
 DOMAIN=traefik.example.com
 LETS_ENCRYPT_ENV=production

+LETS_ENCRYPT_DISABLED=0
 LETS_ENCRYPT_EMAIL=certs@example.com
 # DASHBOARD_ENABLED=true
 # WARN, INFO etc.
@ -17,24 +18,10 @@ LOG_LEVEL=WARN
 #SMTP_ENABLED=1

 ## Gitea SSH
-# COMPOSE_FILE="compose.yml:compose.gitea.yml"
 # GITEA_SSH_ENABLED=1

 ## Foodsoft SMTP
-# COMPOSE_FILE="compose.yml:compose.foodsoft.yml"
 # FOODSOFT_SMTP_ENABLED=1

-## Peertube RTMP
-# COMPOSE_FILE="compose.yml:compose.peertube.yml"
-# PEERTUBE_RTMP_ENABLED=1
-
-## Secure Scuttlebutt MUXRPC
-# COMPOSE_FILE="compose.yml:compose.ssb.yml"
-# SSB_MUXRPC_ENABLED=1
-
-## MSSQL
-# COMPOSE_FILE="compose.yml:compose.mssql.yml"
-# MSSQL_ENABLED=1
-
 ## Host-mode networking
 #COMPOSE_FILE="compose.yml:compose.host.yml"
--- a/abra.sh
+++ b/abra.sh
@ -1,2 +1,2 @@
-export TRAEFIK_YML_VERSION=v8
-export FILE_PROVIDER_YML_VERSION=v2
+export TRAEFIK_YML_VERSION=v7
+export FILE_PROVIDER_YML_VERSION=v1
--- a/compose.foodsoft.yml
+++ b/compose.foodsoft.yml
@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - FOODSOFT_SMTP_ENABLED
-    ports:
-      - "2525:2525"
--- a/compose.gitea.yml
+++ b/compose.gitea.yml
@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - GITEA_SSH_ENABLED
-    ports:
-      - "2222:2222"
--- a/compose.mssql.yml
+++ b/compose.mssql.yml
@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - MSSQL_ENABLED
-    ports:
-      - "1433:1433"
--- a/compose.peertube.yml
+++ b/compose.peertube.yml
@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - PEERTUBE_RTMP_ENABLED
-    ports:
-      - "1935:1935"
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@ -3,7 +3,5 @@ version: "3.8"

 services:
  app:
-    environment:
-      - SMTP_ENABLED
    ports:
      - "587:587"
--- a/compose.ssb.yml
+++ b/compose.ssb.yml
@ -1,7 +0,0 @@
-version: "3.8"
-services:
-  app:
-    environment:
-      - SSB_MUXRPC_ENABLED
-    ports:
-      - "8008:8008"
--- a/compose.yml
+++ b/compose.yml
@ -2,12 +2,11 @@ version: "3.8"
 services:
  app:
    image: "traefik:v2.4.8"
-    # Note(decentral1se): *please do not* add any additional ports here.
-    # Doing so could break new installs with port conflicts. Please use
-    # the usual `compose.$app.yml` approach for any additional ports
    ports:
      - "80:80"
      - "443:443"
+      - "2222:2222"
+      - "2525:2525"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "letsencrypt:/etc/letsencrypt"
@ -20,7 +19,12 @@ services:
      - proxy
    environment:
      - DASHBOARD_ENABLED
+      - LETS_ENCRYPT_DISABLED
+      - LETS_ENCRYPT_EMAIL
+      - FOODSOFT_SMTP_ENABLED
+      - GITEA_SSH_ENABLED
      - LOG_LEVEL
+      - SMTP_ENABLED
    healthcheck:
      test: ["CMD", "traefik", "healthcheck"]
      interval: 30s
@ -36,7 +40,7 @@ services:
        - "traefik.http.services.traefik.loadbalancer.server.port=web"
        - "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.traefik.entrypoints=web-secure"
-        - "traefik.http.routers.traefik.tls.certresolver=${LETS_ENCRYPT_ENV}"
+          #- "traefik.http.routers.traefik.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.traefik.tls.options=default@file"
        - "traefik.http.routers.traefik.service=api@internal"
        - "traefik.http.routers.traefik.middlewares=security@file"
@ -47,11 +51,10 @@ networks:
 configs:
  traefik_yml:
    name: ${STACK_NAME}_traefik_yml_${TRAEFIK_YML_VERSION}
-    file: traefik.yml.tmpl
+    file: traefik.yml
    template_driver: golang
  file_provider_yml:
    name: ${STACK_NAME}_file_provider_yml_${FILE_PROVIDER_YML_VERSION}
-    file: file-provider.yml.tmpl
-    template_driver: golang
+    file: file-provider.yml
 volumes:
  letsencrypt:
--- a/file-provider.yml.tmpl
+++ b/file-provider.yml.tmpl
--- a/traefik.yml.tmpl
+++ b/traefik.yml.tmpl
@ -36,22 +36,11 @@ entrypoints:
  smtp-submission:
    address: ":587"
  {{ end }}
-  {{ if eq (env "PEERTUBE_RTMP_ENABLED") "1" }}
-  peertube-rtmp:
-    address: ":1935"
-  {{ end }}
-  {{ if eq (env "SSB_MUXRPC_ENABLED") "1" }}
-  ssb-muxrpc:
-    address: ":8008"
-  {{ end }}
-  {{ if eq (env "MSSQL_ENABLED") "1" }}
-  mssql:
-    address: ":1433"
-  {{ end }}

 ping:
  entryPoint: web

+{{ if not (eq (env "LETS_ENCRYPT_DISABLED") "1") }}
 certificatesResolvers:
  staging:
    acme:
@ -66,3 +55,4 @@ certificatesResolvers:
      storage: /etc/letsencrypt/production-acme.json
      httpChallenge:
        entryPoint: web
+{{ end }}