From d5d60e2fa6dc5a5599f6e597a962be7ac431be18 Mon Sep 17 00:00:00 2001
From: Raphael Martin <raphy.martin@protonmail.ch>
Date: Fri, 24 Nov 2023 17:46:05 +0100
Subject: [PATCH] inital commit

---
 README.md                 | 21 +++++++++++++++++++++
 acme.json                 |  0
 docker-compose-whoami.yml | 18 ++++++++++++++++++
 docker-compose.yml        | 34 ++++++++++++++++++++++++++++++++++
 init                      | 12 ++++++++++++
 tls-data/info.txt         |  1 +
 tls.yml                   | 21 +++++++++++++++++++++
 traefik.yml               | 32 ++++++++++++++++++++++++++++++++
 8 files changed, 139 insertions(+)
 create mode 100644 acme.json
 create mode 100644 docker-compose-whoami.yml
 create mode 100644 docker-compose.yml
 create mode 100755 init
 create mode 100644 tls-data/info.txt
 create mode 100644 tls.yml
 create mode 100644 traefik.yml

diff --git a/README.md b/README.md
index 39c7ed5..69b06a3 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,23 @@
 # traefik
 
+### get started
+
+you will need a .env file
+
+sample .env:
+ 
+    # .env
+
+    PROJECT_NAME=sample
+    PROJECT_URL=localhost
+    TRAEFIK_NETWORK=traefik_net
+
+place the tls crt and key in the tls-data
+and append them also to the tls.yml
+
+
+then execute init
+
+
+### additional links
+- [traefik docu](https://doc.traefik.io/traefik/)
\ No newline at end of file
diff --git a/acme.json b/acme.json
new file mode 100644
index 0000000..e69de29
diff --git a/docker-compose-whoami.yml b/docker-compose-whoami.yml
new file mode 100644
index 0000000..52d1462
--- /dev/null
+++ b/docker-compose-whoami.yml
@@ -0,0 +1,18 @@
+version: "1.0"
+
+networks:
+  default:
+    name: "${TRAEFIK_NETWORK}"
+    external: true
+
+services:
+  whoami:
+    image: "containous/whoami"
+    container_name: "${PROJECT_NAME}_whoami"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.${PROJECT_NAME}_whoami.entrypoints=websecure"
+      - "traefik.http.routers.${PROJECT_NAME}_whoami.rule=Host(`whoami.${PROJECT_URL}`)"
+      - "traefik.http.routers.${PROJECT_NAME}_whoami.tls=true"
+      
+
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..4027d74
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,34 @@
+version: "1.0"
+
+networks:
+  default:
+    name: "${TRAEFIK_NETWORK}"
+    external: true
+
+services:
+  traefik:
+    image: "traefik:latest"
+    container_name: "${PROJECT_NAME}_traefik"  
+    hostname: "${PROJECT_NAME}"
+    network_mode: "host"
+    restart: "unless-stopped"
+    volumes:
+      - "./traefik.yml:/traefik.yml:ro"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "./tls.yml:/etc/traefik/dynamic_conf/conf.yml:ro"
+      - "./tls-data:/tls:ro"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=${TRAEFIK_NETWORK}"
+      
+      # HTTP -> HTTPS
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      
+      # HTTPS Routers
+      - "traefik.http.routers.${PROJECT_NAME}_traefik.rule=Host(`${PROJECT_URL}`)"
+      - "traefik.http.services.${PROJECT_NAME}_traefik.loadbalancer.server.port=8080"
+      - "traefik.http.routers.${PROJECT_NAME}_traefik.tls=true"
+      - "traefik.http.routers.${PROJECT_NAME}_traefik.entrypoints=websecure"
\ No newline at end of file
diff --git a/init b/init
new file mode 100755
index 0000000..54909d7
--- /dev/null
+++ b/init
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+source ./.env
+
+mkdir tls-data
+
+docker network create $TRAEFIK_NETWORK
+
+docker compose up -d
+docker compose -f docker-compose-whoami.yml up -d
+
+    
diff --git a/tls-data/info.txt b/tls-data/info.txt
new file mode 100644
index 0000000..d72a484
--- /dev/null
+++ b/tls-data/info.txt
@@ -0,0 +1 @@
+put your .crt and .key files here
\ No newline at end of file
diff --git a/tls.yml b/tls.yml
new file mode 100644
index 0000000..179f6e1
--- /dev/null
+++ b/tls.yml
@@ -0,0 +1,21 @@
+http:
+  middlewares:
+    secureHeaders:
+      headers:
+        sslRedirect: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /tls/CF-altogether.at.crt
+        keyFile: /tls/CF-altogether.at.key 
+  certificates:
+    - certFile: /tls/CF-altogether.at.crt
+      keyFile: /tls/CF-altogether.at.key
+      stores:
+        - default
diff --git a/traefik.yml b/traefik.yml
new file mode 100644
index 0000000..c2a2c17
--- /dev/null
+++ b/traefik.yml
@@ -0,0 +1,32 @@
+## STATIC CONFIGURATION
+log:
+  level: INFO
+
+api:
+  insecure: true
+  dashboard: true
+
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+  websecure:
+    address: ":443"
+    http:
+      middlewares:
+        - secureHeaders@file
+  ssh:
+    address: ":22"
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+  #  endpoint: "tcp://dockerproxy:2375"
+    exposedByDefault: false
+  #  swarmMode: false
+  #  network: "socket_proxy"
+  file:
+    directory: "/etc/traefik/dynamic_conf"
\ No newline at end of file