inital commit

README.md

@@ -1,2 +1,23 @@
 # traefik
 
+### get started
+
+you will need a .env file
+
+sample .env:
+ 
+    # .env
+
+    PROJECT_NAME=sample
+    PROJECT_URL=localhost
+    TRAEFIK_NETWORK=traefik_net
+
+place the tls crt and key in the tls-data
+and append them also to the tls.yml
+
+
+then execute init
+
+
+### additional links
+- [traefik docu](https://doc.traefik.io/traefik/)

docker-compose-whoami.yml

@@ -0,0 +1,18 @@
+version: "1.0"
+
+networks:
+  default:
+    name: "${TRAEFIK_NETWORK}"
+    external: true
+
+services:
+  whoami:
+    image: "containous/whoami"
+    container_name: "${PROJECT_NAME}_whoami"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.${PROJECT_NAME}_whoami.entrypoints=websecure"
+      - "traefik.http.routers.${PROJECT_NAME}_whoami.rule=Host(`whoami.${PROJECT_URL}`)"
+      - "traefik.http.routers.${PROJECT_NAME}_whoami.tls=true"
+      
+

docker-compose.yml

@@ -0,0 +1,34 @@
+version: "1.0"
+
+networks:
+  default:
+    name: "${TRAEFIK_NETWORK}"
+    external: true
+
+services:
+  traefik:
+    image: "traefik:latest"
+    container_name: "${PROJECT_NAME}_traefik"  
+    hostname: "${PROJECT_NAME}"
+    network_mode: "host"
+    restart: "unless-stopped"
+    volumes:
+      - "./traefik.yml:/traefik.yml:ro"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "./tls.yml:/etc/traefik/dynamic_conf/conf.yml:ro"
+      - "./tls-data:/tls:ro"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=${TRAEFIK_NETWORK}"
+      
+      # HTTP -> HTTPS
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      
+      # HTTPS Routers
+      - "traefik.http.routers.${PROJECT_NAME}_traefik.rule=Host(`${PROJECT_URL}`)"
+      - "traefik.http.services.${PROJECT_NAME}_traefik.loadbalancer.server.port=8080"
+      - "traefik.http.routers.${PROJECT_NAME}_traefik.tls=true"
+      - "traefik.http.routers.${PROJECT_NAME}_traefik.entrypoints=websecure"

init

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+source ./.env
+
+mkdir tls-data
+
+docker network create $TRAEFIK_NETWORK
+
+docker compose up -d
+docker compose -f docker-compose-whoami.yml up -d
+
+    

tls-data/info.txt

@@ -0,0 +1 @@
+put your .crt and .key files here

tls.yml

@@ -0,0 +1,21 @@
+http:
+  middlewares:
+    secureHeaders:
+      headers:
+        sslRedirect: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /tls/CF-altogether.at.crt
+        keyFile: /tls/CF-altogether.at.key 
+  certificates:
+    - certFile: /tls/CF-altogether.at.crt
+      keyFile: /tls/CF-altogether.at.key
+      stores:
+        - default

traefik.yml

@@ -0,0 +1,32 @@
+## STATIC CONFIGURATION
+log:
+  level: INFO
+
+api:
+  insecure: true
+  dashboard: true
+
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+  websecure:
+    address: ":443"
+    http:
+      middlewares:
+        - secureHeaders@file
+  ssh:
+    address: ":22"
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+  #  endpoint: "tcp://dockerproxy:2375"
+    exposedByDefault: false
+  #  swarmMode: false
+  #  network: "socket_proxy"
+  file:
+    directory: "/etc/traefik/dynamic_conf"