Compare commits
2 Commits
8243addc8d
...
dbfb7cbcea
Author | SHA1 | Date | |
---|---|---|---|
dbfb7cbcea | |||
84eeb3b3d9 |
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
passphrase
|
@ -1,86 +1,85 @@
|
|||||||
version: "3.3"
|
---
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
|
||||||
traefik:
|
traefik:
|
||||||
image: "traefik:latest"
|
image: traefik:latest
|
||||||
container_name: "traefik"
|
|
||||||
command:
|
|
||||||
# - "--log.level=DEBUG" # disable in prod
|
|
||||||
- "--api.insecure=true" # disable in prod
|
|
||||||
- "--providers.docker=true"
|
|
||||||
- "--providers.docker.exposedbydefault=false"
|
|
||||||
- "--providers.file.directory=/etc/traefik/dynamic_conf.d"
|
|
||||||
- "--entryPoints.https.address=:443"
|
|
||||||
- "--entryPoints.http.address=:80"
|
|
||||||
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/letsencrypt/acme.json"
|
|
||||||
- "--certificatesresolvers.letsencrypt.acme.email=infra@clps.ch"
|
|
||||||
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
|
|
||||||
volumes:
|
|
||||||
- "/home/cloud/traefik/dynamic_conf.d:/etc/traefik/dynamic_conf.d/"
|
|
||||||
- "/home/cloud/traefik/letsencrypt/acme.json:/etc/traefik/letsencrypt/acme.json"
|
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
container_name: traefik
|
||||||
|
command:
|
||||||
|
- --api.insecure=true # disable in prod
|
||||||
|
- --certificatesresolvers.letsencrypt.acme.email=infra@clps.ch
|
||||||
|
- --certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json
|
||||||
|
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
|
||||||
|
- --entrypoints.http.address=:80
|
||||||
|
- --entrypoints.http.http.redirections.entrypoint.to=https
|
||||||
|
- --entrypoints.https.address=:443
|
||||||
|
- --log.level=info
|
||||||
|
- --providers.docker.exposedbydefault=true
|
||||||
|
- --providers.docker=true
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
- "443:443"
|
- "443:443"
|
||||||
- "8069:8080"
|
- "8069:8080"
|
||||||
|
volumes:
|
||||||
|
- ./traefik/acme.json:/etc/traefik/acme.json
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
|
||||||
grafana:
|
grafana:
|
||||||
image: "grafana/grafana:latest"
|
image: grafana/grafana:latest
|
||||||
container_name: "grafana"
|
|
||||||
labels:
|
|
||||||
- "traefik.enable=true"
|
|
||||||
- "traefik.http.routers.grafana.rule=Host(`grafana.clps.ch`)"
|
|
||||||
- "traefik.http.routers.grafana.entrypoints=https"
|
|
||||||
- "traefik.http.routers.grafana.tls.certresolver=letsencrypt"
|
|
||||||
- "traefik.http.routers.grafana.tls=true"
|
|
||||||
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
|
||||||
depends_on:
|
|
||||||
- traefik
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
container_name: grafana
|
||||||
environment:
|
environment:
|
||||||
- GF_SECURITY_ADMIN_USER=admin
|
- GF_SECURITY_ADMIN_USER=admin
|
||||||
- GF_SECURITY_ADMIN_PASSWORD=grafana
|
- GF_SECURITY_ADMIN_PASSWORD=grafana
|
||||||
|
#labels:
|
||||||
|
# - traefik.enable=true
|
||||||
|
# - traefik.http.routers.grafana.entrypoints=https
|
||||||
|
# - traefik.http.routers.grafana.rule=Host(`grafana.clps.ch`)
|
||||||
|
# - traefik.http.routers.grafana.tls.certresolver=letsencrypt
|
||||||
|
# - traefik.http.services.grafana.loadbalancer.server.port=3000
|
||||||
volumes:
|
volumes:
|
||||||
- ./grafana:/etc/grafana/provisioning/datasources
|
- ./grafana/:/etc/grafana/provisioning/datasources/
|
||||||
|
|
||||||
prometheus:
|
prometheus:
|
||||||
image: "prom/prometheus:latest"
|
image: prom/prometheus:latest
|
||||||
container_name: "prometheus"
|
|
||||||
command:
|
|
||||||
- '--config.file=/etc/prometheus/prometheus.yml'
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
container_name: prometheus
|
||||||
|
command:
|
||||||
|
- --config.file=/etc/prometheus/prometheus.yml
|
||||||
|
#labels:
|
||||||
|
# - traefik.enable=true
|
||||||
|
# - traefik.http.routers.prometheus.entrypoints=https
|
||||||
|
# - traefik.http.routers.prometheus.rule=Host(`prom.clps.ch`)
|
||||||
|
# - traefik.http.routers.prometheus.tls.certresolver=letsencrypt
|
||||||
|
# - traefik.http.services.prometheus.loadbalancer.server.port=9090
|
||||||
volumes:
|
volumes:
|
||||||
- ./prometheus:/etc/prometheus
|
- ./prometheus/:/etc/prometheus/:ro
|
||||||
- prom_data:/prometheus
|
- prom_data:/prometheus/
|
||||||
#labels: # We might want to reserve this interface to a closed network
|
|
||||||
# - "traefik.enable=true"
|
|
||||||
# - "traefik.http.routers.prometheus.rule=Host(`prom.clps.ch`)"
|
|
||||||
# - "traefik.http.routers.prometheus.entrypoints=https"
|
|
||||||
# - "traefik.http.routers.prometheus.tls.certresolver=letsencrypt"
|
|
||||||
# - "traefik.http.routers.prometheus.tls=true"
|
|
||||||
# - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
|
|
||||||
depends_on:
|
|
||||||
- traefik
|
|
||||||
|
|
||||||
nextcloud:
|
nextcloud:
|
||||||
image: "nextcloud/all-in-one:latest"
|
image: nextcloud/all-in-one:latest
|
||||||
container_name: "nextcloud-aio-mastercontainer"
|
restart: unless-stopped
|
||||||
|
container_name: nextcloud-aio-mastercontainer
|
||||||
init: true
|
init: true
|
||||||
environment:
|
environment:
|
||||||
- "APACHE_PORT=11000"
|
- APACHE_PORT=11000
|
||||||
- "APACHE_IP_BINDING=0.0.0.0"
|
# - SKIP_DOMAIN_VALIDATION=true
|
||||||
|
|
||||||
|
labels:
|
||||||
|
- traefik.enable=true
|
||||||
|
- traefik.http.middlewares.nextcloud_headers.headers.hostsProxyHeaders=X-Forwarded-Host
|
||||||
|
- traefik.http.middlewares.nextcloud_headers.headers.referrerPolicy=same-origin
|
||||||
|
- traefik.http.routers.nextcloud.middlewares=nextcloud_headers
|
||||||
|
- traefik.http.routers.nextcloud.rule=Host(`cloud.clps.ch`)
|
||||||
|
- traefik.http.routers.nextcloud.entrypoints=https
|
||||||
|
- traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
|
||||||
|
- traefik.http.services.nextcloud.loadbalancer.server.port=11000
|
||||||
ports:
|
ports:
|
||||||
- "8080:8080" # disable in prod
|
- "8080:8080" # disable in prod
|
||||||
- "8443:8443" # disable in prod
|
|
||||||
volumes:
|
volumes:
|
||||||
- "nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
|
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
|
||||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
depends_on:
|
|
||||||
- traefik
|
|
||||||
restart: unless-stopped
|
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
nextcloud_aio_mastercontainer:
|
nextcloud_aio_mastercontainer:
|
||||||
|
name: nextcloud_aio_mastercontainer
|
||||||
prom_data:
|
prom_data:
|
||||||
|
1
traefik/.gitignore
vendored
Normal file
1
traefik/.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
acme.json
|
@ -1,35 +0,0 @@
|
|||||||
http:
|
|
||||||
routers:
|
|
||||||
nextcloud:
|
|
||||||
rule: "Host(`cloud.clps.ch`)"
|
|
||||||
entrypoints:
|
|
||||||
- "https"
|
|
||||||
service: nextcloud
|
|
||||||
middlewares:
|
|
||||||
- nextcloud-chain
|
|
||||||
tls:
|
|
||||||
certresolver: "letsencrypt"
|
|
||||||
|
|
||||||
services:
|
|
||||||
nextcloud:
|
|
||||||
loadBalancer:
|
|
||||||
servers:
|
|
||||||
- url: "http://nextcloud-aio-mastercontainer:11000" # Use the host's IP address if Traefik runs outside the host network
|
|
||||||
|
|
||||||
middlewares:
|
|
||||||
nextcloud-secure-headers:
|
|
||||||
headers:
|
|
||||||
hostsProxyHeaders:
|
|
||||||
- "X-Forwarded-Host"
|
|
||||||
referrerPolicy: "same-origin"
|
|
||||||
|
|
||||||
https-redirect:
|
|
||||||
redirectscheme:
|
|
||||||
scheme: https
|
|
||||||
|
|
||||||
nextcloud-chain:
|
|
||||||
chain:
|
|
||||||
middlewares:
|
|
||||||
# - ... (e.g. rate limiting middleware)
|
|
||||||
- https-redirect
|
|
||||||
- nextcloud-secure-headers
|
|
@ -1,26 +0,0 @@
|
|||||||
# STATIC CONFIGURATION
|
|
||||||
|
|
||||||
entryPoints:
|
|
||||||
https:
|
|
||||||
address: ":443" # Create an entrypoint called "https" that uses port 443
|
|
||||||
# If you want to enable HTTP/3 support, uncomment the line below
|
|
||||||
# http3: {}
|
|
||||||
web:
|
|
||||||
address: ":80"
|
|
||||||
|
|
||||||
certificatesResolvers:
|
|
||||||
# Define "letsencrypt" certificate resolver
|
|
||||||
letsencrypt:
|
|
||||||
acme:
|
|
||||||
storage: /letsencrypt/acme.json # Defines the path where certificates should be stored
|
|
||||||
email: "infra@clps.ch" #Where LE sends notification about certificates expiring
|
|
||||||
tlschallenge: true
|
|
||||||
|
|
||||||
providers:
|
|
||||||
file:
|
|
||||||
directory: "/etc/traefik/dynamic_conf.d" # Adjust the path according your needs.
|
|
||||||
watch: true
|
|
||||||
|
|
||||||
# Enable HTTP/3 feature by uncommenting the lines below. Don't forget to route 443 UDP to Traefik (Firewall\NAT\Traefik Container)
|
|
||||||
# experimental:
|
|
||||||
# http3: true
|
|
Loading…
Reference in New Issue
Block a user