added traefik example

2023-06-11 22:11:05 +02:00 · 2023-06-11 22:11:05 +02:00 · f452c2ef09
commit f452c2ef09
parent 1f08252999
6 changed files with 105 additions and 11 deletions
--- a/resources/lxc/100/config.json
+++ b/resources/lxc/100/config.json
@ -29,20 +29,18 @@
    "tags": "2-proxy+auth"
  },
  "creation": {
-    "conditions": [
-      {
-        "type": "program",
-        "program": "docker"
+    "conditions": {
+      "programs": ["docker"],
+      "folders": ["/var/data/traefik", "/var/data/config/traefik"],
+      "files": ["/var/data/traefik/traefik.toml", "/var/data/config/traefikv2/docker-compose.yml"]
    },
-      {
-        "type": "folder",
-        "path": "/var/data/traefik"
-      }
-    ],
    "steps": [
      {
        "type": "script",
        "path": "/global/install-docker.sh"
+      },
+      {
+        "type": ""
      }
    ]
  },
--- a/resources/lxc/100/data/config/traefikv2/docker-compose.yml
+++ b/resources/lxc/100/data/config/traefikv2/docker-compose.yml
@ -0,0 +1,40 @@
+version: "3"
+
+services:
+  app:
+    image: traefik:v2.9
+    env_file: /var/data/config/traefikv2/traefik.env
+    restart: always
+    ports:
+      - "80:80" # http
+      - "443:443" # https
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /var/data/config/traefikv2/dyn:/dyn
+      - /var/data/config/traefikv2/traefik.toml:/etc/traefik/traefik.toml
+      - /var/data/traefik/traefik.log:/traefik.log
+      - /var/data/traefik/access.log:/access.log
+      - /var/data/traefik/acme.json:/acme.json
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.api.rule=Host(`traefik.xyz.abc`)"
+      - "traefik.http.routers.api.entrypoints=https"
+
+      - "traefik.http.routers.api.service=api@internal"
+      - "traefik.http.services.dummy.loadbalancer.server.port=9999"
+
+      - "traefik.http.routers.api.tls=true"
+      - "traefik.http.routers.api.tls.domains[0].main=xyz.abc"
+      - "traefik.http.routers.api.tls.domains[0].sans=*.xyz.abc"
+      - "traefik.http.routers.api.tls.certresolver=cloudflare"
+    networks:
+      - traefik_public
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "2m"
+        max-file: "2"
+
+networks:
+  traefik_public:
+    external: true
--- a/resources/lxc/100/data/config/traefikv2/traefik.env
+++ b/resources/lxc/100/data/config/traefikv2/traefik.env
@ -0,0 +1,3 @@
+# CloudFlare example
+CLOUDFLARE_EMAIL=me@xyz.abc
+CLOUDFLARE_API_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
--- a/resources/lxc/100/data/config/traefikv2/traefik.toml
+++ b/resources/lxc/100/data/config/traefikv2/traefik.toml
@ -0,0 +1,52 @@
+[global]
+  checkNewVersion = true
+
+# Enable the Dashboard
+[api]
+  dashboard = true
+
+# Write out Traefik logs
+[log]
+  level = "INFO"
+  filePath = "/traefik.log"
+
+# [accessLog]
+#   filePath = "/access.log"
+
+[entryPoints.http]
+  address = ":80"
+  # Redirect to HTTPS (why wouldn't you?)
+  [entryPoints.http.http.redirections.entryPoint]
+    to = "https"
+    scheme = "https"
+
+  [entryPoints.http.forwardedHeaders]
+    trustedIPs = ["10.0.0.0/8", "172.16.0.0/16", "192.168.0.0/16", "fc00::/7"]
+
+[entryPoints.https]
+  address = ":443"
+  [entryPoints.https.http.tls]
+    certResolver = "cloudflare"
+
+  [entryPoints.https.forwardedHeaders]
+    trustedIPs = ["10.0.0.0/8", "172.16.0.0/16", "192.168.0.0/16", "fc00::/7"]
+
+
+# Cloudflare
+[certificatesResolvers.infomaniak.acme]
+  email = "me@xyz.abc"
+  storage = "acme.json"
+  [certificatesResolvers.infomaniak.acme.dnsChallenge]
+    provider = "cloudflare"
+    resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
+
+# Docker Traefik provider
+[providers.docker]
+  endpoint = "unix:///var/run/docker.sock"
+  swarmMode = false
+  watch = true
+  exposedByDefault = false
+
+[providers.file]
+  directory = "/dyn"
+  watch = true
--- a/resources/lxc/100/data/traefikv2/acme.json
+++ b/resources/lxc/100/data/traefikv2/acme.json
@ -0,0 +1 @@
+{}
--- a/resources/lxc/100/data/traefikv2/treafik.log
+++ b/resources/lxc/100/data/traefikv2/treafik.log