Compare commits
1 Commits
Author | SHA1 | Date |
---|---|---|
appletalk | 737b4ebe15 |
24
.drone.yml
24
.drone.yml
|
@ -3,12 +3,10 @@ kind: pipeline
|
||||||
name: deploy to swarm-test.autonomic.zone
|
name: deploy to swarm-test.autonomic.zone
|
||||||
steps:
|
steps:
|
||||||
- name: deployment
|
- name: deployment
|
||||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
image: decentral1se/stack-ssh-deploy:latest
|
||||||
settings:
|
settings:
|
||||||
host: swarm-test.autonomic.zone
|
host: swarm-test.autonomic.zone
|
||||||
stack: traefik
|
stack: traefik
|
||||||
networks:
|
|
||||||
- proxy
|
|
||||||
deploy_key:
|
deploy_key:
|
||||||
from_secret: drone_ssh_swarm_test
|
from_secret: drone_ssh_swarm_test
|
||||||
environment:
|
environment:
|
||||||
|
@ -16,25 +14,19 @@ steps:
|
||||||
STACK_NAME: traefik
|
STACK_NAME: traefik
|
||||||
LETS_ENCRYPT_ENV: production
|
LETS_ENCRYPT_ENV: production
|
||||||
LETS_ENCRYPT_EMAIL: helo@autonomic.zone
|
LETS_ENCRYPT_EMAIL: helo@autonomic.zone
|
||||||
TRAEFIK_YML_VERSION: v5
|
TRAEFIK_YML_VERSION: v4
|
||||||
FILE_PROVIDER_YML_VERSION: v4
|
FILE_PROVIDER_YML_VERSION: v3
|
||||||
ENTRYPOINT_VERSION: v1
|
ENTRYPOINT_VERSION: v1
|
||||||
trigger:
|
trigger:
|
||||||
branch:
|
branch:
|
||||||
- master
|
- master
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
name: generate recipe catalogue
|
name: recipe release
|
||||||
steps:
|
steps:
|
||||||
- name: release a new version
|
- name: release a new version
|
||||||
image: plugins/downstream
|
image: thecoopcloud/drone-abra:latest
|
||||||
settings:
|
settings:
|
||||||
server: https://build.coopcloud.tech
|
command: recipe traefik release
|
||||||
token:
|
deploy_key:
|
||||||
from_secret: drone_abra-bot_token
|
from_secret: abra_bot_deploy_key
|
||||||
fork: true
|
|
||||||
repositories:
|
|
||||||
- coop-cloud/auto-recipes-catalogue-json
|
|
||||||
|
|
||||||
trigger:
|
|
||||||
event: tag
|
|
||||||
|
|
46
.env.sample
46
.env.sample
|
@ -1,8 +1,6 @@
|
||||||
TYPE=traefik
|
TYPE=traefik
|
||||||
TIMEOUT=300
|
|
||||||
ENABLE_AUTO_UPDATE=true
|
|
||||||
|
|
||||||
DOMAIN=traefik.example.com
|
DOMAIN={{ .Domain }}
|
||||||
LETS_ENCRYPT_ENV=production
|
LETS_ENCRYPT_ENV=production
|
||||||
|
|
||||||
LETS_ENCRYPT_EMAIL=certs@example.com
|
LETS_ENCRYPT_EMAIL=certs@example.com
|
||||||
|
@ -46,26 +44,14 @@ COMPOSE_FILE="compose.yml"
|
||||||
#GANDI_ENABLED=1
|
#GANDI_ENABLED=1
|
||||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||||
|
|
||||||
## DigitalOcean, https://digitalocean.com
|
## Cloudflare, https://cloudflare.com
|
||||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
|
||||||
#DIGITALOCEAN_ENABLED=1
|
#CLOUDFLARE_ENABLED=1
|
||||||
#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
|
#SECRET_CLOUDFLARE_EMAIL_VERSION=v1
|
||||||
|
#SECRET_CLOUDFLARE_API_KEY=v1
|
||||||
|
|
||||||
#####################################################################
|
#####################################################################
|
||||||
# Manual wildcard certificate insertion #
|
# Keycloak log-in #
|
||||||
#####################################################################
|
|
||||||
|
|
||||||
# Set wildcards = 1, and uncomment compose_file to enable.
|
|
||||||
# Create your certs elsewhere and add them like:
|
|
||||||
# abra app secrets insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
|
|
||||||
# abra app secrets insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
|
|
||||||
#WILDCARDS_ENABLED=1
|
|
||||||
#SECRET_WILDCARD_CERT_VERSION=v1
|
|
||||||
#SECRET_WILDCARD_KEY_VERSION=v1
|
|
||||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
|
|
||||||
|
|
||||||
#####################################################################
|
|
||||||
# Authentication #
|
|
||||||
#####################################################################
|
#####################################################################
|
||||||
|
|
||||||
## Enable Keycloak
|
## Enable Keycloak
|
||||||
|
@ -75,27 +61,14 @@ COMPOSE_FILE="compose.yml"
|
||||||
#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
|
#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
|
||||||
#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app
|
#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app
|
||||||
|
|
||||||
## BASIC_AUTH
|
|
||||||
## Use httpasswd to generate the secret
|
|
||||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"
|
|
||||||
#BASIC_AUTH=1
|
|
||||||
#SECRET_USERSFILE_VERSION=v1
|
|
||||||
|
|
||||||
#####################################################################
|
#####################################################################
|
||||||
# Prometheus metrics #
|
# Prometheus metrics #
|
||||||
#####################################################################
|
#####################################################################
|
||||||
|
|
||||||
## Enable prometheus metrics collection
|
## Enable prometheus metrics collection
|
||||||
## used used by the coop-cloud monitoring stack
|
## used used by the coop-cloud monitoring stack
|
||||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
|
|
||||||
#METRICS_ENABLED=1
|
#METRICS_ENABLED=1
|
||||||
|
|
||||||
#####################################################################
|
|
||||||
# File provider directory configuration #
|
|
||||||
# (Route bare metal and non-docker services on the machine!) #
|
|
||||||
#####################################################################
|
|
||||||
#FILE_PROVIDER_DIRECTORY_ENABLED=1
|
|
||||||
|
|
||||||
#####################################################################
|
#####################################################################
|
||||||
# Additional services #
|
# Additional services #
|
||||||
#####################################################################
|
#####################################################################
|
||||||
|
@ -135,8 +108,3 @@ COMPOSE_FILE="compose.yml"
|
||||||
## Matrix
|
## Matrix
|
||||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
|
||||||
#MATRIX_FEDERATION_ENABLED=1
|
#MATRIX_FEDERATION_ENABLED=1
|
||||||
|
|
||||||
## "Web alt", an alternative web port
|
|
||||||
# NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this
|
|
||||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml"
|
|
||||||
#WEB_ALT_ENABLED=1
|
|
||||||
|
|
25
README.md
25
README.md
|
@ -19,29 +19,8 @@
|
||||||
|
|
||||||
1. Set up Docker Swarm and [`abra`]
|
1. Set up Docker Swarm and [`abra`]
|
||||||
2. `abra app new traefik`
|
2. `abra app new traefik`
|
||||||
3. `abra app config YOURAPPDOMAIN` - be sure to change `DOMAIN` to something that resolves to
|
3. `abra app YOURAPPDOMAIN config` - be sure to change `DOMAIN` to something that resolves to
|
||||||
your Docker swarm box
|
your Docker swarm box
|
||||||
4. `abra app deploy YOURAPPDOMAIN`
|
4. `abra app YOURAPPDOMAIN deploy`
|
||||||
|
|
||||||
## Configuring wildcard SSL using DNS
|
|
||||||
|
|
||||||
Automatic certificate generation will Just Work™ for most recipes which use a fixed
|
|
||||||
number of subdomains. For some recipes which need to work across arbitrary
|
|
||||||
subdomains, like
|
|
||||||
[`federatedwiki`](https://git.coopcloud.tech/coop-cloud/federatedwiki/) and
|
|
||||||
[`go-ssb-room`](https://git.coopcloud.tech/coop-cloud/federatedwiki/), you'll
|
|
||||||
need to give Traefik access to your DNS provider so that it can carry out
|
|
||||||
Letsencrypt DNS challenges.
|
|
||||||
|
|
||||||
1. Use Gandi or OVH for DNS 🤡 (support for other providers can be easily added,
|
|
||||||
see [the `lego` docs](https://go-acme.github.io/lego/dns/#dns-providers).
|
|
||||||
2. Run `abra app config YOURAPPDOMAIN`
|
|
||||||
3. Uncomment e.g. `ENABLE_GANDI` and the related `SECRET_.._VERSION` line, e.g.
|
|
||||||
`SECRET_GANDIV5_API_KEY_VERSION`
|
|
||||||
4. Generate an API key for your provider
|
|
||||||
5. Run `abra app secret insert YOURAPPDOMAIN SECRETNAME v1 SECRETVALUE`, where
|
|
||||||
`SECRETNAME` is from the compose file (e.g. `compose.gandi.yml`) e.g.
|
|
||||||
`gandiv5_api_key` and `SECRETVALUE` is the API key.
|
|
||||||
6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
|
|
||||||
|
|
||||||
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||||
|
|
6
abra.sh
6
abra.sh
|
@ -1,3 +1,3 @@
|
||||||
export TRAEFIK_YML_VERSION=v20
|
export TRAEFIK_YML_VERSION=v14
|
||||||
export FILE_PROVIDER_YML_VERSION=v10
|
export FILE_PROVIDER_YML_VERSION=v6
|
||||||
export ENTRYPOINT_VERSION=v3
|
export ENTRYPOINT_VERSION=v2
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
version: "3.8"
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
environment:
|
|
||||||
- BASIC_AUTH
|
|
||||||
secrets:
|
|
||||||
- usersfile
|
|
||||||
|
|
||||||
secrets:
|
|
||||||
usersfile:
|
|
||||||
name: ${STACK_NAME}_usersfile_${SECRET_USERSFILE_VERSION}
|
|
||||||
external: true
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
environment:
|
||||||
|
- CLOUDFLARE_EMAIL_FILE=/run/secrets/cloudflare_email
|
||||||
|
- CLOUDFLARE_API_KEY_FILE=/run/secrets/cloudflare_api_key
|
||||||
|
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
||||||
|
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
||||||
|
secrets:
|
||||||
|
- cloudflare_email
|
||||||
|
- cloudflare_api_key
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
cloudflare_email:
|
||||||
|
name: ${STACK_NAME}_cloudflare_email_${SECRET_CLOUDFLARE_EMAIL_VERSION}
|
||||||
|
external: true
|
||||||
|
cloudflare_api_key:
|
||||||
|
name: ${STACK_NAME}_cloudflare_api_key_${SECRET_CLOUDFLARE_API_KEY}
|
||||||
|
external: true
|
|
@ -1,15 +0,0 @@
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
environment:
|
|
||||||
- DO_AUTH_TOKEN_FILE=/run/secrets/digitalocean_auth_token
|
|
||||||
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
|
||||||
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
|
||||||
secrets:
|
|
||||||
- digitalocean_auth_token
|
|
||||||
|
|
||||||
secrets:
|
|
||||||
digitalocean_auth_token:
|
|
||||||
name: ${STACK_NAME}_digitalocean_auth_token_${SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION}
|
|
||||||
external: true
|
|
|
@ -10,5 +10,5 @@ services:
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.services.traefik.loadbalancer.server.port=web"
|
- "traefik.http.services.traefik.loadbalancer.server.port=web"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
- "traefik.http.routers.traefik.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.${STACK_NAME}.service=api@internal"
|
- "traefik.http.routers.traefik.service=api@internal"
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
version: "3.8"
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
environment:
|
|
||||||
- METRICS_ENABLED
|
|
||||||
ports:
|
|
||||||
- target: 8082
|
|
||||||
published: 8082
|
|
||||||
mode: host
|
|
|
@ -1,7 +0,0 @@
|
||||||
version: "3.8"
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
environment:
|
|
||||||
- WEB_ALT_ENABLED
|
|
||||||
ports:
|
|
||||||
- "8000:8000"
|
|
|
@ -1,16 +0,0 @@
|
||||||
---
|
|
||||||
version: "3.8"
|
|
||||||
|
|
||||||
services:
|
|
||||||
app:
|
|
||||||
secrets:
|
|
||||||
- ssl_cert
|
|
||||||
- ssl_key
|
|
||||||
|
|
||||||
secrets:
|
|
||||||
ssl_cert:
|
|
||||||
name: ${STACK_NAME}_ssl_cert_${SECRET_WILDCARD_CERT_VERSION}
|
|
||||||
external: true
|
|
||||||
ssl_key:
|
|
||||||
name: ${STACK_NAME}_ssl_key_${SECRET_WILDCARD_KEY_VERSION}
|
|
||||||
external: true
|
|
22
compose.yml
22
compose.yml
|
@ -3,7 +3,7 @@ version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: "traefik:v2.11.2"
|
image: "traefik:v2.5.6"
|
||||||
# Note(decentral1se): *please do not* add any additional ports here.
|
# Note(decentral1se): *please do not* add any additional ports here.
|
||||||
# Doing so could break new installs with port conflicts. Please use
|
# Doing so could break new installs with port conflicts. Please use
|
||||||
# the usual `compose.$app.yml` approach for any additional ports
|
# the usual `compose.$app.yml` approach for any additional ports
|
||||||
|
@ -13,7 +13,6 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||||
- "letsencrypt:/etc/letsencrypt"
|
- "letsencrypt:/etc/letsencrypt"
|
||||||
- "file-providers:/etc/traefik/file-providers"
|
|
||||||
configs:
|
configs:
|
||||||
- source: traefik_yml
|
- source: traefik_yml
|
||||||
target: /etc/traefik/traefik.yml
|
target: /etc/traefik/traefik.yml
|
||||||
|
@ -27,6 +26,8 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- DASHBOARD_ENABLED
|
- DASHBOARD_ENABLED
|
||||||
- LOG_LEVEL
|
- LOG_LEVEL
|
||||||
|
- LETS_ENCRYPT_EMAIL
|
||||||
|
- LETS_ENCRYPT_ENV
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "traefik", "healthcheck"]
|
test: ["CMD", "traefik", "healthcheck"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
|
@ -41,14 +42,14 @@ services:
|
||||||
order: start-first
|
order: start-first
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=web"
|
- "traefik.http.services.traefik.loadbalancer.server.port=web"
|
||||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
- "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
|
||||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
- "traefik.http.routers.traefik.entrypoints=web-secure"
|
||||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
- "traefik.http.routers.traefik.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
- "traefik.http.routers.${STACK_NAME}.service=api@internal"
|
- "traefik.http.routers.traefik.tls.options=default@file"
|
||||||
- "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
|
- "traefik.http.routers.traefik.service=api@internal"
|
||||||
- "coop-cloud.${STACK_NAME}.version=2.6.3+v2.11.2"
|
- "traefik.http.routers.traefik.middlewares=security@file"
|
||||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
- "coop-cloud.${STACK_NAME}.version=1.0.1+v2.5.6"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
|
@ -70,4 +71,3 @@ configs:
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
letsencrypt:
|
letsencrypt:
|
||||||
file-providers:
|
|
||||||
|
|
|
@ -11,8 +11,9 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
|
||||||
export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
|
export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
{{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
|
{{ if eq (env "CLOUDFLARE_ENABLED") "1" }}
|
||||||
export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
|
export CLOUDFLARE_EMAIL=$(cat "$CLOUDFLARE_EMAIL_FILE")
|
||||||
|
export CLOUDFLARE_API_KEY=$(cat "$CLOUDFLARE_API_KEY_FILE")
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
/entrypoint.sh "$@"
|
/entrypoint.sh "$@"
|
||||||
|
|
|
@ -17,14 +17,10 @@ http:
|
||||||
authResponseHeaders:
|
authResponseHeaders:
|
||||||
- X-Forwarded-User
|
- X-Forwarded-User
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ if eq (env "BASIC_AUTH") "1" }}
|
|
||||||
basicauth:
|
|
||||||
basicAuth:
|
|
||||||
usersFile: "/run/secrets/usersfile"
|
|
||||||
{{ end }}
|
|
||||||
security:
|
security:
|
||||||
headers:
|
headers:
|
||||||
frameDeny: true
|
frameDeny: true
|
||||||
|
sslRedirect: true
|
||||||
browserXssFilter: true
|
browserXssFilter: true
|
||||||
contentTypeNosniff: true
|
contentTypeNosniff: true
|
||||||
stsIncludeSubdomains: true
|
stsIncludeSubdomains: true
|
||||||
|
@ -44,8 +40,3 @@ tls:
|
||||||
- CurveP521
|
- CurveP521
|
||||||
- CurveP384
|
- CurveP384
|
||||||
sniStrict: true
|
sniStrict: true
|
||||||
{{ if eq (env "WILDCARDS_ENABLED") "1" }}
|
|
||||||
certificates:
|
|
||||||
- certFile: /run/secrets/ssl_cert
|
|
||||||
keyFile: /run/secrets/ssl_key
|
|
||||||
{{ end }}
|
|
|
@ -8,14 +8,8 @@ providers:
|
||||||
exposedByDefault: false
|
exposedByDefault: false
|
||||||
network: proxy
|
network: proxy
|
||||||
swarmMode: true
|
swarmMode: true
|
||||||
{{ if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }}
|
|
||||||
file:
|
|
||||||
directory: /etc/traefik/file-providers
|
|
||||||
watch: true
|
|
||||||
{{ else }}
|
|
||||||
file:
|
file:
|
||||||
filename: /etc/traefik/file-provider.yml
|
filename: /etc/traefik/file-provider.yml
|
||||||
{{ end }}
|
|
||||||
|
|
||||||
api:
|
api:
|
||||||
dashboard: {{ env "DASHBOARD_ENABLED" }}
|
dashboard: {{ env "DASHBOARD_ENABLED" }}
|
||||||
|
@ -46,10 +40,6 @@ entrypoints:
|
||||||
peertube-rtmp:
|
peertube-rtmp:
|
||||||
address: ":1935"
|
address: ":1935"
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ if eq (env "WEB_ALT_ENABLED") "1" }}
|
|
||||||
web-alt:
|
|
||||||
address: ":8000"
|
|
||||||
{{ end }}
|
|
||||||
{{ if eq (env "SSB_MUXRPC_ENABLED") "1" }}
|
{{ if eq (env "SSB_MUXRPC_ENABLED") "1" }}
|
||||||
ssb-muxrpc:
|
ssb-muxrpc:
|
||||||
address: ":8008"
|
address: ":8008"
|
||||||
|
@ -71,9 +61,6 @@ entrypoints:
|
||||||
{{ if eq (env "METRICS_ENABLED") "1" }}
|
{{ if eq (env "METRICS_ENABLED") "1" }}
|
||||||
metrics:
|
metrics:
|
||||||
address: ":8082"
|
address: ":8082"
|
||||||
http:
|
|
||||||
middlewares:
|
|
||||||
- basicauth@file
|
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
|
{{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
|
||||||
matrix-federation:
|
matrix-federation:
|
||||||
|
@ -87,35 +74,39 @@ ping:
|
||||||
metrics:
|
metrics:
|
||||||
prometheus:
|
prometheus:
|
||||||
entryPoint: metrics
|
entryPoint: metrics
|
||||||
addRoutersLabels: true
|
|
||||||
addServicesLabels: true
|
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
certificatesResolvers:
|
certificatesResolvers:
|
||||||
|
{{ if eq (env "LETS_ENCRYPT_ENV") "staging" }}
|
||||||
staging:
|
staging:
|
||||||
acme:
|
acme:
|
||||||
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
||||||
storage: /etc/letsencrypt/staging-acme.json
|
storage: /etc/letsencrypt/staging-acme.json
|
||||||
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
httpChallenge:
|
|
||||||
entryPoint: web
|
|
||||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||||
dnsChallenge:
|
dnsChallenge:
|
||||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||||
resolvers:
|
resolvers:
|
||||||
- "1.1.1.1:53"
|
- "1.1.1.1:53"
|
||||||
- "8.8.8.8:53"
|
- "8.8.8.8:53"
|
||||||
|
{{ else }}
|
||||||
|
httpChallenge:
|
||||||
|
entryPoint: web
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
{{ if eq (env "LETS_ENCRYPT_ENV") "production" }}
|
||||||
production:
|
production:
|
||||||
acme:
|
acme:
|
||||||
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
||||||
storage: /etc/letsencrypt/production-acme.json
|
storage: /etc/letsencrypt/production-acme.json
|
||||||
httpChallenge:
|
|
||||||
entryPoint: web
|
|
||||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||||
dnsChallenge:
|
dnsChallenge:
|
||||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||||
resolvers:
|
resolvers:
|
||||||
- "1.1.1.1:53"
|
- "1.1.1.1:53"
|
||||||
- "9.9.9.9:53"
|
- "8.8.8.8:53"
|
||||||
|
{{ else }}
|
||||||
|
httpChallenge:
|
||||||
|
entryPoint: web
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
{{ end }}
|
||||||
|
|
Loading…
Reference in New Issue