From ac67029cea652de77b8783515f217170965c479b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=BB=83=E4=BF=8A=E6=A6=95?= Date: Sun, 5 Feb 2023 16:32:56 +0800 Subject: [PATCH] Add traefik --- .gitignore | 36 ++++++++++++++++++++++++++++ README.md | 5 ++-- traefik/docker-compose.yaml | 28 ++++++++++++++++++++++ traefik/dynamic.yml | 14 +++++++++++ traefik/readme.md | 22 +++++++++++++++++ traefik/traefik.yml | 48 +++++++++++++++++++++++++++++++++++++ 6 files changed, 151 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 traefik/docker-compose.yaml create mode 100644 traefik/dynamic.yml create mode 100644 traefik/readme.md create mode 100644 traefik/traefik.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9735178 --- /dev/null +++ b/.gitignore @@ -0,0 +1,36 @@ +# Created by https://www.toptal.com/developers/gitignore/api/macos +# Edit at https://www.toptal.com/developers/gitignore?templates=macos + +### macOS ### +# General +.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +### macOS Patch ### +# iCloud generated files +*.icloud + +# End of https://www.toptal.com/developers/gitignore/api/macos diff --git a/README.md b/README.md index 9d2e10e..498ad1d 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ -# docker-compose-collection +# Docker-compose-collection + +Each folder store my used service configuration -docker-compose.yaml collection \ No newline at end of file diff --git a/traefik/docker-compose.yaml b/traefik/docker-compose.yaml new file mode 100644 index 0000000..1c9abb1 --- /dev/null +++ b/traefik/docker-compose.yaml @@ -0,0 +1,28 @@ +# Please replace xxx with your configuraiton + +version: "3" +services: + traefik: + image: traefik:latest + container_name: traefik + network_mode: host + restart: unless-stopped + environment: + - CLOUDFLARE_EMAIL=xxx@xxx + - CLOUDFLARE_DNS_API_TOKEN=xxx + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./certs:/letsencrypt + - ./dashboard_authfile:/dashboard_authfile:ro + - ./dynamic.yml:/dynamic.yml + - ./traefik.yml:/traefik.yml:ro + labels: + - "traefik.enable=true" + - 'traefik.http.routers.traefik.rule=Host(`xxx.domain`)' + - "traefik.http.routers.traefik.entrypoints=websecure" + - "traefik.http.routers.traefik.tls.certresolver=letsencrypt" + - "traefik.http.routers.traefik.service=api@internal" + - 'traefik.http.routers.traefik.middlewares=strip,basic-auth-global' + - 'traefik.http.middlewares.strip.stripprefix.prefixes=/traefik' + - "traefik.http.services.traefik.loadbalancer.server.port=443" + - "traefik.http.middlewares.basic-auth-global.basicauth.usersfile=/dashboard_authfile" \ No newline at end of file diff --git a/traefik/dynamic.yml b/traefik/dynamic.yml new file mode 100644 index 0000000..4e8e07e --- /dev/null +++ b/traefik/dynamic.yml @@ -0,0 +1,14 @@ +http: + routers: + nextcloud: + rule: Host(`subservice.xxx.domain`) + service: subservice + entryPoints: ["websecure"] + tls: + certResolver: letsencrypt + + services: + subservice: + loadBalancer: + servers: + - url: http://192.168.xxx.xxx \ No newline at end of file diff --git a/traefik/readme.md b/traefik/readme.md new file mode 100644 index 0000000..017a703 --- /dev/null +++ b/traefik/readme.md @@ -0,0 +1,22 @@ +# Traefik configutaion + +I personally use this Traefik stack to serve my self-hosted service + +* Split the static configuration and dynamic configuration + * Enable experimental https3 + * File provider options in dynamic.yml (Used to customize Non-docker service) +* Enable the Wildcard Lets encrypt with Cloudflare API + * DNS challenge with no port open need + * Widcard options in traefik.yml +* Enable and encrypt the traefik dashboard with authfile + +I disabled the auto proxy to newly added docker container in traefik. Just add the label in each container. + +```yaml +labels: + - "traefik.enable=true" + - "traefik.http.routers.subservice.rule=Host(`subservice.xxx.domain`)" + - "traefik.http.routers.subservice.entrypoints=websecure" + - "traefik.http.routers.subservice.tls.certresolver=letsencrypt" +``` + diff --git a/traefik/traefik.yml b/traefik/traefik.yml new file mode 100644 index 0000000..9082542 --- /dev/null +++ b/traefik/traefik.yml @@ -0,0 +1,48 @@ +## STATIC CONFIGURATION +log: + level: INFO + +api: + insecure: false + dashboard: true + +experimental: + http3: true + +entryPoints: + web: + address: ":80" # Create the HTTP entrypoint on port 80 + http: + redirections: # HTTPS redirection (80 to 443) + entryPoint: + to: "websecure" # The target element + scheme: "https" + # The redirection target scheme + websecure: + address: ":443" + http: + tls: + certResolver: letsencrypt + domains: + - main: '*.xxx.domain' + sans: + - xxx.domain + http3: {} + +global: + checknewversion: false # Periodically check if a new version has been released. + sendanonymoususage: false # Periodically send anonymous usage statistics. + +providers: + docker: + exposedByDefault: false + file: + filename: "/dynamic.yml" + +certificatesResolvers: + letsencrypt: + acme: + email: xxx@xxx + storage: /letsencrypt/acme.json + dnsChallenge: + provider: cloudflare \ No newline at end of file