Bootstrap Traefik repository

.envrc.sample

@@ -0,0 +1,5 @@
+export DOMAIN=traefik.swarm.autonomic.zone
+export FILE_PROVIDER_YML_VERSION=v1
+export LETS_ENCRYPT_ENV=staging
+export STACK_NAME=traefik
+export TRAEFIK_YML_VERSION=v1

.gitignore

@@ -0,0 +1 @@
+.envrc

README.md

@@ -0,0 +1,3 @@
+# traefik
+
+> https://docs.traefik.io

compose.yml

@@ -0,0 +1,51 @@
+---
+version: "3.8"
+
+services:
+  traefik:
+    image: "traefik:v2.2.1"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "2222:2222"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "letsencrypt:/etc/letsencrypt"
+    configs:
+      - source: traefik_yml
+        target: /etc/traefik/traefik.yml
+      - source: file_provider_yml
+        target: /etc/traefik/file-provider.yml
+    networks:
+      - proxy
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        failure_action: rollback
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.traefik.loadbalancer.server.port=web"
+        - "traefik.http.routers.traefik.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.traefik.entrypoints=web-secure"
+        - "traefik.http.routers.traefik.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.traefik.service=api@internal"
+        - "traefik.http.routers.traefik.middlewares=keycloak@file"
+
+networks:
+  proxy:
+    external: true
+
+configs:
+  traefik_yml:
+    name: ${STACK_NAME}_traefik_yml_${TRAEFIK_YML_VERSION}
+    file: traefik.yml
+  file_provider_yml:
+    name: ${STACK_NAME}_file_provider_yml_${FILE_PROVIDER_YML_VERSION}
+    file: file-provider.yml
+
+volumes:
+  letsencrypt:

file-provider.yml

@@ -0,0 +1,9 @@
+---
+http:
+  middlewares:
+    keycloak:
+      forwardAuth:
+        address: "http://traefik-forward-auth:4181"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-Forwarded-User

traefik.yml

@@ -0,0 +1,43 @@
+---
+log:
+  level: INFO
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    network: proxy
+    swarmMode: true
+  file:
+    filename: /etc/traefik/file-provider.yml
+
+api:
+  dashboard: false
+  debug: false
+
+entrypoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: web-secure
+  web-secure:
+    address: ":443"
+  gitea-ssh:
+    address: ":2222"
+
+certificatesResolvers:
+  staging:
+    acme:
+      email: helo@autonomic.zone
+      storage: /etc/letsencrypt/staging-acme.json
+      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      httpChallenge:
+        entryPoint: web
+  production:
+    acme:
+      email: helo@autonomic.zone
+      storage: /etc/letsencrypt/production-acme.json
+      httpChallenge:
+        entryPoint: web