feat: add traefik

traefik/conf/dashboard.yml

@@ -0,0 +1,19 @@
+http:
+  middlewares:
+    dashboard-basicauth:
+      basicauth:
+        users:
+          - "traefik:$apr1$XDijc7ic$RofeDix3G.lYtoomdQ6TD."
+    dashboard-mw-chain:
+      chain:
+        middlewares:
+          - "gzip-compress"
+          - "dashboard-basicauth"
+  routers:
+      dashboard-web:
+        entrypoints: web
+        rule: "Host(`localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+        service: "api@internal"
+        middlewares:
+          - "dashboard-mw-chain"
+

traefik/conf/global.yml

@@ -0,0 +1,9 @@
+http:
+  middlewares:
+    websecure-redirectscheme:
+      redirectScheme:
+        scheme: "https"
+        permanent: true
+    gzip-compress:
+      compress: 
+        excludedcontenttypes: "text/event-stream"

traefik/docker-compose-file-provider.yml

@@ -0,0 +1,27 @@
+version: "3.9"
+
+services:
+  reverse-proxy:
+    image: traefik:v2.5
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - "TZ=Asia/Shanghai"
+    labels:
+      - "traefik.enable=true"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./conf:/etc/traefik/config
+      - ./acme.json:/etc/acme/acme.json
+      - ./log:/var/log
+      - ./traefik.yml:/etc/traefik/traefik.yml:ro
+    networks:
+      - traefik
+
+networks:
+  traefik:
+    external: true
+
+
+

traefik/docker-compose.yml

@@ -0,0 +1,51 @@
+version: "3.9"
+
+services:
+  reverse-proxy:
+    image: traefik:v2.5
+    command: 
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      # Global HTTP -> HTTPS
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      # Enable dashboard
+      - --api.dashboard=true
+      - --providers.docker.exposedByDefault=false
+      - --ping
+      # SSL configuration
+      - --certificatesresolvers.letsencrypt.acme.email=hi@esin.io
+      - --certificatesresolvers.letsencrypt.acme.storage=/etc/acme/acme.json
+      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
+      - --log.filePath=/var/log/traefik.log
+      - --log.format=json
+      - --log.level=INFO
+      - --accessLog.filepath=/var/log/access.log
+      - --accessLog.format=json
+      - --accessLog.bufferingsize=100
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - "TZ=Asia/Shanghai"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.esin.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.dashboard.middlewares=dashboard-auth"
+      - "traefik.http.middlewares.dashboard.compress=true"
+      - "traefik.http.middlewares.dashboard.compress.excludedcontenttypes=text/event-stream"
+      - "traefik.http.middlewares.dashboard-auth.basicauth.users=traefik:$$apr1$$XDijc7ic$$RofeDix3G.lYtoomdQ6TD."
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./acme.json:/etc/acme/acme.json
+      - ./log:/var/log
+    networks:
+      - traefik
+
+networks:
+  traefik:
+    external: true

traefik/gitea.yml

@@ -0,0 +1,37 @@
+version: "3.9"
+
+services:
+  gitesin:
+    image: gitea/gitea
+    container_name: "git.esin.io"
+    environment:
+      - "TZ=Asia/Shanghai"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.gitea.rule=Host(`git.esin.io`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls=true"
+      - "traefik.http.routers.gitea.middlewares=gitea-mw"
+      - "traefik.http.middlewares.gitea-mw.compress=true"
+      - "traefik.http.middlewares.gitea-mw.compress.excludedcontenttypes=text/event-stream"
+      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
+    volumes:
+      - /data/gitea:/data
+    ports:
+      - "2222:22"
+    links:
+      - postgresql
+    networks:
+      - traefik
+  postgresql:
+    image: postgres:alpine
+    container_name: "postgresql"
+    environment:
+      - "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}"
+    volumes:
+      - /data/postgresql:/var/lib/postgresql/data
+    networks:
+      - traefik
+networks:
+  traefik:
+    external: true

traefik/traefik.yml

@@ -0,0 +1,34 @@
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+    
+providers:
+  docker: 
+    exposedByDefault: false
+  file:
+    directory: "/etc/traefik/config"
+
+api:
+  dashboard: true
+
+ping: {}
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: "hi@esin.io"
+      storage: "/etc/acme/acme.json"
+      httpChallenge:
+        entryPoint: web
+
+log:
+  filePath: "/var/log/traefik.log"
+  format: json
+  level: INFO
+
+accessLog:
+  filePath: "/var/log/access.log"
+  format: json
+  bufferingSize: 100