Error pages

Re coop-cloud/organising#115
2024-04-01 22:56:45 -03:00
9 changed files with 57 additions and 36 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -16,8 +16,8 @@ steps:
      STACK_NAME: traefik
      LETS_ENCRYPT_ENV: production
      LETS_ENCRYPT_EMAIL: helo@autonomic.zone
-      TRAEFIK_YML_VERSION: v5
+      TRAEFIK_YML_VERSION: v4
-      FILE_PROVIDER_YML_VERSION: v4
+      FILE_PROVIDER_YML_VERSION: v3
      ENTRYPOINT_VERSION: v1
 trigger:
  branch:
--- a/.env.sample
+++ b/.env.sample
@ -46,19 +46,14 @@ COMPOSE_FILE="compose.yml"
 #GANDI_ENABLED=1
 #SECRET_GANDIV5_API_KEY_VERSION=v1
 ## DigitalOcean, https://digitalocean.com
 #COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
 #DIGITALOCEAN_ENABLED=1
 #SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
 #####################################################################
 # Manual wildcard certificate insertion                             #
 #####################################################################
 # Set wildcards = 1, and uncomment compose_file to enable.
 # Create your certs elsewhere and add them like:
-# abra app secret insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
+# abra app secrets insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
-# abra app secret insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
+# abra app secrets insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
 #WILDCARDS_ENABLED=1
 #SECRET_WILDCARD_CERT_VERSION=v1
 #SECRET_WILDCARD_KEY_VERSION=v1
--- a/abra.sh
+++ b/abra.sh
@ -1,3 +1,3 @@
 export TRAEFIK_YML_VERSION=v20
 export FILE_PROVIDER_YML_VERSION=v10
-export ENTRYPOINT_VERSION=v3
+export ENTRYPOINT_VERSION=v2
--- a/compose.digitalocean.yml
+++ b/compose.digitalocean.yml
@ -1,15 +0,0 @@
 version: "3.8"
 services:
  app:
    environment:
      - DO_AUTH_TOKEN_FILE=/run/secrets/digitalocean_auth_token
      - LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
      - LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
    secrets:
      - digitalocean_auth_token
 secrets:
  digitalocean_auth_token:
    name: ${STACK_NAME}_digitalocean_auth_token_${SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION}
    external: true
--- a/compose.errors.yml
+++ b/compose.errors.yml
@ -0,0 +1,29 @@
 ---
 version: "3.8"
 services:
  app:
    environment:
      - "CUSTOM_ERRORS=1"
    volumes:
      - "traefik-plugins:/plugins-local/"
  errors:
    image: "tarampampam/error-pages:2.27.0"
    networks:
      - proxy
    deploy:
      labels:
          - "traefik.enable=true"
          # use as "fallback" for any non-registered services (with priority below normal)
          - "traefik.http.routers.${STACK_NAME}-error.rule=HostRegexp(`{host:.+}`)"
          - "traefik.http.routers.${STACK_NAME}-error.priority=10"
          - "traefik.http.routers.${STACK_NAME}-error.entrypoints=web-secure"
          - "traefik.http.routers.${STACK_NAME}-error.tls.certresolver=${LETS_ENCRYPT_ENV}"
          - "traefik.http.services.${STACK_NAME}-error.loadbalancer.server.port=8080"
          # "errors" middleware settings
          - "traefik.http.middlewares.${STACK_NAME}-error.errors.status=400-599"
          - "traefik.http.middlewares.${STACK_NAME}-error.errors.service=${STACK_NAME}-error"
          - "traefik.http.middlewares.${STACK_NAME}-error.errors.query=/{status}.html"
 volumes:
  traefik-plugins:
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"
 services:
  app:
-    image: "traefik:v2.11.2"
+    image: "traefik:v2.11.0"
    # Note(decentral1se): *please do not* add any additional ports here.
    # Doing so could break new installs with port conflicts. Please use
    # the usual `compose.$app.yml` approach for any additional ports
@ -47,7 +47,7 @@ services:
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
        - "traefik.http.routers.${STACK_NAME}.service=api@internal"
        - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=2.6.3+v2.11.2"
+        - "coop-cloud.${STACK_NAME}.version=2.6.0+v2.11.0"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
 networks:
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -11,8 +11,4 @@ export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
 export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
 {{ end }}
 {{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
 export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
 {{ end }}
 /entrypoint.sh "$@"
--- a/file-provider.yml.tmpl
+++ b/file-provider.yml.tmpl
@ -1,6 +1,19 @@
 ---
 http:
  middlewares:
    {{ if eq (env "CUSTOM_ERRORS") "1" }}
    error:
      plugin:
        traefik-error-page:
          debug: "true"
          contentsOnly: "false"
          contentsOnlyMatch: "Bad Gateway"
          query: /{status}.html
          service: http://{{ env "STACK_NAME" }}_errors:8080
          status:
            - 502
    {{ end }}
    {{ if eq (env "KEYCLOAK_MIDDLEWARE_ENABLED") "1" }}
    keycloak:
      forwardAuth:
@ -48,4 +61,4 @@ tls:
  certificates:
    - certFile: /run/secrets/ssl_cert
      keyFile: /run/secrets/ssl_key
-  {{ end }}
+  {{ end }}
--- a/traefik.yml.tmpl
+++ b/traefik.yml.tmpl
@ -24,10 +24,6 @@ api:
 entrypoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: web-secure
  web-secure:
    address: ":443"
  {{ if eq (env "GITEA_SSH_ENABLED") "1" }}
@ -119,3 +115,10 @@ certificatesResolvers:
          - "1.1.1.1:53"
          - "9.9.9.9:53"
      {{ end }}
 {{ if eq (env "CUSTOM_ERRORS") "1" }}
 experimental:
  localplugins:
    traefik-error-page:
      moduleName: "github.com/3-w-c/traefik-error-page"
 {{ end }}