forked from coop-cloud/traefik
Compare commits
14 Commits
2.8.0+v2.1
...
revert-log
| Author | SHA1 | Date | |
|---|---|---|---|
| 5e4ba7f327 | |||
| e21dbc655a | |||
| b9d825b5c5 | |||
| 74b3ee6716 | |||
| 14d5d79520 | |||
| 7185e6ab43 | |||
| 85d0c159b0 | |||
| 6294944952 | |||
| b5824c89f1 | |||
| 9c924f5d67 | |||
| ed0945f59f | |||
| 0fac81d4e2 | |||
| c8894b7ee7 | |||
| e65bffe337 |
@ -16,9 +16,9 @@ steps:
|
||||
STACK_NAME: traefik
|
||||
LETS_ENCRYPT_ENV: production
|
||||
LETS_ENCRYPT_EMAIL: helo@autonomic.zone
|
||||
TRAEFIK_YML_VERSION: v5
|
||||
FILE_PROVIDER_YML_VERSION: v4
|
||||
ENTRYPOINT_VERSION: v1
|
||||
TRAEFIK_YML_VERSION: v21
|
||||
FILE_PROVIDER_YML_VERSION: v10
|
||||
ENTRYPOINT_VERSION: v4
|
||||
trigger:
|
||||
branch:
|
||||
- master
|
||||
|
||||
12
.env.sample
12
.env.sample
@ -1,6 +1,7 @@
|
||||
TYPE=traefik
|
||||
TIMEOUT=300
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
ENABLE_BACKUPS=true
|
||||
|
||||
DOMAIN=traefik.example.com
|
||||
LETS_ENCRYPT_ENV=production
|
||||
@ -9,6 +10,7 @@ LETS_ENCRYPT_EMAIL=certs@example.com
|
||||
# DASHBOARD_ENABLED=true
|
||||
# WARN, INFO etc.
|
||||
LOG_LEVEL=WARN
|
||||
LOG_MAX_AGE=0
|
||||
|
||||
# This is here so later lines can extend it; you likely don't wanna edit
|
||||
COMPOSE_FILE="compose.yml"
|
||||
@ -42,10 +44,16 @@ COMPOSE_FILE="compose.yml"
|
||||
|
||||
## Gandi, https://gandi.net
|
||||
## note(3wc): only "V5" (new) API is supported, so far
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi.yml"
|
||||
#GANDI_ENABLED=1
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"
|
||||
#GANDI_API_KEY_ENABLED=1
|
||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||
|
||||
## Gandi, https://gandi.net
|
||||
## note: uses GandiV5 Personal Access Token
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"
|
||||
#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1
|
||||
#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1
|
||||
|
||||
## DigitalOcean, https://digitalocean.com
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
|
||||
#DIGITALOCEAN_ENABLED=1
|
||||
|
||||
@ -40,8 +40,10 @@ Letsencrypt DNS challenges.
|
||||
`SECRET_GANDIV5_API_KEY_VERSION`
|
||||
4. Generate an API key for your provider
|
||||
5. Run `abra app secret insert YOURAPPDOMAIN SECRETNAME v1 SECRETVALUE`, where
|
||||
`SECRETNAME` is from the compose file (e.g. `compose.gandi.yml`) e.g.
|
||||
`SECRETNAME` is from the compose file (e.g. `compose.gandi-api-key.yml`) e.g.
|
||||
`gandiv5_api_key` and `SECRETVALUE` is the API key.
|
||||
- For Gandi, you can use either the deprecated API Key or a GandiV5 Personal
|
||||
Access Token, in which case use compose.gandi-personal-access-token.yml.
|
||||
6. Redeploy Traefik, using e.g. `abra app deploy YOURAPPDOMAIN -f`
|
||||
|
||||
[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
|
||||
4
abra.sh
4
abra.sh
@ -1,3 +1,3 @@
|
||||
export TRAEFIK_YML_VERSION=v21
|
||||
export TRAEFIK_YML_VERSION=v22
|
||||
export FILE_PROVIDER_YML_VERSION=v10
|
||||
export ENTRYPOINT_VERSION=v3
|
||||
export ENTRYPOINT_VERSION=v4
|
||||
|
||||
15
compose.gandi-personal-access-token.yml
Normal file
15
compose.gandi-personal-access-token.yml
Normal file
@ -0,0 +1,15 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- GANDIV5_PERSONAL_ACCESS_TOKEN_FILE=/run/secrets/gandiv5_pat
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_ENABLED
|
||||
- LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER
|
||||
secrets:
|
||||
- gandiv5_pat
|
||||
|
||||
secrets:
|
||||
gandiv5_pat:
|
||||
name: ${STACK_NAME}_gandiv5_pat_${SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION}
|
||||
external: true
|
||||
@ -3,7 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "traefik:v2.11.10"
|
||||
image: "traefik:v2.11.14"
|
||||
# Note(decentral1se): *please do not* add any additional ports here.
|
||||
# Doing so could break new installs with port conflicts. Please use
|
||||
# the usual `compose.$app.yml` approach for any additional ports
|
||||
@ -27,6 +27,7 @@ services:
|
||||
environment:
|
||||
- DASHBOARD_ENABLED
|
||||
- LOG_LEVEL
|
||||
- LOG_MAX_AGE=${LOG_MAX_AGE:0}
|
||||
healthcheck:
|
||||
test: ["CMD", "traefik", "healthcheck"]
|
||||
interval: 30s
|
||||
@ -47,11 +48,12 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.service=api@internal"
|
||||
- "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.8.0+v2.11.10"
|
||||
- "coop-cloud.${STACK_NAME}.version=3.1.0+v2.11.14"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "backupbot.backup=${ENABLE_BACKUPS:-true}"
|
||||
|
||||
socket-proxy:
|
||||
image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls26
|
||||
image: lscr.io/linuxserver/socket-proxy:1.26.2-r0-ls30
|
||||
environment:
|
||||
- ALLOW_START=0
|
||||
- ALLOW_STOP=0
|
||||
|
||||
@ -7,10 +7,6 @@ export OVH_CONSUMER_KEY=$(cat "$OVH_CONSUMER_KEY_FILE")
|
||||
export OVH_APPLICATION_SECRET=$(cat "$OVH_APPLICATION_SECRET_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "GANDI_ENABLED") "1" }}
|
||||
export GANDIV5_API_KEY=$(cat "$GANDIV5_API_KEY_FILE")
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "DIGITALOCEAN_ENABLED") "1" }}
|
||||
export DO_AUTH_TOKEN=$(cat "$DO_AUTH_TOKEN_FILE")
|
||||
{{ end }}
|
||||
|
||||
1
release/2.9.0+v2.11.14
Normal file
1
release/2.9.0+v2.11.14
Normal file
@ -0,0 +1 @@
|
||||
Closes Security Issue https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg
|
||||
1
release/3.1.0+v2.11.14
Normal file
1
release/3.1.0+v2.11.14
Normal file
@ -0,0 +1 @@
|
||||
Adds log retention configuration option
|
||||
@ -1,6 +1,8 @@
|
||||
---
|
||||
log:
|
||||
level: {{ env "LOG_LEVEL" }}
|
||||
maxAge: {{ env "LOG_MAX_AGE" }}
|
||||
|
||||
|
||||
providers:
|
||||
docker:
|
||||
|
||||
Reference in New Issue
Block a user