colin/nas-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move traefik to new format

Browse Source
This commit is contained in:
Colin Hebert
2023-01-20 17:21:01 +01:00
parent 54535ebeba
commit 55230c7b2d
14 changed files with 9 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
traefik/configs/dynamic/authelia.yml Normal file
View File

@@ -0,0 +1,20 @@
http:
middlewares:
authelia:
forwardAuth:
address: 'http://authelia:9091/api/verify?rd=https%3A%2F%2Fauthelia.{{ env `NASCOMPOSE_TRAEFIK_DOMAINS` | splitList `,` | first }}%2F'
trustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email
authelia-basic:
forwardAuth:
address: http://authelia:9091/api/verify?auth=basic
trustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email

9
traefik/configs/dynamic/hsts.yml Normal file
View File

@@ -0,0 +1,9 @@
http:
middlewares:
hsts:
headers:
frameDeny: true
browserXssFilter: true
stsSeconds: 31536000 # 1 year
stsPreload: true
stsIncludeSubdomains: true

10
traefik/configs/dynamic/portainer.yml Normal file
View File

@@ -0,0 +1,10 @@
http:
routers:
portainer:
rule: '{{ $s := "portainer" }}{{ range $i, $d := splitList "," (env `NASCOMPOSE_TRAEFIK_DOMAINS`) }}{{ if $i }} || {{end}}Host(`{{ $s }}.{{ $d }}`){{ end }}'
service: portainer@file
services:
portainer:
loadBalancer:
servers:
- url: https://{{ env `NASCOMPOSE_MACVLAN_PORTAINER_IP` }}:9443/

10
traefik/configs/dynamic/synology.yml Normal file
View File

@@ -0,0 +1,10 @@
http:
routers:
synology:
rule: '{{ $s := "synology" }}{{ range $i, $d := splitList "," (env `NASCOMPOSE_TRAEFIK_DOMAINS`) }}{{ if $i }} || {{end}}Host(`{{ $s }}.{{ $d }}`){{ end }}'
service: synology@file
services:
synology:
loadBalancer:
servers:
- url: https://{{ env `NASCOMPOSE_MACVLAN_SYNOLOGY_IP` }}:5001/

6
traefik/configs/dynamic/tls.yml Normal file
View File

@@ -0,0 +1,6 @@
tls:
stores:
default:
defaultCertificate:
certFile: /run/secrets/traefik_tls_cert
keyFile: /run/secrets/traefik_tls_key

10
traefik/configs/dynamic/traefik.yml Normal file
View File

@@ -0,0 +1,10 @@
http:
routers:
traefik-internal:
rule: Host(`traefik`)
service: api@internal
traefik:
rule: '{{ $s := "traefik" }}{{ range $i, $d := splitList "," (env `NASCOMPOSE_TRAEFIK_DOMAINS`) }}{{ if $i }} || {{end}}Host(`{{ $s }}.{{ $d }}`){{ end }}'
service: api@internal
middlewares:
- authelia@file

7
traefik/configs/dynamic/transmission-api.yml Normal file
View File

@@ -0,0 +1,7 @@
http:
routers:
transmission-api:
rule: '{{ $s := "transmission-api" }}{{ range $i, $d := splitList "," (env `NASCOMPOSE_TRAEFIK_DOMAINS`) }}{{ if $i }} || {{end}}Host(`{{ $s }}.{{ $d }}`){{ end }}'
service: transmission@docker
middlewares:
- authelia-basic@file

32
traefik/configs/traefik.yml Normal file
View File

@@ -0,0 +1,32 @@
providers:
docker:
endpoint: tcp://docker:2375
exposedByDefault: false
network: traefik
defaultRule: '{{ $s := index .Labels "com.docker.compose.service" }}{{ range $i, $d := splitList "," (env `NASCOMPOSE_TRAEFIK_DOMAINS`) }}{{ if $i }} || {{end}}Host(`{{ $s }}.{{ $d }}`){{ end }}'
file:
directory: /etc/traefik/dynamic/
serverstransport:
insecureskipverify: true
api: {}
accessLog: {}
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
http:
tls: {}
middlewares:
- hsts@file
global:
sendAnonymousUsage: false

0
traefik/secrets/.gitkeep Normal file
View File

5
traefik/traefik.docker-compose.local.yml Normal file
View File

@@ -0,0 +1,5 @@
services:
traefik:
ports:
- 80:80
- 443:443

23
traefik/traefik.docker-compose.macvlan.yml Normal file
View File

@@ -0,0 +1,23 @@
services:
traefik:
environment:
NASCOMPOSE_MACVLAN_SYNOLOGY_IP: ${NASCOMPOSE_MACVLAN_HOST_IP?}
NASCOMPOSE_MACVLAN_PORTAINER_IP: ${NASCOMPOSE_MACVLAN_PORTAINER_IP?}
networks:
macvlan:
ipv4_address: ${NASCOMPOSE_MACVLAN_TRAEFIK_IP?}
configs:
- source: traefik_synology
target: /etc/traefik/dynamic/synology.yml
- source: traefik_portainer
target: /etc/traefik/dynamic/portainer.yml
networks:
macvlan:
external: true
configs:
traefik_synology:
file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/synology.yml
traefik_portainer:
file: ${NASCOMPOSE_SERVICES?}/configs/traefik/dynamic/portainer.yml

58
traefik/traefik.docker-compose.yml Normal file
View File

@@ -0,0 +1,58 @@
name: Traefik
services:
traefik:
image: traefik
environment:
NASCOMPOSE_TRAEFIK_DOMAINS: ${NASCOMPOSE_TRAEFIK_DOMAINS?}
networks:
- traefik
- docker
configs:
- source: traefik_static
target: /etc/traefik/traefik.yml
- source: traefik_dynamic
target: /etc/traefik/dynamic/traefik.yml
- source: traefik_tls
target: /etc/traefik/dynamic/tls.yml
- source: traefik_hsts
target: /etc/traefik/dynamic/hsts.yml
- source: traefik_authelia
target: /etc/traefik/dynamic/authelia.yml
- source: traefik_transmission-api
target: /etc/traefik/dynamic/transmission-api.yml
secrets:
- traefik_tls_cert
- traefik_tls_key
restart: unless-stopped
labels:
traefik.enable: true
traefik.http.routers.traefik.service: api@internal
networks:
docker:
external: true
traefik:
name: traefik
configs:
traefik_static:
file: ${NASCOMPOSE_SERVICES?}/traefik/configs/traefik.yml
traefik_dynamic:
file: ${NASCOMPOSE_SERVICES?}/traefik/configs/dynamic/traefik.yml
traefik_tls:
file: ${NASCOMPOSE_SERVICES?}/traefik/configs/dynamic/tls.yml
traefik_hsts:
file: ${NASCOMPOSE_SERVICES?}/traefik/configs/dynamic/hsts.yml
traefik_authelia:
file: ${NASCOMPOSE_SERVICES?}/traefik/configs/dynamic/authelia.yml
traefik_transmission-api:
file: ${NASCOMPOSE_SERVICES?}/traefik/configs/dynamic/transmission-api.yml
secrets:
traefik_tls_cert:
file: ${NASCOMPOSE_SERVICES?}/traefik/secrets/traefik.cert
traefik_tls_key:
file: ${NASCOMPOSE_SERVICES?}/traefik/secrets/traefik.key