dynamic traefik configuration improvements
turned out that --providers.file.directory cli switch didn't override the file settings, and so, remapping the /etc/traefik dirs was a better approach.
This commit is contained in:
parent
df961389c8
commit
303a03518a
|
@ -1,5 +1,5 @@
|
||||||
.env.local
|
.env.local
|
||||||
_traefik.dynamic/tls
|
_traefik/tls
|
||||||
_traefik.dynamic/shared/acme.json
|
_traefik/shared
|
||||||
**/app.env
|
**/app.env
|
||||||
ddns-updater/config.json
|
ddns-updater/config.json
|
||||||
|
|
|
@ -1,42 +0,0 @@
|
||||||
# http routing section
|
|
||||||
http:
|
|
||||||
routers:
|
|
||||||
# Define a connection between requests and services
|
|
||||||
"to-kasm-main":
|
|
||||||
rule: "Host(`k.szk.li`)"
|
|
||||||
entrypoints:
|
|
||||||
- websecure
|
|
||||||
# # If the rule matches, applies the middleware
|
|
||||||
middlewares:
|
|
||||||
- authentik_sysmgr
|
|
||||||
# - test-user
|
|
||||||
# If the rule matches, forward to the whoami service (declared below)
|
|
||||||
service: kasm-main
|
|
||||||
tls:
|
|
||||||
certresolver: myresolver
|
|
||||||
|
|
||||||
# Define a connection between requests and services
|
|
||||||
"to-kasm-setup":
|
|
||||||
rule: "Host(`ksetup.szk.li`)"
|
|
||||||
entrypoints:
|
|
||||||
- websecure
|
|
||||||
# # If the rule matches, applies the middleware
|
|
||||||
middlewares:
|
|
||||||
- authentik_sysmgr
|
|
||||||
# - test-user
|
|
||||||
# If the rule matches, forward to the whoami service (declared below)
|
|
||||||
service: kasm-setup
|
|
||||||
tls:
|
|
||||||
certresolver: myresolver
|
|
||||||
|
|
||||||
|
|
||||||
services:
|
|
||||||
# Define how to reach an existing service on our infrastructure
|
|
||||||
kasm-main:
|
|
||||||
loadBalancer:
|
|
||||||
servers:
|
|
||||||
- url: "https://kasm-workspaces:8744"
|
|
||||||
kasm-setup:
|
|
||||||
loadBalancer:
|
|
||||||
servers:
|
|
||||||
- url: "https://kasm-workspaces:8743"
|
|
|
@ -1,29 +0,0 @@
|
||||||
# http routing section
|
|
||||||
http:
|
|
||||||
routers:
|
|
||||||
to-kateryna:
|
|
||||||
rule: "Host(`kateryna.szk.li`)
|
|
||||||
|| Host(`kateryna.lksz.me`)
|
|
||||||
|| Host(`m.lksz.me`)
|
|
||||||
|| Host(`auth.lksz.me`)
|
|
||||||
|| Host(`sync.lksz.me`)
|
|
||||||
|| Host(`radarr.lksz.me`)
|
|
||||||
|| Host(`sonarr.lksz.me`)
|
|
||||||
|| Host(`prowlarr.lksz.me`)
|
|
||||||
|| Host(`req.lksz.me`)
|
|
||||||
|| Host(`jd.lksz.me`)
|
|
||||||
|| Host(`nzb.lksz.me`)
|
|
||||||
|| Host(`stats.player.lksz.me`)
|
|
||||||
"
|
|
||||||
entrypoints:
|
|
||||||
- websecure
|
|
||||||
service: kateryna-traefik
|
|
||||||
tls:
|
|
||||||
certresolver: myresolver
|
|
||||||
|
|
||||||
services:
|
|
||||||
# Define how to reach an existing service on our infrastructure
|
|
||||||
kateryna-traefik:
|
|
||||||
loadBalancer:
|
|
||||||
servers:
|
|
||||||
- url: https://kateryna.lksz.me
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
http:
|
||||||
|
serversTransports:
|
||||||
|
insecuretransport:
|
||||||
|
insecureSkipVerify: true
|
|
@ -0,0 +1,8 @@
|
||||||
|
# Accepts request from defined IP
|
||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
lan-only:
|
||||||
|
ipWhiteList:
|
||||||
|
sourceRange:
|
||||||
|
- "127.0.0.1/32"
|
||||||
|
- "192.168.0.0/16"
|
|
@ -1,8 +1,4 @@
|
||||||
http:
|
http:
|
||||||
serversTransports:
|
|
||||||
insecuretransport:
|
|
||||||
insecureSkipVerify: true
|
|
||||||
|
|
||||||
middlewares:
|
middlewares:
|
||||||
secureHeaders:
|
secureHeaders:
|
||||||
headers:
|
headers:
|
||||||
|
@ -18,14 +14,3 @@ http:
|
||||||
permissionsPolicy: "camera=(), microphone=(), geolocation=()"
|
permissionsPolicy: "camera=(), microphone=(), geolocation=()"
|
||||||
customResponseHeaders:
|
customResponseHeaders:
|
||||||
X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
|
X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
|
||||||
|
|
||||||
tls:
|
|
||||||
stores:
|
|
||||||
default:
|
|
||||||
defaultCertificate:
|
|
||||||
certFile: /etc/traefik/tls/cert.pem
|
|
||||||
keyFile: /etc/traefik/tls/key.pem
|
|
||||||
certificates:
|
|
||||||
- certFile: /etc/traefik/tls/cert.pem
|
|
||||||
keyFile: /etc/traefik/tls/key.pem
|
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
tls:
|
||||||
|
stores:
|
||||||
|
default:
|
||||||
|
defaultCertificate:
|
||||||
|
certFile: /etc/traefik/tls/cert.pem
|
||||||
|
keyFile: /etc/traefik/tls/key.pem
|
||||||
|
certificates:
|
||||||
|
- certFile: /etc/traefik/tls/cert.pem
|
||||||
|
keyFile: /etc/traefik/tls/key.pem
|
|
@ -4,7 +4,7 @@ api:
|
||||||
|
|
||||||
providers:
|
providers:
|
||||||
docker:
|
docker:
|
||||||
endpoint: 'unix:///var/run/docker.sock'
|
endpoint: "unix:///var/run/docker.sock"
|
||||||
watch: true
|
watch: true
|
||||||
exposedByDefault: false
|
exposedByDefault: false
|
||||||
file:
|
file:
|
||||||
|
@ -31,12 +31,18 @@ entryPoints:
|
||||||
- "172.16.0.0/12"
|
- "172.16.0.0/12"
|
||||||
|
|
||||||
certificatesResolvers:
|
certificatesResolvers:
|
||||||
httpresolver:
|
myresolver:
|
||||||
acme:
|
acme:
|
||||||
# email: acme@thisprops.com
|
email: acme@thisprops.com
|
||||||
storage: /shared/acme.json
|
storage: /shared/acme.json
|
||||||
httpChallenge:
|
# httpChallenge:
|
||||||
entryPoint: web
|
# entryPoint: web
|
||||||
|
#logging: true
|
||||||
|
dnsChallenge:
|
||||||
|
provider: cloudflare
|
||||||
|
resolvers:
|
||||||
|
- 1.1.1.1:53 # - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers[0]=1.1.1.1:53
|
||||||
|
- 8.8.8.8:53 # - --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers[1]=8.8.8.8:53
|
||||||
|
|
||||||
log:
|
log:
|
||||||
level: ERROR
|
level: INFO
|
|
@ -4,16 +4,35 @@ services:
|
||||||
- 8080:8080
|
- 8080:8080
|
||||||
command:
|
command:
|
||||||
- '--providers.docker'
|
- '--providers.docker'
|
||||||
- '--providers.file.directory=/srv/runtipi/user-config/_traefik.dynamic'
|
- '--providers.file.directory=/etc/traefik/dynamic'
|
||||||
- '--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}'
|
- '--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}'
|
||||||
- '--certificatesresolvers.myresolver.acme.storage=/shared/acme.json'
|
- '--certificatesresolvers.myresolver.acme.storage=/shared/acme.json'
|
||||||
- '--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare'
|
- '--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare'
|
||||||
|
- "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53"
|
||||||
|
- '--log.level=INFO'
|
||||||
environment:
|
environment:
|
||||||
CF_API_EMAIL: "${ACME_EMAIL}"
|
CF_API_EMAIL: "${ACME_EMAIL:?}"
|
||||||
CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN}"
|
CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN:?}"
|
||||||
networks:
|
networks:
|
||||||
- tipi_main_network
|
- tipi_main_network
|
||||||
- tipi_internal_network
|
- tipi_internal_network
|
||||||
|
volumes:
|
||||||
|
- type: bind
|
||||||
|
source: ./traefik/shared
|
||||||
|
target: /shared
|
||||||
|
read_only: false
|
||||||
|
- type: bind
|
||||||
|
source: ./traefik
|
||||||
|
target: /etc/traefik
|
||||||
|
read_only: false
|
||||||
|
- type: bind
|
||||||
|
source: ./user-config/_traefik/dynamic/
|
||||||
|
target: /etc/traefik/dynamic/
|
||||||
|
read_only: true
|
||||||
|
- type: bind
|
||||||
|
source: ./user-config/_traefik/traefik.yml
|
||||||
|
target: /etc/traefik/traefik.yml
|
||||||
|
read_only: true
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
tipi_internal_network:
|
tipi_internal_network:
|
||||||
|
|
Loading…
Reference in New Issue