From 763fc4ee2dee326ffc61fa9e5db4356f07a0b57d Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Wed, 17 Jun 2020 08:23:01 +0200 Subject: [PATCH] Bootstrap Traefik repository --- .envrc.sample | 5 +++++ .gitignore | 1 + README.md | 3 +++ compose.yml | 51 +++++++++++++++++++++++++++++++++++++++++++++++ file-provider.yml | 9 +++++++++ traefik.yml | 43 +++++++++++++++++++++++++++++++++++++++ 6 files changed, 112 insertions(+) create mode 100644 .envrc.sample create mode 100644 .gitignore create mode 100644 README.md create mode 100644 compose.yml create mode 100644 file-provider.yml create mode 100644 traefik.yml diff --git a/.envrc.sample b/.envrc.sample new file mode 100644 index 0000000..296ee43 --- /dev/null +++ b/.envrc.sample @@ -0,0 +1,5 @@ +export DOMAIN=traefik.swarm.autonomic.zone +export FILE_PROVIDER_YML_VERSION=v1 +export LETS_ENCRYPT_ENV=staging +export STACK_NAME=traefik +export TRAEFIK_YML_VERSION=v1 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7a6353d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.envrc diff --git a/README.md b/README.md new file mode 100644 index 0000000..d1c2bfd --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# traefik + +> https://docs.traefik.io diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..b2c63d0 --- /dev/null +++ b/compose.yml @@ -0,0 +1,51 @@ +--- +version: "3.8" + +services: + traefik: + image: "traefik:v2.2.1" + ports: + - "80:80" + - "443:443" + - "2222:2222" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock" + - "letsencrypt:/etc/letsencrypt" + configs: + - source: traefik_yml + target: /etc/traefik/traefik.yml + - source: file_provider_yml + target: /etc/traefik/file-provider.yml + networks: + - proxy + deploy: + mode: replicated + replicas: 1 + update_config: + failure_action: rollback + placement: + constraints: + - node.role == manager + labels: + - "traefik.enable=true" + - "traefik.http.services.traefik.loadbalancer.server.port=web" + - "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)" + - "traefik.http.routers.traefik.entrypoints=web-secure" + - "traefik.http.routers.traefik.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.routers.traefik.middlewares=keycloak@file" + +networks: + proxy: + external: true + +configs: + traefik_yml: + name: ${STACK_NAME}_traefik_yml_${TRAEFIK_YML_VERSION} + file: traefik.yml + file_provider_yml: + name: ${STACK_NAME}_file_provider_yml_${FILE_PROVIDER_YML_VERSION} + file: file-provider.yml + +volumes: + letsencrypt: diff --git a/file-provider.yml b/file-provider.yml new file mode 100644 index 0000000..c7b62f2 --- /dev/null +++ b/file-provider.yml @@ -0,0 +1,9 @@ +--- +http: + middlewares: + keycloak: + forwardAuth: + address: "http://traefik-forward-auth:4181" + trustForwardHeader: true + authResponseHeaders: + - X-Forwarded-User diff --git a/traefik.yml b/traefik.yml new file mode 100644 index 0000000..cfdec25 --- /dev/null +++ b/traefik.yml @@ -0,0 +1,43 @@ +--- +log: + level: INFO + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + network: proxy + swarmMode: true + file: + filename: /etc/traefik/file-provider.yml + +api: + dashboard: false + debug: false + +entrypoints: + web: + address: ":80" + http: + redirections: + entryPoint: + to: web-secure + web-secure: + address: ":443" + gitea-ssh: + address: ":2222" + +certificatesResolvers: + staging: + acme: + email: helo@autonomic.zone + storage: /etc/letsencrypt/staging-acme.json + caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" + httpChallenge: + entryPoint: web + production: + acme: + email: helo@autonomic.zone + storage: /etc/letsencrypt/production-acme.json + httpChallenge: + entryPoint: web