updated for infra
This commit is contained in:
Arseni
47
infra/traefik/config.yml
Normal file
47
infra/traefik/config.yml
Normal file
@@ -0,0 +1,47 @@
|
||||
log:
|
||||
level: INFO
|
||||
format: json
|
||||
|
||||
accessLog: {}
|
||||
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: websecure
|
||||
scheme: https
|
||||
websecure:
|
||||
address: ":443"
|
||||
http3: {}
|
||||
http:
|
||||
encodedCharacters:
|
||||
allowEncodedSlash: true
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: false
|
||||
network: cicd
|
||||
watch: true
|
||||
constraints:
|
||||
swarm:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: false
|
||||
network: cicd
|
||||
watch: true
|
||||
file:
|
||||
filename: /etc/traefik/dynamic.yml
|
||||
watch: true
|
||||
|
||||
certificatesResolvers:
|
||||
letsencrypt:
|
||||
acme:
|
||||
email: si@sendico.io
|
||||
storage: /sendico.json
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
|
||||
api:
|
||||
dashboard: true
|
||||
43
infra/traefik/docker-compose.yml
Normal file
43
infra/traefik/docker-compose.yml
Normal file
@@ -0,0 +1,43 @@
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:latest
|
||||
command:
|
||||
- "--configFile=/etc/traefik/traefik.yml"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
networks:
|
||||
- cicd
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./config.yml:/etc/traefik/traefik.yml:ro
|
||||
- ./dynamic.yml:/etc/traefik/dynamic.yml:ro
|
||||
- ./sendico.json:/sendico.json
|
||||
- traefik_letsencrypt:/letsencrypt
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=cicd"
|
||||
- "traefik.http.routers.traefik.rule=Host(`traefik.sendico.io`)"
|
||||
- "traefik.http.routers.traefik.entrypoints=websecure"
|
||||
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.routers.traefik.middlewares=secure-headers@file,dashboard-auth@file"
|
||||
|
||||
mail-cert-proxy:
|
||||
image: traefik/whoami
|
||||
networks:
|
||||
- cicd
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.mail-cert.rule=Host(`mail.sendico.io`)"
|
||||
- "traefik.http.routers.mail-cert.entrypoints=websecure"
|
||||
- "traefik.http.routers.mail-cert.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.services.mail-cert.loadbalancer.server.port=80"
|
||||
|
||||
networks:
|
||||
cicd:
|
||||
external: true
|
||||
|
||||
volumes:
|
||||
traefik_letsencrypt:
|
||||
17
infra/traefik/dynamic.yml
Normal file
17
infra/traefik/dynamic.yml
Normal file
@@ -0,0 +1,17 @@
|
||||
http:
|
||||
middlewares:
|
||||
secure-headers:
|
||||
headers:
|
||||
stsSeconds: 63072000
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
frameDeny: true
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
referrerPolicy: "strict-origin-when-cross-origin"
|
||||
|
||||
dashboard-auth:
|
||||
basicAuth:
|
||||
users:
|
||||
- "admin:$2y$05$m22ds4RLIsR9UY3DdZHB8umL4FHXmLvc8ZUE/RrFvNKrDP0GMIyeS"
|
||||
|
||||
Reference in New Issue
Block a user