Compare commits
36 Commits
error-mess
...
master
Author | SHA1 | Date |
---|---|---|
Javielico | b7ea50d6aa | |
Javielico | af33ec8510 | |
3wordchant | 685d32baf1 | |
3wc | e76d61be00 | |
3wc | daec338066 | |
3wc | e92e76ac88 | |
3wc | 70d10587bc | |
3wc | bdf84fcefd | |
3wc | 2db2f71a80 | |
3wc | c558e1dbdb | |
3wc | edc29f9594 | |
3wc | f7f77dc942 | |
p4u1 | ecc12b2b68 | |
decentral1se | a0e70f33be | |
Chris (wolcen) Thompson | e3c1df83fa | |
Chris (wolcen) Thompson | 998190f684 | |
Chris (wolcen) Thompson | cd92c909ba | |
Chris (wolcen) Thompson | 64351c27d1 | |
Chris (wolcen) Thompson | f4b05fd87f | |
Chris (wolcen) Thompson | 3c5333ba71 | |
3wc | 5f2fd0bf37 | |
3wc | ac3a47fe8c | |
Philipp Rothmann | 1e02f358ed | |
Philipp Rothmann | 6cdcc25384 | |
Philipp Rothmann | d2b7b671f5 | |
Philipp Rothmann | c9d80df34d | |
Philipp Rothmann | aaa34c1ea8 | |
Philipp Rothmann | 6dee438492 | |
Philipp Rothmann | ff668b2266 | |
Philipp Rothmann | e2c16be2ff | |
3wc | 892f3c3124 | |
3wc | 4205f4911e | |
3wc | 13eb4a782d | |
decentral1se | b00a65a890 | |
Moritz | a213094d46 | |
Moritz | 8bb3adba81 |
|
@ -16,8 +16,8 @@ steps:
|
|||
STACK_NAME: traefik
|
||||
LETS_ENCRYPT_ENV: production
|
||||
LETS_ENCRYPT_EMAIL: helo@autonomic.zone
|
||||
TRAEFIK_YML_VERSION: v4
|
||||
FILE_PROVIDER_YML_VERSION: v3
|
||||
TRAEFIK_YML_VERSION: v5
|
||||
FILE_PROVIDER_YML_VERSION: v4
|
||||
ENTRYPOINT_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
|
|
40
.env.sample
40
.env.sample
|
@ -1,4 +1,6 @@
|
|||
TYPE=traefik
|
||||
TIMEOUT=300
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
|
||||
DOMAIN=traefik.example.com
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
@ -44,8 +46,26 @@ COMPOSE_FILE="compose.yml"
|
|||
#GANDI_ENABLED=1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||
|
||||
## DigitalOcean, https://digitalocean.com
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
|
||||
#DIGITALOCEAN_ENABLED=1
|
||||
#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
|
||||
|
||||
#####################################################################
|
||||
# Keycloak log-in #
|
||||
# Manual wildcard certificate insertion #
|
||||
#####################################################################
|
||||
|
||||
# Set wildcards = 1, and uncomment compose_file to enable.
|
||||
# Create your certs elsewhere and add them like:
|
||||
# abra app secrets insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
|
||||
# abra app secrets insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
|
||||
#WILDCARDS_ENABLED=1
|
||||
#SECRET_WILDCARD_CERT_VERSION=v1
|
||||
#SECRET_WILDCARD_KEY_VERSION=v1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
|
||||
|
||||
#####################################################################
|
||||
# Authentication #
|
||||
#####################################################################
|
||||
|
||||
## Enable Keycloak
|
||||
|
@ -55,14 +75,27 @@ COMPOSE_FILE="compose.yml"
|
|||
#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
|
||||
#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app
|
||||
|
||||
## BASIC_AUTH
|
||||
## Use httpasswd to generate the secret
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"
|
||||
#BASIC_AUTH=1
|
||||
#SECRET_USERSFILE_VERSION=v1
|
||||
|
||||
#####################################################################
|
||||
# Prometheus metrics #
|
||||
#####################################################################
|
||||
|
||||
## Enable prometheus metrics collection
|
||||
## used used by the coop-cloud monitoring stack
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
|
||||
#METRICS_ENABLED=1
|
||||
|
||||
#####################################################################
|
||||
# File provider directory configuration #
|
||||
# (Route bare metal and non-docker services on the machine!) #
|
||||
#####################################################################
|
||||
#FILE_PROVIDER_DIRECTORY_ENABLED=1
|
||||
|
||||
#####################################################################
|
||||
# Additional services #
|
||||
#####################################################################
|
||||
|
@ -102,3 +135,8 @@ COMPOSE_FILE="compose.yml"
|
|||
## Matrix
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
|
||||
#MATRIX_FEDERATION_ENABLED=1
|
||||
|
||||
## "Web alt", an alternative web port
|
||||
# NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml"
|
||||
#WEB_ALT_ENABLED=1
|
||||
|
|
6
abra.sh
6
abra.sh
|
@ -1,3 +1,3 @@
|
|||
export TRAEFIK_YML_VERSION=v15
|
||||
export FILE_PROVIDER_YML_VERSION=v6
|
||||
export ENTRYPOINT_VERSION=v2
|
||||
export TRAEFIK_YML_VERSION=v20
|
||||
export FILE_PROVIDER_YML_VERSION=v10
|
||||
export ENTRYPOINT_VERSION=v3
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- BASIC_AUTH
|
||||
secrets:
|
||||
- usersfile
|
||||
|
||||
secrets:
|
||||
usersfile:
|
||||
name: ${STACK_NAME}_usersfile_${SECRET_USERSFILE_VERSION}
|
||||
external: true
|
|
@ -0,0 +1,15 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- DO_AUTH_TOKEN_FILE=/run/secrets/digitalocean_auth_token
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
||||
secrets:
|
||||
- digitalocean_auth_token
|
||||
|
||||
secrets:
|
||||
digitalocean_auth_token:
|
||||
name: ${STACK_NAME}_digitalocean_auth_token_${SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION}
|
||||
external: true
|
|
@ -0,0 +1,9 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- METRICS_ENABLED
|
||||
ports:
|
||||
- target: 8082
|
||||
published: 8082
|
||||
mode: host
|
|
@ -0,0 +1,7 @@
|
|||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- WEB_ALT_ENABLED
|
||||
ports:
|
||||
- "8000:8000"
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- ssl_cert
|
||||
- ssl_key
|
||||
|
||||
secrets:
|
||||
ssl_cert:
|
||||
name: ${STACK_NAME}_ssl_cert_${SECRET_WILDCARD_CERT_VERSION}
|
||||
external: true
|
||||
ssl_key:
|
||||
name: ${STACK_NAME}_ssl_key_${SECRET_WILDCARD_KEY_VERSION}
|
||||
external: true
|
|
@ -3,7 +3,7 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
app:
|
||||
image: "traefik:v2.9.9"
|
||||
image: "traefik:v2.11.2"
|
||||
# Note(decentral1se): *please do not* add any additional ports here.
|
||||
# Doing so could break new installs with port conflicts. Please use
|
||||
# the usual `compose.$app.yml` approach for any additional ports
|
||||
|
@ -13,6 +13,7 @@ services:
|
|||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
- "letsencrypt:/etc/letsencrypt"
|
||||
- "file-providers:/etc/traefik/file-providers"
|
||||
configs:
|
||||
- source: traefik_yml
|
||||
target: /etc/traefik/traefik.yml
|
||||
|
@ -46,7 +47,8 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.service=api@internal"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.1.0+v2.9.9"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.6.3+v2.11.2"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
@ -68,3 +70,4 @@ configs:
|
|||
|
||||
volumes:
|
||||
letsencrypt:
|
||||
file-providers:
|
||||
|
|
|
@ -11,4 +11,8 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
|
|||
export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
|
||||
export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
|
||||
{{ end }}
|
||||
|
||||
/entrypoint.sh "$@"
|
||||
|
|
|
@ -17,10 +17,14 @@ http:
|
|||
authResponseHeaders:
|
||||
- X-Forwarded-User
|
||||
{{ end }}
|
||||
{{ if eq (env "BASIC_AUTH") "1" }}
|
||||
basicauth:
|
||||
basicAuth:
|
||||
usersFile: "/run/secrets/usersfile"
|
||||
{{ end }}
|
||||
security:
|
||||
headers:
|
||||
frameDeny: true
|
||||
sslRedirect: true
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
stsIncludeSubdomains: true
|
||||
|
@ -40,3 +44,8 @@ tls:
|
|||
- CurveP521
|
||||
- CurveP384
|
||||
sniStrict: true
|
||||
{{ if eq (env "WILDCARDS_ENABLED") "1" }}
|
||||
certificates:
|
||||
- certFile: /run/secrets/ssl_cert
|
||||
keyFile: /run/secrets/ssl_key
|
||||
{{ end }}
|
|
@ -8,8 +8,14 @@ providers:
|
|||
exposedByDefault: false
|
||||
network: proxy
|
||||
swarmMode: true
|
||||
{{ if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }}
|
||||
file:
|
||||
directory: /etc/traefik/file-providers
|
||||
watch: true
|
||||
{{ else }}
|
||||
file:
|
||||
filename: /etc/traefik/file-provider.yml
|
||||
{{ end }}
|
||||
|
||||
api:
|
||||
dashboard: {{ env "DASHBOARD_ENABLED" }}
|
||||
|
@ -40,6 +46,10 @@ entrypoints:
|
|||
peertube-rtmp:
|
||||
address: ":1935"
|
||||
{{ end }}
|
||||
{{ if eq (env "WEB_ALT_ENABLED") "1" }}
|
||||
web-alt:
|
||||
address: ":8000"
|
||||
{{ end }}
|
||||
{{ if eq (env "SSB_MUXRPC_ENABLED") "1" }}
|
||||
ssb-muxrpc:
|
||||
address: ":8008"
|
||||
|
@ -61,6 +71,9 @@ entrypoints:
|
|||
{{ if eq (env "METRICS_ENABLED") "1" }}
|
||||
metrics:
|
||||
address: ":8082"
|
||||
http:
|
||||
middlewares:
|
||||
- basicauth@file
|
||||
{{ end }}
|
||||
{{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
|
||||
matrix-federation:
|
||||
|
@ -74,6 +87,8 @@ ping:
|
|||
metrics:
|
||||
prometheus:
|
||||
entryPoint: metrics
|
||||
addRoutersLabels: true
|
||||
addServicesLabels: true
|
||||
{{ end }}
|
||||
|
||||
certificatesResolvers:
|
||||
|
|
Loading…
Reference in New Issue