Compare commits
39 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 d1admin
|
b538fa1509 | ||
 3wordchant
|
8e91a5a3ee | ||
|
d1admin
|
3048d09cd8 | ||
|
d1admin
|
2c9e980809 | ||
|
d1admin
|
ec47f5c9dd | ||
|
d1admin
|
cf81dc543a | ||
|
d1admin
|
48f03d8fcf | ||
 decentral1se
|
8c6fe61e60 | ||
 mirsal
|
fc5aa70d27 | ||
|
3wordchant
|
9e123afb07 | ||
|
3wordchant
|
baba7ff87d | ||
|
3wordchant
|
e856591c97 | ||
|
3wordchant
|
8bcd8f054e | ||
|
3wordchant
|
a9a513e8da | ||
|
3wordchant
|
46010aeb95 | ||
 renovate-bot
|
0421dd4747 | ||
|
d1admin
|
eb69ba9309 | ||
|
d1admin
|
21cd25f3d6 | ||
|
d1admin
|
f9b3475086 | ||
|
d1admin
|
ef443bae50 | ||
|
renovate-bot
|
aacf00309e | ||
|
d1admin
|
f73e38d143 | ||
 decentral1se
|
661bec4727 | ||
|
decentral1se
|
7258b129c4 | ||
 decentral1se
|
bbbdfc272d | ||
 ahdinosaur
|
2c81622d9a | ||
|
decentral1se
|
8ff2f3a294 | ||
|
decentral1se
|
2c745416fc | ||
|
decentral1se
|
d968028216 | ||
 3wc
|
8d309bc7bf | ||
|
decentral1se
|
18d8805c99 | ||
|
decentral1se
|
bdff19882b | ||
|
decentral1se
|
fd9faeb021 | ||
|
decentral1se
|
f26557bd40 | ||
|
decentral1se
|
2de31afe26 | ||
|
decentral1se
|
028ad6ce62 | ||
|
decentral1se
|
ede226cea7 | ||
|
decentral1se
|
9a1dd29d01 | ||
|
decentral1se
|
2428f5fabd |
+13
-2
@@ -14,8 +14,19 @@ steps:
|
||||
STACK_NAME: traefik
|
||||
LETS_ENCRYPT_ENV: production
|
||||
LETS_ENCRYPT_EMAIL: helo@autonomic.zone
|
||||
TRAEFIK_YML_VERSION: v3
|
||||
FILE_PROVIDER_YML_VERSION: v2
|
||||
TRAEFIK_YML_VERSION: v4
|
||||
FILE_PROVIDER_YML_VERSION: v3
|
||||
ENTRYPOINT_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
- master
|
||||
---
|
||||
kind: pipeline
|
||||
name: recipe release
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: thecoopcloud/drone-abra:latest
|
||||
settings:
|
||||
command: recipe traefik release
|
||||
deploy_key:
|
||||
from_secret: abra_bot_deploy_key
|
||||
|
||||
+72
-4
@@ -8,19 +8,87 @@ LETS_ENCRYPT_EMAIL=certs@example.com
|
||||
# WARN, INFO etc.
|
||||
LOG_LEVEL=WARN
|
||||
|
||||
# This is here so later lines can extend it; you likely don't wanna edit
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
#####################################################################
|
||||
# General settings #
|
||||
#####################################################################
|
||||
|
||||
## Host-mode networking
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"
|
||||
|
||||
## "Headless mode" (no domain configured)
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"
|
||||
|
||||
#####################################################################
|
||||
# Automatic DNS set-up for Letsencrypt #
|
||||
#####################################################################
|
||||
|
||||
## Enable dns challenge (for wildcard domains)
|
||||
## https://doc.traefik.io/traefik/https/acme/#dnschallenge
|
||||
#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
|
||||
#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh
|
||||
|
||||
## OVH, https://ovh.com
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.ovh.yml"
|
||||
#OVH_ENABLED=1
|
||||
#OVH_APPLICATION_KEY=
|
||||
#OVH_ENDPOINT=
|
||||
#SECRET_OVH_APP_SECRET_VERSION=v1
|
||||
#SECRET_OVH_CONSUMER_KEY=v1
|
||||
|
||||
## Gandi, https://gandi.net
|
||||
## note(3wc): only "V5" (new) API is supported, so far
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi.yml"
|
||||
#GANDI_ENABLED=1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||
|
||||
#####################################################################
|
||||
# Keycloak log-in #
|
||||
#####################################################################
|
||||
|
||||
## Enable Keycloak
|
||||
#COMPOSE_FILE="compose.yml:compose.keycloak.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
|
||||
#KEYCLOAK_MIDDLEWARE_ENABLED=1
|
||||
#KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
|
||||
|
||||
#####################################################################
|
||||
# Prometheus metrics #
|
||||
#####################################################################
|
||||
|
||||
## Enable prometheus metrics collection
|
||||
## used used by the coop-cloud monitoring stack
|
||||
#METRICS_ENABLED=1
|
||||
|
||||
#####################################################################
|
||||
# Additional services #
|
||||
#####################################################################
|
||||
|
||||
## SMTP port 587
|
||||
#COMPOSE_FILE="compose.yml:compose.smtp.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||
#SMTP_ENABLED=1
|
||||
|
||||
## Gitea SSH
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
|
||||
# GITEA_SSH_ENABLED=1
|
||||
|
||||
## Foodsoft SMTP
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.foodsoft.yml"
|
||||
# FOODSOFT_SMTP_ENABLED=1
|
||||
|
||||
## Host-mode networking
|
||||
#COMPOSE_FILE="compose.yml:compose.host.yml"
|
||||
## Peertube RTMP
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.peertube.yml"
|
||||
#PEERTUBE_RTMP_ENABLED=1
|
||||
|
||||
## Secure Scuttlebutt MUXRPC
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.ssb.yml"
|
||||
#SSB_MUXRPC_ENABLED=1
|
||||
|
||||
## MSSQL
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.mssql.yml"
|
||||
#MSSQL_ENABLED=1
|
||||
|
||||
## Mumble
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"
|
||||
#MUMBLE_ENABLED=1
|
||||
|
||||
@@ -1,2 +1,3 @@
|
||||
export TRAEFIK_YML_VERSION=v5
|
||||
export FILE_PROVIDER_YML_VERSION=v1
|
||||
export TRAEFIK_YML_VERSION=v12
|
||||
export FILE_PROVIDER_YML_VERSION=v3
|
||||
export ENTRYPOINT_VERSION=v2
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- FOODSOFT_SMTP_ENABLED
|
||||
ports:
|
||||
- "2525:2525"
|
||||
@@ -0,0 +1,15 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- GANDIV5_API_KEY_FILE=/run/secrets/gandiv5_api_key
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
||||
secrets:
|
||||
- gandiv5_api_key
|
||||
|
||||
secrets:
|
||||
gandiv5_api_key:
|
||||
name: ${STACK_NAME}_gandiv5_api_key_${SECRET_GANDIV5_API_KEY_VERSION}
|
||||
external: true
|
||||
@@ -0,0 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- GITEA_SSH_ENABLED
|
||||
ports:
|
||||
- "2222:2222"
|
||||
@@ -0,0 +1,15 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
deploy:
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
order: start-first
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.traefik.loadbalancer.server.port=web"
|
||||
- "traefik.http.routers.traefik.entrypoints=web-secure"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "coop-cloud.${STACK_NAME}.app.version=v2.4.9-be23e1f6"
|
||||
@@ -13,6 +13,3 @@ services:
|
||||
- target: 443
|
||||
published: 443
|
||||
mode: host
|
||||
- target: 2222
|
||||
published: 2222
|
||||
mode: host
|
||||
|
||||
@@ -8,3 +8,4 @@ services:
|
||||
- "traefik.http.routers.traefik.middlewares=keycloak@file"
|
||||
environment:
|
||||
- KEYCLOAK_MIDDLEWARE_ENABLED
|
||||
- KEYCLOAK_TFA_SERVICE
|
||||
|
||||
@@ -0,0 +1,10 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- MSSQL_ENABLED
|
||||
ports:
|
||||
- target: 1433
|
||||
published: 1433
|
||||
protocol: tcp
|
||||
mode: host
|
||||
@@ -0,0 +1,9 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- MUMBLE_ENABLED
|
||||
ports:
|
||||
- "64738:64738/udp"
|
||||
# note (3wc): see https://github.com/docker/compose/issues/7627
|
||||
- "64737-64739:64737-64739/tcp"
|
||||
@@ -0,0 +1,21 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- OVH_APPLICATION_KEY
|
||||
- OVH_APPLICATION_SECRET_FILE=/run/secrets/ovh_app_secret
|
||||
- OVH_CONSUMER_KEY_FILE=/run/secrets/ovh_consumer_key
|
||||
- OVH_ENABLED
|
||||
- OVH_ENDPOINT
|
||||
secrets:
|
||||
- ovh_app_secret
|
||||
- ovh_consumer_key
|
||||
|
||||
secrets:
|
||||
ovh_app_secret:
|
||||
name: ${STACK_NAME}_ovh_app_secret_${SECRET_OVH_APP_SECRET_VERSION}
|
||||
external: true
|
||||
ovh_consumer_key:
|
||||
name: ${STACK_NAME}_ovh_consumer_key_${SECRET_OVH_CONSUMER_KEY}
|
||||
external: true
|
||||
@@ -0,0 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- PEERTUBE_RTMP_ENABLED
|
||||
ports:
|
||||
- "1935:1935"
|
||||
@@ -3,5 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- SMTP_ENABLED
|
||||
ports:
|
||||
- "587:587"
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- SSB_MUXRPC_ENABLED
|
||||
ports:
|
||||
- "8008:8008"
|
||||
+39
-9
@@ -1,12 +1,15 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "traefik:v2.4.8"
|
||||
image: "traefik:v2.5.2"
|
||||
# Note(decentral1se): *please do not* add any additional ports here.
|
||||
# Doing so could break new installs with port conflicts. Please use
|
||||
# the usual `compose.$app.yml` approach for any additional ports
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "2222:2222"
|
||||
- "2525:2525"
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
- "letsencrypt:/etc/letsencrypt"
|
||||
@@ -15,20 +18,22 @@ services:
|
||||
target: /etc/traefik/traefik.yml
|
||||
- source: file_provider_yml
|
||||
target: /etc/traefik/file-provider.yml
|
||||
- source: entrypoint
|
||||
target: /custom-entrypoint.sh
|
||||
mode: 0555
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
- DASHBOARD_ENABLED
|
||||
- FOODSOFT_SMTP_ENABLED
|
||||
- GITEA_SSH_ENABLED
|
||||
- LOG_LEVEL
|
||||
- SMTP_ENABLED
|
||||
healthcheck:
|
||||
test: ["CMD", "traefik", "healthcheck"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 10
|
||||
start_period: 1m
|
||||
command: traefik
|
||||
entrypoint: /custom-entrypoint.sh
|
||||
deploy:
|
||||
update_config:
|
||||
failure_action: rollback
|
||||
@@ -42,17 +47,42 @@ services:
|
||||
- "traefik.http.routers.traefik.tls.options=default@file"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.routers.traefik.middlewares=security@file"
|
||||
- coop-cloud.${STACK_NAME}.app.version=v2.4.8-d7d63b0d
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+v2.5.2"
|
||||
|
||||
web:
|
||||
image: tarampampam/error-pages:2.2.0
|
||||
environment:
|
||||
- TEMPLATE_NAME=shuffle
|
||||
networks:
|
||||
- proxy
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.error-pages-service.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.error-router.entrypoints=web-secure"
|
||||
- "traefik.http.routers.error-router.rule=HostRegexp(`{host:.+}`)"
|
||||
- "traefik.http.routers.error-router.priority=10"
|
||||
- "traefik.http.routers.error-router.middlewares=error-pages-middleware@docker"
|
||||
- "traefik.http.middlewares.error-pages-middleware.errors.status=400-599"
|
||||
- "traefik.http.middlewares.error-pages-middleware.errors.service=error-pages-service@docker"
|
||||
- "traefik.http.middlewares.error-pages-middleware.errors.query=/{status}.html"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
|
||||
configs:
|
||||
traefik_yml:
|
||||
name: ${STACK_NAME}_traefik_yml_${TRAEFIK_YML_VERSION}
|
||||
file: traefik.yml
|
||||
file: traefik.yml.tmpl
|
||||
template_driver: golang
|
||||
file_provider_yml:
|
||||
name: ${STACK_NAME}_file_provider_yml_${FILE_PROVIDER_YML_VERSION}
|
||||
file: file-provider.yml
|
||||
file: file-provider.yml.tmpl
|
||||
template_driver: golang
|
||||
entrypoint:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
|
||||
volumes:
|
||||
letsencrypt:
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
{{ if eq (env "OVH_ENABLED") "1" }}
|
||||
export OVH_CONSUMER_KEY=$(cat "$OVH_CONSUMER_KEY_FILE")
|
||||
export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "GANDI_ENABLED") "1" }}
|
||||
export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
|
||||
{{ end }}
|
||||
|
||||
/entrypoint.sh "$@"
|
||||
@@ -4,7 +4,7 @@ http:
|
||||
{{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
|
||||
keycloak:
|
||||
forwardAuth:
|
||||
address: "http://traefik-forward-auth:4181"
|
||||
address: "http://{{ env "KEYCLOAK_TFA_SERVICE" }}:4181"
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-Forwarded-User
|
||||
@@ -1,6 +0,0 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:base"
|
||||
]
|
||||
}
|
||||
@@ -36,10 +36,38 @@ entrypoints:
|
||||
smtp-submission:
|
||||
address: ":587"
|
||||
{{ end }}
|
||||
{{ if eq (env "PEERTUBE_RTMP_ENABLED") "1" }}
|
||||
peertube-rtmp:
|
||||
address: ":1935"
|
||||
{{ end }}
|
||||
{{ if eq (env "SSB_MUXRPC_ENABLED") "1" }}
|
||||
ssb-muxrpc:
|
||||
address: ":8008"
|
||||
{{ end }}
|
||||
{{ if eq (env "MSSQL_ENABLED") "1" }}
|
||||
mssql:
|
||||
address: ":1433"
|
||||
{{ end }}
|
||||
{{ if eq (env "MUMBLE_ENABLED") "1" }}
|
||||
mumble:
|
||||
address: ":64738"
|
||||
mumble-udp:
|
||||
address: ":64738/udp"
|
||||
{{ end }}
|
||||
{{ if eq (env "METRICS_ENABLED") "1" }}
|
||||
metrics:
|
||||
address: ":8082"
|
||||
{{ end }}
|
||||
|
||||
ping:
|
||||
entryPoint: web
|
||||
|
||||
{{ if eq (env "METRICS_ENABLED") "1" }}
|
||||
metrics:
|
||||
prometheus:
|
||||
entryPoint: metrics
|
||||
{{ end }}
|
||||
|
||||
certificatesResolvers:
|
||||
staging:
|
||||
acme:
|
||||
@@ -48,9 +76,23 @@ certificatesResolvers:
|
||||
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||
dnsChallenge:
|
||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "8.8.8.8:53"
|
||||
{{ end }}
|
||||
production:
|
||||
acme:
|
||||
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
||||
storage: /etc/letsencrypt/production-acme.json
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||
dnsChallenge:
|
||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "8.8.8.8:53"
|
||||
{{ end }}
|
||||
Reference in New Issue
Block a user