inital commit

This commit is contained in:
Raphael Martin 2023-11-24 17:46:05 +01:00
parent a3ffd4cf97
commit d5d60e2fa6
8 changed files with 139 additions and 0 deletions

View File

@ -1,2 +1,23 @@
# traefik # traefik
### get started
you will need a .env file
sample .env:
# .env
PROJECT_NAME=sample
PROJECT_URL=localhost
TRAEFIK_NETWORK=traefik_net
place the tls crt and key in the tls-data
and append them also to the tls.yml
then execute init
### additional links
- [traefik docu](https://doc.traefik.io/traefik/)

0
acme.json Normal file
View File

18
docker-compose-whoami.yml Normal file
View File

@ -0,0 +1,18 @@
version: "1.0"
networks:
default:
name: "${TRAEFIK_NETWORK}"
external: true
services:
whoami:
image: "containous/whoami"
container_name: "${PROJECT_NAME}_whoami"
labels:
- "traefik.enable=true"
- "traefik.http.routers.${PROJECT_NAME}_whoami.entrypoints=websecure"
- "traefik.http.routers.${PROJECT_NAME}_whoami.rule=Host(`whoami.${PROJECT_URL}`)"
- "traefik.http.routers.${PROJECT_NAME}_whoami.tls=true"

34
docker-compose.yml Normal file
View File

@ -0,0 +1,34 @@
version: "1.0"
networks:
default:
name: "${TRAEFIK_NETWORK}"
external: true
services:
traefik:
image: "traefik:latest"
container_name: "${PROJECT_NAME}_traefik"
hostname: "${PROJECT_NAME}"
network_mode: "host"
restart: "unless-stopped"
volumes:
- "./traefik.yml:/traefik.yml:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./tls.yml:/etc/traefik/dynamic_conf/conf.yml:ro"
- "./tls-data:/tls:ro"
labels:
- "traefik.enable=true"
- "traefik.docker.network=${TRAEFIK_NETWORK}"
# HTTP -> HTTPS
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# HTTPS Routers
- "traefik.http.routers.${PROJECT_NAME}_traefik.rule=Host(`${PROJECT_URL}`)"
- "traefik.http.services.${PROJECT_NAME}_traefik.loadbalancer.server.port=8080"
- "traefik.http.routers.${PROJECT_NAME}_traefik.tls=true"
- "traefik.http.routers.${PROJECT_NAME}_traefik.entrypoints=websecure"

12
init Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
source ./.env
mkdir tls-data
docker network create $TRAEFIK_NETWORK
docker compose up -d
docker compose -f docker-compose-whoami.yml up -d

1
tls-data/info.txt Normal file
View File

@ -0,0 +1 @@
put your .crt and .key files here

21
tls.yml Normal file
View File

@ -0,0 +1,21 @@
http:
middlewares:
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
tls:
stores:
default:
defaultCertificate:
certFile: /tls/CF-altogether.at.crt
keyFile: /tls/CF-altogether.at.key
certificates:
- certFile: /tls/CF-altogether.at.crt
keyFile: /tls/CF-altogether.at.key
stores:
- default

32
traefik.yml Normal file
View File

@ -0,0 +1,32 @@
## STATIC CONFIGURATION
log:
level: INFO
api:
insecure: true
dashboard: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
websecure:
address: ":443"
http:
middlewares:
- secureHeaders@file
ssh:
address: ":22"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
# endpoint: "tcp://dockerproxy:2375"
exposedByDefault: false
# swarmMode: false
# network: "socket_proxy"
file:
directory: "/etc/traefik/dynamic_conf"