Traefik fixes&SSH
This commit is contained in:
@@ -1,5 +1,8 @@
|
|||||||
|
DOMAIN_NAME=
|
||||||
|
SUBDOMAIN=
|
||||||
TRAEFIK_USER=
|
TRAEFIK_USER=
|
||||||
SSL_EMAIL=
|
SSL_EMAIL_FILE=/run/secrets/CF_API_EMAIL
|
||||||
CF_API_EMAIL=
|
CF_API_EMAIL_FILE=/run/secrets/CF_API_EMAIL
|
||||||
CF_API_KEY=
|
CF_API_KEY_FILE=/run/secrets/CF_API_KEY
|
||||||
|
SSH_PORT=
|
||||||
TZ=
|
TZ=
|
||||||
@@ -4,11 +4,13 @@ services:
|
|||||||
container_name: ${SUBDOMAIN}
|
container_name: ${SUBDOMAIN}
|
||||||
restart: always
|
restart: always
|
||||||
command:
|
command:
|
||||||
|
# General settings
|
||||||
- "--log.level=DEBUG"
|
- "--log.level=DEBUG"
|
||||||
- "--api.insecure=false"
|
- "--api.insecure=false"
|
||||||
- "--api.dashboard=true"
|
- "--api.dashboard=true"
|
||||||
- "--providers.docker=true"
|
- "--providers.docker=true"
|
||||||
- "--providers.docker.exposedbydefault=false"
|
- "--providers.docker.exposedbydefault=false"
|
||||||
|
# EntryPoints configuration
|
||||||
- "--entrypoints.web.address=:80"
|
- "--entrypoints.web.address=:80"
|
||||||
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
|
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
|
||||||
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
|
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
|
||||||
@@ -18,41 +20,55 @@ services:
|
|||||||
- "--entrypoints.websecure.http.tls.certresolver=cloudflare"
|
- "--entrypoints.websecure.http.tls.certresolver=cloudflare"
|
||||||
- "--entrypoints.websecure.http.tls.domains[0].main=${DOMAIN_NAME}"
|
- "--entrypoints.websecure.http.tls.domains[0].main=${DOMAIN_NAME}"
|
||||||
- "--entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN_NAME}"
|
- "--entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN_NAME}"
|
||||||
|
- "--entrypoints.ssh.address=:${SSH_PORT}"
|
||||||
|
# Cloudflare IPs trusted for forwarded headers
|
||||||
- "--entryPoints.web.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
|
- "--entryPoints.web.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
|
||||||
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
|
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22"
|
||||||
- "--certificatesresolvers.cloudflare.acme.dnschallenge=true"
|
- "--certificatesresolvers.cloudflare.acme.dnschallenge=true"
|
||||||
- "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
|
- "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
|
||||||
- "--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL}"
|
- "--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL_FILE}"
|
||||||
- "--certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json"
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.traefik_dashboard.rule=Host(`traefik.jojops.com`)
|
- traefik.http.routers.traefik_dashboard.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
|
||||||
# - traefik.http.routers.traefik_dashboard.rule=Host(`traefik.jojops.com`) && PathPrefix(`/outpost.goauthentik.io/`)
|
# - traefik.http.routers.traefik_dashboard.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`) && PathPrefix(`/outpost.goauthentik.io/`)
|
||||||
- traefik.http.routers.traefik_dashboard.entrypoints=websecure
|
- traefik.http.routers.traefik_dashboard.entrypoints=websecure
|
||||||
- traefik.http.routers.traefik_dashboard.service=api@internal
|
- traefik.http.routers.traefik_dashboard.service=api@internal
|
||||||
- traefik.http.routers.traefik_dashboard.tls=true
|
- traefik.http.routers.traefik_dashboard.tls=true
|
||||||
- traefik.http.middlewares.myauth.basicauth.users=${TRAEFIK_USER}
|
- traefik.http.middlewares.myauth.basicauth.users=${TRAEFIK_USER}
|
||||||
# - traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$46.RmdYB$$Rx33ChqUskl4PF1ZqSXYV1
|
- traefik.http.routers.traefik_dashboard.middlewares=myauth@docker
|
||||||
# - traefik.http.routers.traefik_dashboard.middlewares=myauth@docker
|
# - traefik.http.routers.traefik_dashboard.middlewares=authentik-forwardauth@docker
|
||||||
- traefik.http.routers.traefik_dashboard.middlewares=authentik-forwardauth@docker
|
|
||||||
- traefik.http.routers.traefik_dashboard.tls.certresolver=cloudflare
|
- traefik.http.routers.traefik_dashboard.tls.certresolver=cloudflare
|
||||||
# - traefik.http.routers.traefik-secure.tls.domains[0].main=jojops.com
|
# - traefik.http.routers.traefik-secure.tls.domains[0].main=${DOMAIN_NAME}
|
||||||
# - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.jojops.com
|
# - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${DOMAIN_NAME}
|
||||||
# - traefik.http.middlewares.myauth.redirectscheme.scheme=https
|
# - traefik.http.middlewares.myauth.redirectscheme.scheme=https
|
||||||
- traefik.http.services.traefik_dashboard.loadbalancer.server.port=80
|
- traefik.http.services.traefik_dashboard.loadbalancer.server.port=80
|
||||||
# - "traefik.http.middlewares.cloudflare-ips.ipallowlist.sourcerange=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
|
# - "traefik.http.middlewares.cloudflare-ips.ipallowlist.sourcerange=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
|
secrets:
|
||||||
|
- SSH_PORT
|
||||||
|
- CF_API_KEY
|
||||||
|
- CF_API_EMAIL
|
||||||
volumes:
|
volumes:
|
||||||
- ./traefik_data:/letsencrypt
|
- ./traefik_data:/letsencrypt
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
- "443:443"
|
- "443:443"
|
||||||
|
- "558:558"
|
||||||
networks:
|
networks:
|
||||||
- frontend
|
- frontend
|
||||||
- webapp
|
- webapp
|
||||||
- mgmt
|
- mgmt
|
||||||
|
- remote
|
||||||
|
secrets:
|
||||||
|
SSH_PORT:
|
||||||
|
file: .secrets/SSH_PORT
|
||||||
|
CF_API_KEY:
|
||||||
|
file: .secrets/CF_API_KEY
|
||||||
|
CF_API_EMAIL:
|
||||||
|
file: .secrets/CF_API_EMAIL
|
||||||
networks:
|
networks:
|
||||||
frontend:
|
frontend:
|
||||||
external:
|
external:
|
||||||
@@ -63,3 +79,6 @@ networks:
|
|||||||
mgmt:
|
mgmt:
|
||||||
external:
|
external:
|
||||||
true
|
true
|
||||||
|
remote:
|
||||||
|
external:
|
||||||
|
true
|
||||||
|
|||||||
Reference in New Issue
Block a user