feat: add traefik

This commit is contained in:
lab 2021-09-19 13:56:24 +08:00
parent 53d14cb434
commit 1d2d569b6d
6 changed files with 177 additions and 0 deletions

View File

@ -0,0 +1,19 @@
http:
middlewares:
dashboard-basicauth:
basicauth:
users:
- "traefik:$apr1$XDijc7ic$RofeDix3G.lYtoomdQ6TD."
dashboard-mw-chain:
chain:
middlewares:
- "gzip-compress"
- "dashboard-basicauth"
routers:
dashboard-web:
entrypoints: web
rule: "Host(`localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service: "api@internal"
middlewares:
- "dashboard-mw-chain"

9
traefik/conf/global.yml Normal file
View File

@ -0,0 +1,9 @@
http:
middlewares:
websecure-redirectscheme:
redirectScheme:
scheme: "https"
permanent: true
gzip-compress:
compress:
excludedcontenttypes: "text/event-stream"

View File

@ -0,0 +1,27 @@
version: "3.9"
services:
reverse-proxy:
image: traefik:v2.5
ports:
- "80:80"
- "443:443"
environment:
- "TZ=Asia/Shanghai"
labels:
- "traefik.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./conf:/etc/traefik/config
- ./acme.json:/etc/acme/acme.json
- ./log:/var/log
- ./traefik.yml:/etc/traefik/traefik.yml:ro
networks:
- traefik
networks:
traefik:
external: true

View File

@ -0,0 +1,51 @@
version: "3.9"
services:
reverse-proxy:
image: traefik:v2.5
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
# Global HTTP -> HTTPS
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
# Enable dashboard
- --api.dashboard=true
- --providers.docker.exposedByDefault=false
- --ping
# SSL configuration
- --certificatesresolvers.letsencrypt.acme.email=hi@esin.io
- --certificatesresolvers.letsencrypt.acme.storage=/etc/acme/acme.json
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- --log.filePath=/var/log/traefik.log
- --log.format=json
- --log.level=INFO
- --accessLog.filepath=/var/log/access.log
- --accessLog.format=json
- --accessLog.bufferingsize=100
ports:
- "80:80"
- "443:443"
environment:
- "TZ=Asia/Shanghai"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.rule=Host(`traefik.esin.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
- "traefik.http.routers.dashboard.middlewares=dashboard-auth"
- "traefik.http.middlewares.dashboard.compress=true"
- "traefik.http.middlewares.dashboard.compress.excludedcontenttypes=text/event-stream"
- "traefik.http.middlewares.dashboard-auth.basicauth.users=traefik:$$apr1$$XDijc7ic$$RofeDix3G.lYtoomdQ6TD."
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./acme.json:/etc/acme/acme.json
- ./log:/var/log
networks:
- traefik
networks:
traefik:
external: true

37
traefik/gitea.yml Normal file
View File

@ -0,0 +1,37 @@
version: "3.9"
services:
gitesin:
image: gitea/gitea
container_name: "git.esin.io"
environment:
- "TZ=Asia/Shanghai"
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.rule=Host(`git.esin.io`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.gitea.middlewares=gitea-mw"
- "traefik.http.middlewares.gitea-mw.compress=true"
- "traefik.http.middlewares.gitea-mw.compress.excludedcontenttypes=text/event-stream"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
volumes:
- /data/gitea:/data
ports:
- "2222:22"
links:
- postgresql
networks:
- traefik
postgresql:
image: postgres:alpine
container_name: "postgresql"
environment:
- "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}"
volumes:
- /data/postgresql:/var/lib/postgresql/data
networks:
- traefik
networks:
traefik:
external: true

34
traefik/traefik.yml Normal file
View File

@ -0,0 +1,34 @@
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
providers:
docker:
exposedByDefault: false
file:
directory: "/etc/traefik/config"
api:
dashboard: true
ping: {}
certificatesResolvers:
letsencrypt:
acme:
email: "hi@esin.io"
storage: "/etc/acme/acme.json"
httpChallenge:
entryPoint: web
log:
filePath: "/var/log/traefik.log"
format: json
level: INFO
accessLog:
filePath: "/var/log/access.log"
format: json
bufferingSize: 100