updated traefik to latest

removed duckdns
2019-11-02 15:10:44 -04:00
parent aab50eceb9
commit c2fed99704
5 changed files with 33 additions and 130 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -100,3 +100,4 @@ ENV/
 # mypy
 .mypy_cache/
 .vscode/settings.json
+certs/*
--- a/configs/traefik.toml
+++ b/configs/traefik.toml
@@ -1,90 +0,0 @@
-debug = false
-
-logLevel = "ERROR"
-defaultEntryPoints = ["https","http"]
-
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-    entryPoint = "https"
-  [entryPoints.https]
-  address = ":443"
-  [entryPoints.https.tls]
-#  [entryPoints.traefik]
-#  address = ":8080"
-
-[retry]
-
-# Traefik logs
-# Enabled by default and log to stdout
-#
-# Optional
-#
-# [traefikLog]
-
-# Sets the filepath for the traefik log. If not specified, stdout will be used.
-# Intermediate directories are created if necessary.
-#
-# Optional
-# Default: os.Stdout
-#
-# filePath = "log/traefik.log"
-
-# Format is either "json" or "common".
-#
-# Optional
-# Default: "common"
-#
-# format = "common"
-
-# Enable access logs
-# By default it will write to stdout and produce logs in the textual
-# Common Log Format (CLF), extended with additional fields.
-#
-# Optional
-#
-# [accessLog]
-
-# Sets the file path for the access log. If not specified, stdout will be used.
-# Intermediate directories are created if necessary.
-#
-# Optional
-# Default: os.Stdout
-#
-# filePath = "/path/to/log/log.txt"
-
-# Format is either "json" or "common".
-#
-# Optional
-# Default: "common"
-#
-# format = "common"
-
-################################################################
-# Web configuration backend
-################################################################
-
-# Enable web configuration backend
-# https://docs.traefik.io/configuration/api/
-#[api]
-#entryPoint = "traefik"
-#dashboard = true
-
-[file]
-directory = "/etc/traefik/rules"
-watch = true
-
-[docker]
-endpoint = "unix:///var/run/docker.sock" 
-domain = "yoursubdomain.duckdns.org"
-watch = true
-exposedbydefault = false
-
-[acme]
-email = "you@youremail.com"
-storage = "/etc/traefik/acme/acme.json"
-entryPoint = "https"
-OnHostRule = true
-[acme.dnsChallenge]
-provider = "duckdns"
--- a/configs/traefik/traefik.toml
+++ b/configs/traefik/traefik.toml
@@ -0,0 +1,7 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /certs/gatecounter.crt
+        keyFile: /certs/gatecounter.key
+
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -25,8 +25,6 @@ services:
      interval: 30s
      timeout: 10s
      retries: 5
-    ports:
-      - "3306:3306" #connects port 3306 of the host (left) to 3306 of this container (right) making it accessible to things outside of our docker virtual network
    expose:
      - "3306"

@@ -50,11 +48,9 @@ services:
    entrypoint:
      - /bin/sh
      - -c
-      - "\"mysql -h $$HOSTNAME -u root -D ${MYSQL_DB_NAME} -p${MYSQL_ROOT_PW} < /docker-entrypoint-initdb.d/db-init.sql\""
+      - "\"mysql -h gatecounter-db -u root -D ${MYSQL_DB_NAME} -p${MYSQL_ROOT_PW} < /docker-entrypoint-initdb.d/db-init.sql\""
    depends_on:
      - gatecounter-db
-    expose:
-      - "3306"


  grafana:
@@ -68,11 +64,13 @@ services:
      - grafana_plugins:/var/lib/grafana/plugins
      - grafana_provisioning:/etc/grafana/provisioning
    labels:
-      - traefik.enable=true #enable forwarding of http requests to this container
-      - traefik.frontend.rule=Host:${GRAFANA_DOMAIN_NAME} #when a request is received for this domain...
-      - traefik.backend=grafana #forward the request to this container...
-      - traefik.port=3000 #on this port...
-      - traefik.protocol=http #forwarding the request in plain http on the internal virtual network
+      - traefik.enable=true #enable forwarding of requests to this container
+      - traefik.http.routers.grafana-http.rule=Host(`${GRAFANA_DOMAIN_NAME`) #when a request is received for this domain, forward the request to this container...
+      - traefik.http.routers.grafana-http.entrypoints=http
+      - traefik.http.routers.grafana-http.middlewares=https-only #redirect all http requests to https
+      - traefik.http.routers.grafana-https.entrypoints=https
+      - traefik.http.routers.grafana-https.tls=true
+      - traefik.http.services.grafana.loadbalancer.server.port=3000 #on this port...
    expose:
      - "3000" #makes this port accessible to other containers on the same network, but not availble directly on the host system
    depends_on: #specifies which containers must be up and running before this one can be started
@@ -107,33 +105,30 @@ services:
    expose:
      - "3306" #this database only needs to be accessible internally to grafana

-  #this container makes sure a domain you register for free on https://duckdns.org always points to where this is running
-  dynamic-dns:
-    image: lsioarmhf/duckdns
-    container_name: duckdns
-    environment:
-      SUBDOMAINS: ${DUCKDNS_SUBDOMAIN:?Please provide a duckdns subdomain for your project.  Please edit .env with this value} #replace with the domain you registered.
-      TOKEN: ${DUCKDNS_TOKEN:?Please provide a duckdns token for your domain.  Please edit .env with this value} #the token duckDNS provides you for domain updates
-      TZ: ${TZ:-America/New_York}
-    labels:
-      - traefik.enable=false #tells traefik reverse proxy to ignore this container, do not proxy requests to it
-    restart: always #if this container stops for any reason, docker will restart it automatically
-    networks:
-      - default #put this service on the built-in docker bridge network
-
  reverse-proxy:
-    image: traefik:v1.7
-    container_name: traefik-gc #referenced in ./configs/traefik.toml by this name in [api] section
+    image: traefik:latest
+    container_name: traefik
+    command:
+      - "--api=false"
+      - "--entryPoints.http.address=:80"
+      - "--entryPoints.https.address=:443"
+      - "--providers.docker=true"
+      - "--accesslog=true"
+      - "--log=true"
+      - "--log.level=INFO"
+      - "--providers.file.directory=/etc/traefik/custom/"
+    labels:
+      - "com.ouroboros.enable=true" #enables watchtower for auto updates
+      - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.https-only.redirectscheme.permanent=true"      
    restart: unless-stopped #Docker will automatically restart this container unless you intentionally stopped it
    ports:
      - 80:80
      - 443:443
-#      - 8080:8080 #admin web UI port
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock  #allows traefik to monitor for changes and to read labels
-      - ./configs/traefik.toml:/etc/traefik/traefik.toml #traefik config file
-      - ./rules:/etc/traefik/rules
-      - traefik-cert-gc:/etc/traefik/acme/ #volume for storing LetsEncrypt cets
+      - ./certs/:/certs/:ro
+      - ./configs/traefik:/etc/traefik/custom:ro
    #The following section allows you to deifne services which must be started before this service can start
    depends_on:
      - dynamic-dns
--- a/gatecounter-test.toml
+++ b/gatecounter-test.toml
@@ -1,10 +0,0 @@
-[backends]
-[backends.gatecounter]
-    [backends.gatecounter.servers.gatecounter-server]
-    url = "http://grafana:3000"
-[frontends]
-[frontends.gatecounter]
-entryPoints = ["http"]
-backend = "gatecounter"
-    [frontends.gatecounter.routes.test]
-    rule = "HostRegexp:grafana.{hostname:[a-z]+}{suffix:(\.local|\.home)}"