-
-
Save mitrofun/1442dc2f86c6b89485a1120f1ee5e22b to your computer and use it in GitHub Desktop.
Revisions
-
BretFisher created this gist
Aug 13, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,24 @@ #!/usr/bin/env bash set -euo pipefail IFS=$'\n\t' DOMAIN_NAME=$1 openssl req \ -newkey rsa:2048 \ -x509 \ -nodes \ -keyout "$DOMAIN_NAME.key" \ -new \ -out "$DOMAIN_NAME.crt" \ -subj "/CN=*.$DOMAIN_NAME" \ -reqexts SAN \ -extensions SAN \ -config <(cat /etc/ssl/openssl.cnf \ <(printf "[SAN]\nsubjectAltName=DNS:*.%s, DNS:%s" "$DOMAIN_NAME" "$DOMAIN_NAME")) \ -sha256 \ -days 3650 cat "$DOMAIN_NAME.crt" "$DOMAIN_NAME.key" \ | tee "$DOMAIN_NAME.pem" This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,33 @@ version: "2.4" services: nginx: image: nginx labels: traefik.enable: true traefik.http.routers.nginx.rule: Host(`nginx.bret.lol`) traefik.http.routers.nginx.entrypoints: websecure traefik.http.routers.nginx.tls: true depends_on: traefik: condition: service_healthy traefik: image: "traefik:v2.2" healthcheck: test: - CMD - traefik - healthcheck interval: 10s timeout: 5s retries: 3 ports: - "80:80" - "443:443" - "8080:8080" volumes: - ./traefik.yaml:/etc/traefik/traefik.yaml - ~/.certs/:/certs/ - /var/run/docker.sock:/var/run/docker.sock This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,56 @@ ## STATIC CONFIG (restart traefik to update) # shows you a log msg if a newer image tag can be used global: checkNewVersion: true # log default is ERROR, but WARN is more helpful log: level: WARN # level: INFO # enable dashboard on 8080 with auth api: insecure: true dashboard: true # enable ping so the `traefik healthcheck` works ping: {} # auto-proxy containers if they have proper labels # and also use this file for dynamic config (tls) providers: docker: exposedByDefault: false watch: true file: fileName: /etc/traefik/traefik.yaml watch: true # listen on 80/443, and redirect all 80 to 443 via 301 entryPoints: web: address: :80 http: redirections: entryPoint: to: websecure scheme: https permanent: true websecure: address: :443 ## DYNAMIC CONFIG tls: certificates: - certFile: /certs/bret.lol.crt keyFile: /certs/bret.lol.key # when testing certs, enable this so traefik doesn't use # it's own self signed. By default if it can't find a matching # cert, it'll just create it's own which will cause cert warnings # in browser # options: # default: # sniStrict: true