Bootstrap Traefik repository

This commit is contained in:
Luke Murphy 2020-06-17 08:23:01 +02:00
commit 763fc4ee2d
No known key found for this signature in database
GPG Key ID: 5E2EF5A63E3718CC
6 changed files with 112 additions and 0 deletions

5
.envrc.sample Normal file
View File

@ -0,0 +1,5 @@
export DOMAIN=traefik.swarm.autonomic.zone
export FILE_PROVIDER_YML_VERSION=v1
export LETS_ENCRYPT_ENV=staging
export STACK_NAME=traefik
export TRAEFIK_YML_VERSION=v1

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.envrc

3
README.md Normal file
View File

@ -0,0 +1,3 @@
# traefik
> https://docs.traefik.io

51
compose.yml Normal file
View File

@ -0,0 +1,51 @@
---
version: "3.8"
services:
traefik:
image: "traefik:v2.2.1"
ports:
- "80:80"
- "443:443"
- "2222:2222"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "letsencrypt:/etc/letsencrypt"
configs:
- source: traefik_yml
target: /etc/traefik/traefik.yml
- source: file_provider_yml
target: /etc/traefik/file-provider.yml
networks:
- proxy
deploy:
mode: replicated
replicas: 1
update_config:
failure_action: rollback
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.services.traefik.loadbalancer.server.port=web"
- "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.traefik.entrypoints=web-secure"
- "traefik.http.routers.traefik.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=keycloak@file"
networks:
proxy:
external: true
configs:
traefik_yml:
name: ${STACK_NAME}_traefik_yml_${TRAEFIK_YML_VERSION}
file: traefik.yml
file_provider_yml:
name: ${STACK_NAME}_file_provider_yml_${FILE_PROVIDER_YML_VERSION}
file: file-provider.yml
volumes:
letsencrypt:

9
file-provider.yml Normal file
View File

@ -0,0 +1,9 @@
---
http:
middlewares:
keycloak:
forwardAuth:
address: "http://traefik-forward-auth:4181"
trustForwardHeader: true
authResponseHeaders:
- X-Forwarded-User

43
traefik.yml Normal file
View File

@ -0,0 +1,43 @@
---
log:
level: INFO
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: proxy
swarmMode: true
file:
filename: /etc/traefik/file-provider.yml
api:
dashboard: false
debug: false
entrypoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: web-secure
web-secure:
address: ":443"
gitea-ssh:
address: ":2222"
certificatesResolvers:
staging:
acme:
email: helo@autonomic.zone
storage: /etc/letsencrypt/staging-acme.json
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
httpChallenge:
entryPoint: web
production:
acme:
email: helo@autonomic.zone
storage: /etc/letsencrypt/production-acme.json
httpChallenge:
entryPoint: web