diff --git a/traefik/conf/dashboard.yml b/traefik/conf/dashboard.yml new file mode 100644 index 0000000..51f536f --- /dev/null +++ b/traefik/conf/dashboard.yml @@ -0,0 +1,19 @@ +http: + middlewares: + dashboard-basicauth: + basicauth: + users: + - "traefik:$apr1$XDijc7ic$RofeDix3G.lYtoomdQ6TD." + dashboard-mw-chain: + chain: + middlewares: + - "gzip-compress" + - "dashboard-basicauth" + routers: + dashboard-web: + entrypoints: web + rule: "Host(`localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" + service: "api@internal" + middlewares: + - "dashboard-mw-chain" + diff --git a/traefik/conf/global.yml b/traefik/conf/global.yml new file mode 100644 index 0000000..599052d --- /dev/null +++ b/traefik/conf/global.yml @@ -0,0 +1,9 @@ +http: + middlewares: + websecure-redirectscheme: + redirectScheme: + scheme: "https" + permanent: true + gzip-compress: + compress: + excludedcontenttypes: "text/event-stream" \ No newline at end of file diff --git a/traefik/docker-compose-file-provider.yml b/traefik/docker-compose-file-provider.yml new file mode 100644 index 0000000..a71b60d --- /dev/null +++ b/traefik/docker-compose-file-provider.yml @@ -0,0 +1,27 @@ +version: "3.9" + +services: + reverse-proxy: + image: traefik:v2.5 + ports: + - "80:80" + - "443:443" + environment: + - "TZ=Asia/Shanghai" + labels: + - "traefik.enable=true" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./conf:/etc/traefik/config + - ./acme.json:/etc/acme/acme.json + - ./log:/var/log + - ./traefik.yml:/etc/traefik/traefik.yml:ro + networks: + - traefik + +networks: + traefik: + external: true + + + diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml new file mode 100644 index 0000000..a1950c6 --- /dev/null +++ b/traefik/docker-compose.yml @@ -0,0 +1,51 @@ +version: "3.9" + +services: + reverse-proxy: + image: traefik:v2.5 + command: + - --entrypoints.web.address=:80 + - --entrypoints.websecure.address=:443 + # Global HTTP -> HTTPS + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + # Enable dashboard + - --api.dashboard=true + - --providers.docker.exposedByDefault=false + - --ping + # SSL configuration + - --certificatesresolvers.letsencrypt.acme.email=hi@esin.io + - --certificatesresolvers.letsencrypt.acme.storage=/etc/acme/acme.json + - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web + - --log.filePath=/var/log/traefik.log + - --log.format=json + - --log.level=INFO + - --accessLog.filepath=/var/log/access.log + - --accessLog.format=json + - --accessLog.bufferingsize=100 + ports: + - "80:80" + - "443:443" + environment: + - "TZ=Asia/Shanghai" + labels: + - "traefik.enable=true" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.rule=Host(`traefik.esin.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls=true" + - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt" + - "traefik.http.routers.dashboard.middlewares=dashboard-auth" + - "traefik.http.middlewares.dashboard.compress=true" + - "traefik.http.middlewares.dashboard.compress.excludedcontenttypes=text/event-stream" + - "traefik.http.middlewares.dashboard-auth.basicauth.users=traefik:$$apr1$$XDijc7ic$$RofeDix3G.lYtoomdQ6TD." + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./acme.json:/etc/acme/acme.json + - ./log:/var/log + networks: + - traefik + +networks: + traefik: + external: true diff --git a/traefik/gitea.yml b/traefik/gitea.yml new file mode 100644 index 0000000..89ec792 --- /dev/null +++ b/traefik/gitea.yml @@ -0,0 +1,37 @@ +version: "3.9" + +services: + gitesin: + image: gitea/gitea + container_name: "git.esin.io" + environment: + - "TZ=Asia/Shanghai" + labels: + - "traefik.enable=true" + - "traefik.http.routers.gitea.rule=Host(`git.esin.io`)" + - "traefik.http.routers.gitea.entrypoints=websecure" + - "traefik.http.routers.gitea.tls=true" + - "traefik.http.routers.gitea.middlewares=gitea-mw" + - "traefik.http.middlewares.gitea-mw.compress=true" + - "traefik.http.middlewares.gitea-mw.compress.excludedcontenttypes=text/event-stream" + - "traefik.http.services.gitea.loadbalancer.server.port=3000" + volumes: + - /data/gitea:/data + ports: + - "2222:22" + links: + - postgresql + networks: + - traefik + postgresql: + image: postgres:alpine + container_name: "postgresql" + environment: + - "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}" + volumes: + - /data/postgresql:/var/lib/postgresql/data + networks: + - traefik +networks: + traefik: + external: true \ No newline at end of file diff --git a/traefik/traefik.yml b/traefik/traefik.yml new file mode 100644 index 0000000..430577d --- /dev/null +++ b/traefik/traefik.yml @@ -0,0 +1,34 @@ +entryPoints: + web: + address: ":80" + websecure: + address: ":443" + +providers: + docker: + exposedByDefault: false + file: + directory: "/etc/traefik/config" + +api: + dashboard: true + +ping: {} + +certificatesResolvers: + letsencrypt: + acme: + email: "hi@esin.io" + storage: "/etc/acme/acme.json" + httpChallenge: + entryPoint: web + +log: + filePath: "/var/log/traefik.log" + format: json + level: INFO + +accessLog: + filePath: "/var/log/access.log" + format: json + bufferingSize: 100