Last active
May 8, 2022 14:38
-
-
Save crazygit/3cc2ca496050e3005884218fee7f14b5 to your computer and use it in GitHub Desktop.
Revisions
-
crazygit revised this gist
May 8, 2022 . 2 changed files with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,6 +10,8 @@ services: - "--providers.docker" # Do not expose all Docker services, only the ones explicitly exposed - "--providers.docker.exposedbydefault=false" # Set default Docker network used - "--providers.docker.network=traefik-public" # Enable Docker Swarm mode - "--providers.docker.swarmmode" # Create an entrypoint "http" listening on port 80 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,6 +10,8 @@ services: - "--providers.docker" # Do not expose all Docker services, only the ones explicitly exposed - "--providers.docker.exposedbydefault=false" # Set default Docker network used - "--providers.docker.network=traefik-public" # Enable Docker Swarm mode - "--providers.docker.swarmmode" # Create an entrypoint "http" listening on port 80 -
May 7, 2022 . 2 changed files with 84 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,3 +1,4 @@ # bare secure mode: no https, no basic auth version: '3.8' services: This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,83 @@ # secure mode with https and basic auth version: '3.8' services: reverse_proxy: image: traefik:v2.6 command: # - "--log.level=DEBUG" # Enable Docker in Traefik, so that it reads labels from Docker services - "--providers.docker" # Do not expose all Docker services, only the ones explicitly exposed - "--providers.docker.exposedbydefault=false" # Enable Docker Swarm mode - "--providers.docker.swarmmode" # Create an entrypoint "http" listening on port 80 - "--entrypoints.web.address=:80" # Create an entrypoint "https" listening on port 443 - "--entrypoints.websecure.address=:443" # Enable the access log, with HTTP requests # - "--accesslog" # Enable the Traefik log, for configurations and errors - "--log" # Enable the Dashboard and API - "--api.dashboard=true" # Use the Http Challenge for Let's Encrypt - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true" # Use the HTTP Challenge - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web" # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL - "--certificatesresolvers.letsencryptresolver.acme.email=your_email@example.com" # Store the Let's Encrypt certificates in the mounted volume - "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json" # If you uncommented the acme.caserver line, you will get an SSL error, but if you display the certificate and see it was emitted by Fake LE Intermediate X1 then it means all is good. (It is the staging environment intermediate certificate used by let's encrypt). You can now safely comment the acme.caserver line, remove the letsencrypt/acme.json file and restart Traefik to issue a valid certificate. - "--certificatesresolvers.letsencryptresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" ports: - "80:80" - "443:443" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock - certificates:/letsencrypt # Since the Swarm API is only exposed on the manager nodes, these are the nodes that Traefik should be scheduled on by deploying Traefik with a constraint on the node "role": deploy: placement: constraints: - node.role == manager labels: # Enable Traefik for this service, to make it available in the public network - "traefik.enable=true" # Use the traefik-public network - "traefik.docker.network=traefik-public" # http - "traefik.http.routers.dashboardhttp.rule=Host(`traefik.example.com`)" - "traefik.http.routers.dashboardhttp.entrypoints=web" - "traefik.http.routers.dashboardhttp.service=api@internal" # https - "traefik.http.routers.dashboardhttps.rule=Host(`traefik.example.com`)" - "traefik.http.routers.dashboardhttps.entrypoints=websecure" - "traefik.http.routers.dashboardhttps.service=api@internal" - "traefik.http.routers.dashboardhttps.tls.certresolver=letsencryptresolver" # Dummy service for Swarm port detection. The port can be any valid integer value. - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999" # dashboard-auth middleware with HTTP Basic auth - "traefik.http.middlewares.auth.basicauth.users=your_username:$$apr1$$MjQrynku$$iSdz67CS8wZvCaqm7qYBC/" - "traefik.http.routers.dashboardhttp.middlewares=auth" - "traefik.http.routers.dashboardhttps.middlewares=auth" networks: # Use the public network created to be shared between Traefik and # any other service that needs to be publicly available with HTTPS - traefik-public volumes: # Create a volume to store the certificates, there is a constraint to make sure # Traefik is always deployed to the same Docker node with the same volume containing # the HTTPS certificates certificates: networks: # services that need to be publicly available via this Traefik traefik-public: external: true -
May 7, 2022 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
May 7, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,7 +4,7 @@ services: reverse_proxy: image: traefik:v2.6 command: # - "--log.level=DEBUG" # Enable Docker in Traefik, so that it reads labels from Docker services - "--providers.docker" # Do not expose all Docker services, only the ones explicitly exposed -
May 7, 2022 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -35,7 +35,7 @@ services: labels: # Enable Traefik for this service, to make it available in the public network - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" - "traefik.http.routers.dashboard.entrypoints=web" - "traefik.http.routers.dashboard.service=api@internal" # Dummy service for Swarm port detection. The port can be any valid integer value. -
May 7, 2022 . 1 changed file with 9 additions and 18 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,29 +6,27 @@ services: command: - "--log.level=DEBUG" # Enable Docker in Traefik, so that it reads labels from Docker services - "--providers.docker" # Do not expose all Docker services, only the ones explicitly exposed - "--providers.docker.exposedbydefault=false" # Enable Docker Swarm mode - "--providers.docker.swarmmode" # Create an entrypoint "http" listening on port 80 - "--entrypoints.web.address=:80" # Create an entrypoint "https" listening on port 443 - "--entrypoints.websecure.address=:443" # Enable the access log, with HTTP requests - "--accesslog" # Enable the Traefik log, for configurations and errors - "--log" # Enable the Dashboard and API - "--api.dashboard=true" ports: - "80:80" - "443:443" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock # Since the Swarm API is only exposed on the manager nodes, these are the nodes that Traefik should be scheduled on by deploying Traefik with a constraint on the node "role": deploy: placement: @@ -37,7 +35,7 @@ services: labels: # Enable Traefik for this service, to make it available in the public network - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`traefik.web3door.xyz`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" - "traefik.http.routers.dashboard.entrypoints=web" - "traefik.http.routers.dashboard.service=api@internal" # Dummy service for Swarm port detection. The port can be any valid integer value. @@ -48,13 +46,6 @@ services: - traefik-public networks: # services that need to be publicly available via this Traefik traefik-public: -
May 7, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,62 @@ version: '3.8' services: reverse_proxy: image: traefik:v2.6 command: - "--log.level=DEBUG" # Enable Docker in Traefik, so that it reads labels from Docker services - --providers.docker # Do not expose all Docker services, only the ones explicitly exposed - --providers.docker.exposedbydefault=false # Enable Docker Swarm mode - --providers.docker.swarmmode # Create an entrypoint "http" listening on port 80 - --entrypoints.web.address=:80 # Create an entrypoint "https" listening on port 443 - --entrypoints.websecure.address=:443 # Enable the access log, with HTTP requests - --accesslog # Enable the Traefik log, for configurations and errors - --log # Enable the Dashboard and API - --api.dashboard=true ports: # The HTTP port - "80:80" - "443:443" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock - traefik-certificates:/letsencrypt # Since the Swarm API is only exposed on the manager nodes, these are the nodes that Traefik should be scheduled on by deploying Traefik with a constraint on the node "role": deploy: placement: constraints: - node.role == manager labels: # Enable Traefik for this service, to make it available in the public network - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`traefik.web3door.xyz`)" - "traefik.http.routers.dashboard.entrypoints=web" - "traefik.http.routers.dashboard.service=api@internal" # Dummy service for Swarm port detection. The port can be any valid integer value. - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999" networks: # Use the public network created to be shared between Traefik and # any other service that needs to be publicly available with HTTPS - traefik-public volumes: # Create a volume to store the certificates, there is a constraint to make sure # Traefik is always deployed to the same Docker node with the same volume containing # the HTTPS certificates traefik-certificates: networks: # services that need to be publicly available via this Traefik traefik-public: external: true