forked from coop-cloud/traefik
Compare commits
25 Commits
feat-pull-
...
feat-relea
| Author | SHA1 | Date | |
|---|---|---|---|
324933a9cc
|
|||
| dc3e50838f | |||
| d59f6e0302 | |||
| 139202fa9c | |||
| de7989f3ca | |||
| d3bf1bce24 | |||
| 1ce9d9ca72 | |||
| a233438f80 | |||
|
ed257bd0b2
|
|||
| 7dd833dbec | |||
| d5f19d3b11 | |||
| 5d656ccb72 | |||
| fa55efb0c3 | |||
| 98fe0de193 | |||
| 862bc9a3a5 | |||
| 0238b73f77 | |||
| 5df55f7833 | |||
| 92650aa12a | |||
| 0e38a772e9 | |||
| f469a1a90e | |||
| 0d85f97200 | |||
| ac33efe73a | |||
| a135d170bb | |||
| fa7cf3e17b | |||
| d05c81b4d7 |
17
.env.sample
17
.env.sample
@ -1,5 +1,5 @@
|
|||||||
TYPE=traefik
|
TYPE=traefik
|
||||||
TIMEOUT=300
|
#TIMEOUT=300
|
||||||
ENABLE_AUTO_UPDATE=true
|
ENABLE_AUTO_UPDATE=true
|
||||||
ENABLE_BACKUPS=true
|
ENABLE_BACKUPS=true
|
||||||
|
|
||||||
@ -174,4 +174,17 @@ COMPOSE_FILE="compose.yml"
|
|||||||
|
|
||||||
## Nextcloud Talk HPB
|
## Nextcloud Talk HPB
|
||||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud-talk-hpb.yml"
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud-talk-hpb.yml"
|
||||||
#NEXTCLOUD_TALK_HPB_ENABLED=1
|
#NEXTCLOUD_TALK_HPB_ENABLED=1
|
||||||
|
|
||||||
|
## Anubis
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
|
||||||
|
#ANUBIS_COOKIE_DOMAIN=example.com
|
||||||
|
#ANUBIS_DOMAIN=anubis.example.com
|
||||||
|
#ANUBIS_REDIRECT_DOMAINS=
|
||||||
|
#ANUBIS_OG_PASSTHROUGH=true
|
||||||
|
#ANUBIS_OG_EXPIRY_TIME=1h
|
||||||
|
#ANUBIS_OG_CACHE_CONSIDER_HOST=true
|
||||||
|
#ANUBIS_SERVE_ROBOTS_TXT=true
|
||||||
|
|
||||||
|
## Enable onion service support
|
||||||
|
#ONION_ENABLED=1
|
||||||
|
|||||||
@ -1,5 +1,6 @@
|
|||||||
---
|
---
|
||||||
name: "Traefik pull request template"
|
name: "Traefik pull request template"
|
||||||
|
about: "Traefik pull request template"
|
||||||
---
|
---
|
||||||
|
|
||||||
<!--
|
<!--
|
||||||
|
|||||||
@ -21,9 +21,12 @@ In order to fullfill these responsibilities a recipe maintainer:
|
|||||||
|
|
||||||
A pull request can be merged if it is approved by at least one maintainer. For
|
A pull request can be merged if it is approved by at least one maintainer. For
|
||||||
pull requests opened by a maintainer they need to be approved by another
|
pull requests opened by a maintainer they need to be approved by another
|
||||||
maintainer.
|
maintainer. Even though it is okay to merge a pull request with one approval, it
|
||||||
|
is always better if all maintainers looked at the pull request and approved it.
|
||||||
|
|
||||||
## Become a maintainer
|
## Become a maintainer
|
||||||
|
|
||||||
Everyone can apply to be a recipe maintainer. Simply add your self to the list
|
Everyone can apply to be a recipe maintainer:
|
||||||
in the [README.md](./README.md) and open a new pull request with the change.
|
1. Watch the repository to always get updates
|
||||||
|
2. Simply add your self to the list in the [README.md](./README.md) and open a new pull request with the change.
|
||||||
|
3. Once the pull request gets merged you will be added to the [traefik maintainers team](https://git.coopcloud.tech/org/coop-cloud/teams/traefik-maintainers).
|
||||||
|
|||||||
19
README.md
19
README.md
@ -5,7 +5,7 @@
|
|||||||
> https://docs.traefik.io
|
> https://docs.traefik.io
|
||||||
|
|
||||||
<!-- metadata -->
|
<!-- metadata -->
|
||||||
* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se)
|
* **Maintainer**: [@p4u1](https://git.coopcloud.tech/p4u1), [@decentral1se](https://git.coopcloud.tech/decentral1se), [@javielico](https://git.coopcloud.tech/javielico)
|
||||||
* **Status**: `stable`
|
* **Status**: `stable`
|
||||||
* **Category**: Utilities
|
* **Category**: Utilities
|
||||||
* **Features**: ?
|
* **Features**: ?
|
||||||
@ -55,4 +55,21 @@ Letsencrypt DNS challenges.
|
|||||||
Access Token, in which case use compose.gandi-personal-access-token.yml.
|
Access Token, in which case use compose.gandi-personal-access-token.yml.
|
||||||
6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
|
6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
|
||||||
|
|
||||||
|
## Blocking scrapers with [Anubis](https://anubis.techaro.lol/)
|
||||||
|
|
||||||
|
Uncomment the lines on the Anubis section of the configuration. Set
|
||||||
|
a domain name for the cookies and a domain that will serve Anubis
|
||||||
|
redirection service. Optionally and for [added
|
||||||
|
security](https://anubis.techaro.lol/docs/admin/configuration/redirect-domains),
|
||||||
|
set a list of the domain names for the apps that are going to be
|
||||||
|
protected.
|
||||||
|
|
||||||
|
After deploying these changes, go to each recipe that supports Anubis
|
||||||
|
and follow the process there. **Enabling Anubis here is not enough for
|
||||||
|
protection your apps.**
|
||||||
|
|
||||||
|
## Enabling onion service
|
||||||
|
|
||||||
|
Uncomment the line in the config setting `ONION_ENABLED=1`. This will create a new entrypoint on port 9052 which can be used to bypass forced SSL. For more details, see the [onion recipe](https://recipes.coopcloud.tech/onion).
|
||||||
|
|
||||||
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||||
|
|||||||
2
abra.sh
2
abra.sh
@ -1,3 +1,3 @@
|
|||||||
export TRAEFIK_YML_VERSION=v28
|
export TRAEFIK_YML_VERSION=v29
|
||||||
export FILE_PROVIDER_YML_VERSION=v11
|
export FILE_PROVIDER_YML_VERSION=v11
|
||||||
export ENTRYPOINT_VERSION=v5
|
export ENTRYPOINT_VERSION=v5
|
||||||
|
|||||||
29
compose.anubis.yml
Normal file
29
compose.anubis.yml
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.anubis.forwardauth.address=http://anubis:8080/.within.website/x/cmd/anubis/api/check"
|
||||||
|
anubis:
|
||||||
|
image: "ghcr.io/techarohq/anubis:v1.24.0"
|
||||||
|
environment:
|
||||||
|
BIND: ":8080"
|
||||||
|
TARGET: " "
|
||||||
|
REDIRECT_DOMAINS: "${ANUBIS_REDIRECT_DOMAINS}"
|
||||||
|
COOKIE_DOMAIN: "${ANUBIS_COOKIE_DOMAIN}"
|
||||||
|
PUBLIC_URL: "https://${ANUBIS_DOMAIN}"
|
||||||
|
OG_PASSTHROUGH: "${ANUBIS_OG_PASSTHROUGH}"
|
||||||
|
OG_EXPIRY_TIME: "${ANUBIS_OG_EXPIRY_TIME}"
|
||||||
|
OG_CACHE_CONSIDER_HOST: "${ANUBIS_OG_CACHE_CONSIDER_HOST}"
|
||||||
|
SERVE_ROBOTS_TXT: "${ANUBIS_SERVE_ROBOTS_TXT}"
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
deploy:
|
||||||
|
labels:
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.anubis.rule=Host(`${ANUBIS_DOMAIN}`)"
|
||||||
|
- "traefik.http.routers.anubis.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||||
|
- "traefik.http.routers.anubis.entrypoints=web-secure"
|
||||||
|
- "traefik.http.services.anubis.loadbalancer.server.port=8080"
|
||||||
|
- "traefik.http.routers.anubis.service=anubis"
|
||||||
@ -3,7 +3,7 @@ version: "3.8"
|
|||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: "traefik:v3.6.5"
|
image: "traefik:v3.6.6"
|
||||||
# Note(decentral1se): *please do not* add any additional ports here.
|
# Note(decentral1se): *please do not* add any additional ports here.
|
||||||
# Doing so could break new installs with port conflicts. Please use
|
# Doing so could break new installs with port conflicts. Please use
|
||||||
# the usual `compose.$app.yml` approach for any additional ports
|
# the usual `compose.$app.yml` approach for any additional ports
|
||||||
@ -49,7 +49,7 @@ services:
|
|||||||
- "traefik.http.routers.${STACK_NAME}.service=api@internal"
|
- "traefik.http.routers.${STACK_NAME}.service=api@internal"
|
||||||
- "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
|
- "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
|
||||||
- "coop-cloud.${STACK_NAME}.version=3.9.0+v3.6.5"
|
- "coop-cloud.${STACK_NAME}.version=3.9.0+v3.6.5"
|
||||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
|
||||||
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
||||||
|
|
||||||
socket-proxy:
|
socket-proxy:
|
||||||
|
|||||||
10
release/next
Normal file
10
release/next
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
Short summary of the latest changes:
|
||||||
|
|
||||||
|
* Traefik has been upgraded with a patch release, no issues expected.
|
||||||
|
* "CurveP256" has been included to the TLS options.
|
||||||
|
* The default TIMEOUT value has been removed from the label directly.
|
||||||
|
* Anubis support is here, try out `compose.anubis.yml` and see the README.md for more.
|
||||||
|
* Onion services with Tor are not supported! See the README.md for more.
|
||||||
|
* There are now officially 3 recipe maintainers for Traefik!
|
||||||
|
|
||||||
|
All changes: https://git.coopcloud.tech/coop-cloud/traefik/compare/3.9.0+v3.6.5...master
|
||||||
@ -11,14 +11,14 @@ providers:
|
|||||||
endpoint: "tcp://socket-proxy:2375"
|
endpoint: "tcp://socket-proxy:2375"
|
||||||
exposedByDefault: false
|
exposedByDefault: false
|
||||||
network: proxy
|
network: proxy
|
||||||
{{ if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }}
|
{{- if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }}
|
||||||
file:
|
file:
|
||||||
directory: /etc/traefik/file-providers
|
directory: /etc/traefik/file-providers
|
||||||
watch: true
|
watch: true
|
||||||
{{ else }}
|
{{- else }}
|
||||||
file:
|
file:
|
||||||
filename: /etc/traefik/file-provider.yml
|
filename: /etc/traefik/file-provider.yml
|
||||||
{{ end }}
|
{{- end }}
|
||||||
|
|
||||||
api:
|
api:
|
||||||
dashboard: {{ env "DASHBOARD_ENABLED" }}
|
dashboard: {{ env "DASHBOARD_ENABLED" }}
|
||||||
@ -42,86 +42,90 @@ entrypoints:
|
|||||||
allowEncodedPercent: true
|
allowEncodedPercent: true
|
||||||
allowEncodedQuestionMark: true
|
allowEncodedQuestionMark: true
|
||||||
allowEncodedHash: true
|
allowEncodedHash: true
|
||||||
{{ if eq (env "GITEA_SSH_ENABLED") "1" }}
|
{{- if eq (env "GITEA_SSH_ENABLED") "1" }}
|
||||||
gitea-ssh:
|
gitea-ssh:
|
||||||
address: ":2222"
|
address: ":2222"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "P2PANDA_ENABLED") "1" }}
|
{{- if eq (env "P2PANDA_ENABLED") "1" }}
|
||||||
p2panda-udp-v4:
|
p2panda-udp-v4:
|
||||||
address: ":2022/udp"
|
address: ":2022/udp"
|
||||||
p2panda-udp-v6:
|
p2panda-udp-v6:
|
||||||
address: ":2023/udp"
|
address: ":2023/udp"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "GARAGE_RPC_ENABLED") "1" }}
|
{{- if eq (env "GARAGE_RPC_ENABLED") "1" }}
|
||||||
garage-rpc:
|
garage-rpc:
|
||||||
address: ":3901"
|
address: ":3901"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "FOODSOFT_SMTP_ENABLED") "1" }}
|
{{- if eq (env "FOODSOFT_SMTP_ENABLED") "1" }}
|
||||||
foodsoft-smtp:
|
foodsoft-smtp:
|
||||||
address: ":2525"
|
address: ":2525"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "SMTP_ENABLED") "1" }}
|
{{- if eq (env "SMTP_ENABLED") "1" }}
|
||||||
smtp-submission:
|
smtp-submission:
|
||||||
address: ":587"
|
address: ":587"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "PEERTUBE_RTMP_ENABLED") "1" }}
|
{{- if eq (env "PEERTUBE_RTMP_ENABLED") "1" }}
|
||||||
peertube-rtmp:
|
peertube-rtmp:
|
||||||
address: ":1935"
|
address: ":1935"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "WEB_ALT_ENABLED") "1" }}
|
{{- if eq (env "WEB_ALT_ENABLED") "1" }}
|
||||||
web-alt:
|
web-alt:
|
||||||
address: ":8000"
|
address: ":8000"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "SSB_MUXRPC_ENABLED") "1" }}
|
{{- if eq (env "SSB_MUXRPC_ENABLED") "1" }}
|
||||||
ssb-muxrpc:
|
ssb-muxrpc:
|
||||||
address: ":8008"
|
address: ":8008"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "MSSQL_ENABLED") "1" }}
|
{{- if eq (env "MSSQL_ENABLED") "1" }}
|
||||||
mssql:
|
mssql:
|
||||||
address: ":1433"
|
address: ":1433"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "MUMBLE_ENABLED") "1" }}
|
{{- if eq (env "MUMBLE_ENABLED") "1" }}
|
||||||
mumble:
|
mumble:
|
||||||
address: ":64738"
|
address: ":64738"
|
||||||
mumble-udp:
|
mumble-udp:
|
||||||
address: ":64738/udp"
|
address: ":64738/udp"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "COMPY_ENABLED") "1" }}
|
{{- if eq (env "COMPY_ENABLED") "1" }}
|
||||||
compy:
|
compy:
|
||||||
address: ":9999"
|
address: ":9999"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "IRC_ENABLED") "1" }}
|
{{- if eq (env "IRC_ENABLED") "1" }}
|
||||||
irc:
|
irc:
|
||||||
address: ":6697"
|
address: ":6697"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "METRICS_ENABLED") "1" }}
|
{{- if eq (env "METRICS_ENABLED") "1" }}
|
||||||
metrics:
|
metrics:
|
||||||
address: ":8082"
|
address: ":8082"
|
||||||
http:
|
http:
|
||||||
middlewares:
|
middlewares:
|
||||||
- basicauth@file
|
- basicauth@file
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
|
{{- if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
|
||||||
matrix-federation:
|
matrix-federation:
|
||||||
address: ":9001"
|
address: ":9001"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
{{ if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" }}
|
{{- if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" }}
|
||||||
nextcloud-talk-hpb:
|
nextcloud-talk-hpb:
|
||||||
address: ":3478"
|
address: ":3478"
|
||||||
nextcloud-talk-hpb-udp:
|
nextcloud-talk-hpb-udp:
|
||||||
address: ":3478/udp"
|
address: ":3478/udp"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
|
{{- if eq (env "ONION_ENABLED") "1" }}
|
||||||
|
onion:
|
||||||
|
address: ":9052"
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
ping:
|
ping:
|
||||||
entryPoint: web
|
entryPoint: web
|
||||||
|
|
||||||
{{ if eq (env "METRICS_ENABLED") "1" }}
|
{{- if eq (env "METRICS_ENABLED") "1" }}
|
||||||
metrics:
|
metrics:
|
||||||
prometheus:
|
prometheus:
|
||||||
entryPoint: metrics
|
entryPoint: metrics
|
||||||
addRoutersLabels: true
|
addRoutersLabels: true
|
||||||
addServicesLabels: true
|
addServicesLabels: true
|
||||||
{{ end }}
|
{{- end }}
|
||||||
|
|
||||||
certificatesResolvers:
|
certificatesResolvers:
|
||||||
staging:
|
staging:
|
||||||
@ -131,23 +135,23 @@ certificatesResolvers:
|
|||||||
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
httpChallenge:
|
httpChallenge:
|
||||||
entryPoint: web
|
entryPoint: web
|
||||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
{{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||||
dnsChallenge:
|
dnsChallenge:
|
||||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||||
resolvers:
|
resolvers:
|
||||||
- "1.1.1.1:53"
|
- "1.1.1.1:53"
|
||||||
- "8.8.8.8:53"
|
- "8.8.8.8:53"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
production:
|
production:
|
||||||
acme:
|
acme:
|
||||||
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
email: {{ env "LETS_ENCRYPT_EMAIL" }}
|
||||||
storage: /etc/letsencrypt/production-acme.json
|
storage: /etc/letsencrypt/production-acme.json
|
||||||
httpChallenge:
|
httpChallenge:
|
||||||
entryPoint: web
|
entryPoint: web
|
||||||
{{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
{{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
|
||||||
dnsChallenge:
|
dnsChallenge:
|
||||||
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
|
||||||
resolvers:
|
resolvers:
|
||||||
- "1.1.1.1:53"
|
- "1.1.1.1:53"
|
||||||
- "9.9.9.9:53"
|
- "9.9.9.9:53"
|
||||||
{{ end }}
|
{{- end }}
|
||||||
|
|||||||
Reference in New Issue
Block a user