forked from coop-cloud/traefik
Compare commits
6 Commits
5e7e16a707
...
e3c1df83fa
Author | SHA1 | Date |
---|---|---|
|
e3c1df83fa | |
|
998190f684 | |
|
cd92c909ba | |
|
64351c27d1 | |
|
f4b05fd87f | |
|
3c5333ba71 |
13
.env.sample
13
.env.sample
|
@ -46,6 +46,19 @@ COMPOSE_FILE="compose.yml"
|
||||||
#GANDI_ENABLED=1
|
#GANDI_ENABLED=1
|
||||||
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
#SECRET_GANDIV5_API_KEY_VERSION=v1
|
||||||
|
|
||||||
|
#####################################################################
|
||||||
|
# Manual wildcard certificate insertion #
|
||||||
|
#####################################################################
|
||||||
|
|
||||||
|
# Set wildcards = 1, and uncomment compose_file to enable.
|
||||||
|
# Create your certs elsewhere and add them like:
|
||||||
|
# abra app secrets insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
|
||||||
|
# abra app secrets insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
|
||||||
|
#WILDCARDS_ENABLED=1
|
||||||
|
#SECRET_WILDCARD_CERT_VERSION=v1
|
||||||
|
#SECRET_WILDCARD_KEY_VERSION=v1
|
||||||
|
#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
|
||||||
|
|
||||||
#####################################################################
|
#####################################################################
|
||||||
# Keycloak log-in #
|
# Keycloak log-in #
|
||||||
#####################################################################
|
#####################################################################
|
||||||
|
|
4
abra.sh
4
abra.sh
|
@ -1,3 +1,3 @@
|
||||||
export TRAEFIK_YML_VERSION=v17
|
export TRAEFIK_YML_VERSION=v18
|
||||||
export FILE_PROVIDER_YML_VERSION=v8
|
export FILE_PROVIDER_YML_VERSION=v9
|
||||||
export ENTRYPOINT_VERSION=v2
|
export ENTRYPOINT_VERSION=v2
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
secrets:
|
||||||
|
- ssl_cert
|
||||||
|
- ssl_key
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
ssl_cert:
|
||||||
|
name: ${STACK_NAME}_ssl_cert_${SECRET_WILDCARD_CERT_VERSION}
|
||||||
|
external: true
|
||||||
|
ssl_key:
|
||||||
|
name: ${STACK_NAME}_ssl_key_${SECRET_WILDCARD_KEY_VERSION}
|
||||||
|
external: true
|
|
@ -3,7 +3,7 @@ version: "3.8"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
app:
|
app:
|
||||||
image: "traefik:v2.10.5"
|
image: "traefik:v2.10.7"
|
||||||
# Note(decentral1se): *please do not* add any additional ports here.
|
# Note(decentral1se): *please do not* add any additional ports here.
|
||||||
# Doing so could break new installs with port conflicts. Please use
|
# Doing so could break new installs with port conflicts. Please use
|
||||||
# the usual `compose.$app.yml` approach for any additional ports
|
# the usual `compose.$app.yml` approach for any additional ports
|
||||||
|
|
|
@ -25,7 +25,6 @@ http:
|
||||||
security:
|
security:
|
||||||
headers:
|
headers:
|
||||||
frameDeny: true
|
frameDeny: true
|
||||||
sslRedirect: true
|
|
||||||
browserXssFilter: true
|
browserXssFilter: true
|
||||||
contentTypeNosniff: true
|
contentTypeNosniff: true
|
||||||
stsIncludeSubdomains: true
|
stsIncludeSubdomains: true
|
||||||
|
@ -45,3 +44,8 @@ tls:
|
||||||
- CurveP521
|
- CurveP521
|
||||||
- CurveP384
|
- CurveP384
|
||||||
sniStrict: true
|
sniStrict: true
|
||||||
|
{{ if eq (env "WILDCARDS_ENABLED") "1" }}
|
||||||
|
certificates:
|
||||||
|
- certFile: /run/secrets/ssl_cert
|
||||||
|
keyFile: /run/secrets/ssl_key
|
||||||
|
{{ end }}
|
Loading…
Reference in New Issue