From 3e24fde1e33380dbdc5f3b375b9533d9c1fee3e3 Mon Sep 17 00:00:00 2001 From: leo <426742@gmail.com> Date: Thu, 8 Aug 2024 05:51:09 +0500 Subject: [PATCH] changes --- README.md | 8 +++++++- certs.yml | 6 ++++++ docker-compose.yml | 31 ++++++++++++++----------------- test.env | 3 +++ 4 files changed, 30 insertions(+), 18 deletions(-) create mode 100644 certs.yml create mode 100644 test.env diff --git a/README.md b/README.md index 3d50c3f..0492f87 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,9 @@ ### Traefik -*docker configuration* \ No newline at end of file +*docker configuration* + + +Start `sudo docker compose -f /data/traefik/docker-compose.yml up -d` + `sudo docker start traefik` + +Stop `sudo docker stop traefik` \ No newline at end of file diff --git a/certs.yml b/certs.yml new file mode 100644 index 0000000..731d1c0 --- /dev/null +++ b/certs.yml @@ -0,0 +1,6 @@ +tls: + stores: + default: + defaultCertificate: + certFile: "/selfsigned/domain.crt" + keyFile: "/selfsigned/device.key" \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 1c9d003..b54991f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,20 +3,17 @@ services: container_name: traefik image: traefik:v3.0.1 restart: always - #networks: - #- proxynet env_file: - - /data/secrets/vars.env + - /data/secrets/${SERVER_DOMAIN}/${SERVER_DOMAIN}.env command: - "--providers.file.filename=/traefik/certs.yml" + - "--providers.docker.network=proxynet" - "--api.insecure=false" - "--api.dashboard=true" - "--providers.docker" - - "--log.level=DEBUG" - - '--log=true' - #- "--log.level=INFO" + - "--log=true" + - "--log.level=${TRAEFIK_LOG_LEVEL}" - "--providers.docker.exposedByDefault=false" - - "--providers.docker.network=proxynet" #Entrypoints: - "--entrypoints.http.address=:80" - "--entrypoints.https.address=:443" @@ -26,12 +23,12 @@ services: #SSL Let's Encrypt: - "--entrypoints.https.http.tls.certResolver=le" - "--certificatesresolvers.le.acme.tlschallenge=true" - - "--certificatesresolvers.le.acme.email=${LE_EMAIL}" - - "--certificatesresolvers.le.acme.storage=/letsencrypt/${DOMAIN}.acme.json" + - "--certificatesresolvers.le.acme.email=${ADMIN_EMAIL}" + - "--certificatesresolvers.le.acme.storage=/letsencrypt/${SERVER_DOMAIN}.acme.json" #Dashboard secure: labels: - "traefik.enable=true" - - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)" + - "traefik.http.routers.dashboard.rule=Host(`traefik.${SERVER_DOMAIN}`)" - "traefik.http.routers.dashboard.entrypoints=https" - "traefik.http.routers.dashboard.tls=true" - "traefik.http.routers.dashboard.service=api@internal" @@ -42,11 +39,11 @@ services: - "443:443" - "5432:5432" volumes: - - /var/run/docker.sock:/var/run/docker.sock - - /data/secrets/letsencrypt:/letsencrypt - - /data/secrets/httpauth:/httpauth - - /data/secrets/selfsigned/${DOMAIN}/certs.yml:/traefik/certs.yml - - /data/secrets/selfsigned:/secrets/selfsigned + - /var/run/docker.sock:/var/run/docker.sock:ro + - /data/secrets/${SERVER_DOMAIN}/letsencrypt:/letsencrypt + - /data/secrets/${SERVER_DOMAIN}/httpauth:/httpauth + - /data/traefik/certs.yml:/traefik/certs.yml + - /data/secrets/${SERVER_DOMAIN}/selfsigned:/selfsigned logging: driver: "json-file" options: @@ -57,9 +54,9 @@ services: image: busybox:1.36.1-glibc command: > - sh -c "touch /letsencrypt/${DOMAIN}.acme.json && + sh -c "touch /letsencrypt/${SERVER_DOMAIN}.acme.json && chmod -Rv 600 /letsencrypt/* && - chown 65532:65532 /letsencrypt/${DOMAIN}.acme.json" + chown 65532:65532 /letsencrypt/${SERVER_DOMAIN}.acme.json" volumes: - /data/secrets/letsencrypt:/letsencrypt diff --git a/test.env b/test.env new file mode 100644 index 0000000..ede831a --- /dev/null +++ b/test.env @@ -0,0 +1,3 @@ +LETSENCRYPT_EMAIL=426742@gmail.com +TRAEFIK_LOG_LEVEL=DEBUG +