forked from coop-cloud/traefik
Compare commits
24 Commits
error-page
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
|
51099c5ca0 | ||
| 8cce1b7ff7 | |||
| b9cbc9ba92 | |||
| d5f36255fe | |||
| b836d441f5 | |||
| 8de23fd652 | |||
| 6133be7830 | |||
| 5803d05532 | |||
| 0ace5037db | |||
| 9e2d000d12 | |||
| d4f1c6b45c | |||
| ca989e903c | |||
| 50cdb20a39 | |||
| 60b79b447a | |||
| f1b52916df | |||
|
35d435b4f6 | ||
| b7ea50d6aa | |||
| af33ec8510 | |||
| 685d32baf1 | |||
| e76d61be00 | |||
| daec338066 | |||
| e92e76ac88 | |||
| 70d10587bc | |||
| bdf84fcefd |
@ -16,8 +16,8 @@ steps:
|
||||
STACK_NAME: traefik
|
||||
LETS_ENCRYPT_ENV: production
|
||||
LETS_ENCRYPT_EMAIL: helo@autonomic.zone
|
||||
TRAEFIK_YML_VERSION: v4
|
||||
FILE_PROVIDER_YML_VERSION: v3
|
||||
TRAEFIK_YML_VERSION: v5
|
||||
FILE_PROVIDER_YML_VERSION: v4
|
||||
ENTRYPOINT_VERSION: v1
|
||||
trigger:
|
||||
branch:
|
||||
|
||||
19
.env.sample
19
.env.sample
@ -42,18 +42,29 @@ COMPOSE_FILE="compose.yml"
|
||||
|
||||
## Gandi, https://gandi.net
|
||||
## note(3wc): only "V5" (new) API is supported, so far
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi.yml"
|
||||
#GANDI_ENABLED=1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"
|
||||
#GANDI_API_KEY_ENABLED=1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||
|
||||
## Gandi, https://gandi.net
|
||||
## note: uses GandiV5 Personal Access Token
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"
|
||||
#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1
|
||||
#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1
|
||||
|
||||
## DigitalOcean, https://digitalocean.com
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
|
||||
#DIGITALOCEAN_ENABLED=1
|
||||
#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1
|
||||
|
||||
#####################################################################
|
||||
# Manual wildcard certificate insertion #
|
||||
#####################################################################
|
||||
|
||||
# Set wildcards = 1, and uncomment compose_file to enable.
|
||||
# Create your certs elsewhere and add them like:
|
||||
# abra app secrets insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
|
||||
# abra app secrets insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
|
||||
# abra app secret insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
|
||||
# abra app secret insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
|
||||
#WILDCARDS_ENABLED=1
|
||||
#SECRET_WILDCARD_CERT_VERSION=v1
|
||||
#SECRET_WILDCARD_KEY_VERSION=v1
|
||||
|
||||
@ -40,8 +40,10 @@ Letsencrypt DNS challenges.
|
||||
`SECRET_GANDIV5_API_KEY_VERSION`
|
||||
4. Generate an API key for your provider
|
||||
5. Run `abra app secret insert YOURAPPDOMAIN SECRETNAME v1 SECRETVALUE`, where
|
||||
`SECRETNAME` is from the compose file (e.g. `compose.gandi.yml`) e.g.
|
||||
`SECRETNAME` is from the compose file (e.g. `compose.gandi-api-key.yml`) e.g.
|
||||
`gandiv5_api_key` and `SECRETVALUE` is the API key.
|
||||
- For Gandi, you can use either the deprecated API Key or a GandiV5 Personal
|
||||
Access Token, in which case use compose.gandi-personal-access-token.yml.
|
||||
6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
|
||||
|
||||
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
|
||||
6
abra.sh
6
abra.sh
@ -1,3 +1,3 @@
|
||||
export TRAEFIK_YML_VERSION=v19
|
||||
export FILE_PROVIDER_YML_VERSION=v9
|
||||
export ENTRYPOINT_VERSION=v2
|
||||
export TRAEFIK_YML_VERSION=v21
|
||||
export FILE_PROVIDER_YML_VERSION=v10
|
||||
export ENTRYPOINT_VERSION=v3
|
||||
|
||||
4
alaconnect.yml
Normal file
4
alaconnect.yml
Normal file
@ -0,0 +1,4 @@
|
||||
matrix-synapse:
|
||||
uncomment:
|
||||
- compose.matrix.yml
|
||||
- MATRIX_FEDERATION_ENABLED
|
||||
15
compose.digitalocean.yml
Normal file
15
compose.digitalocean.yml
Normal file
@ -0,0 +1,15 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- DO_AUTH_TOKEN_FILE=/run/secrets/digitalocean_auth_token
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
||||
secrets:
|
||||
- digitalocean_auth_token
|
||||
|
||||
secrets:
|
||||
digitalocean_auth_token:
|
||||
name: ${STACK_NAME}_digitalocean_auth_token_${SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION}
|
||||
external: true
|
||||
15
compose.gandi-personal-access-token.yml
Normal file
15
compose.gandi-personal-access-token.yml
Normal file
@ -0,0 +1,15 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- GANDIV5_PERSONAL_ACCESS_TOKEN_FILE=/run/secrets/gandiv5_personal_access_token
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
||||
secrets:
|
||||
- gandiv5_personal_access_token
|
||||
|
||||
secrets:
|
||||
gandiv5_personal_access_token:
|
||||
name: ${STACK_NAME}_gandiv5_personal_access_token_${SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION}
|
||||
external: true
|
||||
42
compose.yml
42
compose.yml
@ -3,7 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "traefik:v2.11.0"
|
||||
image: "traefik:v2.11.10"
|
||||
# Note(decentral1se): *please do not* add any additional ports here.
|
||||
# Doing so could break new installs with port conflicts. Please use
|
||||
# the usual `compose.$app.yml` approach for any additional ports
|
||||
@ -11,7 +11,6 @@ services:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock"
|
||||
- "letsencrypt:/etc/letsencrypt"
|
||||
- "file-providers:/etc/traefik/file-providers"
|
||||
configs:
|
||||
@ -24,6 +23,7 @@ services:
|
||||
mode: 0555
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
environment:
|
||||
- DASHBOARD_ENABLED
|
||||
- LOG_LEVEL
|
||||
@ -47,12 +47,48 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.service=api@internal"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.6.0+v2.11.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.8.0+v2.11.10"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
|
||||
socket-proxy:
|
||||
image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls26
|
||||
environment:
|
||||
- ALLOW_START=0
|
||||
- ALLOW_STOP=0
|
||||
- ALLOW_RESTARTS=0
|
||||
- AUTH=0
|
||||
- BUILD=0
|
||||
- COMMIT=0
|
||||
- CONFIGS=0
|
||||
- CONTAINERS=1 # Needs access
|
||||
- DISABLE_IPV6=0
|
||||
- DISTRIBUTION=0
|
||||
- EVENTS=1 # Needs access
|
||||
- EXEC=0
|
||||
- IMAGES=0
|
||||
- INFO=0
|
||||
- NETWORKS=1 # Needs access
|
||||
- NODES=0
|
||||
- PING=0
|
||||
- POST=0
|
||||
- PLUGINS=0
|
||||
- SECRETS=0
|
||||
- SERVICES=1 # Needs access
|
||||
- SESSION=0
|
||||
- SWARM=0
|
||||
- SYSTEM=0
|
||||
- TASKS=1 # Needs access
|
||||
- VERSION=1 # Needs access
|
||||
- VOLUMES=0
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
networks:
|
||||
- internal
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
internal:
|
||||
|
||||
configs:
|
||||
traefik_yml:
|
||||
|
||||
@ -7,8 +7,16 @@ export OVH_CONSUMER_KEY=$(cat "$OVH_CONSUMER_KEY_FILE")
|
||||
export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "GANDI_ENABLED") "1" }}
|
||||
{{ if eq (env "GANDI_API_KEY_ENABLED") "1" }}
|
||||
export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "GANDI_PERSONAL_ACCESS_TOKEN_ENABLED") "1" }}
|
||||
export GANDIV5_PERSONAL_ACCESS_TOKEN=$(cat "$GANDIV5_PERSONAL_ACCESS_TOKEN_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
|
||||
export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
|
||||
{{ end }}
|
||||
|
||||
/entrypoint.sh "$@"
|
||||
|
||||
1
release/2.8.0+v2.11.10
Normal file
1
release/2.8.0+v2.11.10
Normal file
@ -0,0 +1 @@
|
||||
Important Security Update! https://nvd.nist.gov/vuln/detail/CVE-2024-45410
|
||||
@ -4,7 +4,7 @@ log:
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
endpoint: "tcp://socket-proxy:2375"
|
||||
exposedByDefault: false
|
||||
network: proxy
|
||||
swarmMode: true
|
||||
@ -24,6 +24,10 @@ api:
|
||||
entrypoints:
|
||||
web:
|
||||
address: ":80"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: web-secure
|
||||
web-secure:
|
||||
address: ":443"
|
||||
{{ if eq (env "GITEA_SSH_ENABLED") "1" }}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user