From c2fed99704743384a0d4f2a1d3ed624ab5537700 Mon Sep 17 00:00:00 2001 From: Brennen Raimer <> Date: Sat, 2 Nov 2019 15:10:44 -0400 Subject: [PATCH] updated traefik to latest removed duckdns --- .gitignore | 1 + configs/traefik.toml | 90 ------------------------------------ configs/traefik/traefik.toml | 7 +++ docker-compose.yaml | 55 ++++++++++------------ gatecounter-test.toml | 10 ---- 5 files changed, 33 insertions(+), 130 deletions(-) delete mode 100644 configs/traefik.toml create mode 100644 configs/traefik/traefik.toml delete mode 100644 gatecounter-test.toml diff --git a/.gitignore b/.gitignore index bdbd200..7a37de3 100644 --- a/.gitignore +++ b/.gitignore @@ -100,3 +100,4 @@ ENV/ # mypy .mypy_cache/ .vscode/settings.json +certs/* \ No newline at end of file diff --git a/configs/traefik.toml b/configs/traefik.toml deleted file mode 100644 index 053b4fc..0000000 --- a/configs/traefik.toml +++ /dev/null @@ -1,90 +0,0 @@ -debug = false - -logLevel = "ERROR" -defaultEntryPoints = ["https","http"] - -[entryPoints] - [entryPoints.http] - address = ":80" - [entryPoints.http.redirect] - entryPoint = "https" - [entryPoints.https] - address = ":443" - [entryPoints.https.tls] -# [entryPoints.traefik] -# address = ":8080" - -[retry] - -# Traefik logs -# Enabled by default and log to stdout -# -# Optional -# -# [traefikLog] - -# Sets the filepath for the traefik log. If not specified, stdout will be used. -# Intermediate directories are created if necessary. -# -# Optional -# Default: os.Stdout -# -# filePath = "log/traefik.log" - -# Format is either "json" or "common". -# -# Optional -# Default: "common" -# -# format = "common" - -# Enable access logs -# By default it will write to stdout and produce logs in the textual -# Common Log Format (CLF), extended with additional fields. -# -# Optional -# -# [accessLog] - -# Sets the file path for the access log. If not specified, stdout will be used. -# Intermediate directories are created if necessary. -# -# Optional -# Default: os.Stdout -# -# filePath = "/path/to/log/log.txt" - -# Format is either "json" or "common". -# -# Optional -# Default: "common" -# -# format = "common" - -################################################################ -# Web configuration backend -################################################################ - -# Enable web configuration backend -# https://docs.traefik.io/configuration/api/ -#[api] -#entryPoint = "traefik" -#dashboard = true - -[file] -directory = "/etc/traefik/rules" -watch = true - -[docker] -endpoint = "unix:///var/run/docker.sock" -domain = "yoursubdomain.duckdns.org" -watch = true -exposedbydefault = false - -[acme] -email = "you@youremail.com" -storage = "/etc/traefik/acme/acme.json" -entryPoint = "https" -OnHostRule = true -[acme.dnsChallenge] -provider = "duckdns" diff --git a/configs/traefik/traefik.toml b/configs/traefik/traefik.toml new file mode 100644 index 0000000..5bfadfb --- /dev/null +++ b/configs/traefik/traefik.toml @@ -0,0 +1,7 @@ +tls: + stores: + default: + defaultCertificate: + certFile: /certs/gatecounter.crt + keyFile: /certs/gatecounter.key + diff --git a/docker-compose.yaml b/docker-compose.yaml index 8cd3113..90694c4 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -25,8 +25,6 @@ services: interval: 30s timeout: 10s retries: 5 - ports: - - "3306:3306" #connects port 3306 of the host (left) to 3306 of this container (right) making it accessible to things outside of our docker virtual network expose: - "3306" @@ -50,11 +48,9 @@ services: entrypoint: - /bin/sh - -c - - "\"mysql -h $$HOSTNAME -u root -D ${MYSQL_DB_NAME} -p${MYSQL_ROOT_PW} < /docker-entrypoint-initdb.d/db-init.sql\"" + - "\"mysql -h gatecounter-db -u root -D ${MYSQL_DB_NAME} -p${MYSQL_ROOT_PW} < /docker-entrypoint-initdb.d/db-init.sql\"" depends_on: - gatecounter-db - expose: - - "3306" grafana: @@ -68,11 +64,13 @@ services: - grafana_plugins:/var/lib/grafana/plugins - grafana_provisioning:/etc/grafana/provisioning labels: - - traefik.enable=true #enable forwarding of http requests to this container - - traefik.frontend.rule=Host:${GRAFANA_DOMAIN_NAME} #when a request is received for this domain... - - traefik.backend=grafana #forward the request to this container... - - traefik.port=3000 #on this port... - - traefik.protocol=http #forwarding the request in plain http on the internal virtual network + - traefik.enable=true #enable forwarding of requests to this container + - traefik.http.routers.grafana-http.rule=Host(`${GRAFANA_DOMAIN_NAME`) #when a request is received for this domain, forward the request to this container... + - traefik.http.routers.grafana-http.entrypoints=http + - traefik.http.routers.grafana-http.middlewares=https-only #redirect all http requests to https + - traefik.http.routers.grafana-https.entrypoints=https + - traefik.http.routers.grafana-https.tls=true + - traefik.http.services.grafana.loadbalancer.server.port=3000 #on this port... expose: - "3000" #makes this port accessible to other containers on the same network, but not availble directly on the host system depends_on: #specifies which containers must be up and running before this one can be started @@ -107,33 +105,30 @@ services: expose: - "3306" #this database only needs to be accessible internally to grafana - #this container makes sure a domain you register for free on https://duckdns.org always points to where this is running - dynamic-dns: - image: lsioarmhf/duckdns - container_name: duckdns - environment: - SUBDOMAINS: ${DUCKDNS_SUBDOMAIN:?Please provide a duckdns subdomain for your project. Please edit .env with this value} #replace with the domain you registered. - TOKEN: ${DUCKDNS_TOKEN:?Please provide a duckdns token for your domain. Please edit .env with this value} #the token duckDNS provides you for domain updates - TZ: ${TZ:-America/New_York} - labels: - - traefik.enable=false #tells traefik reverse proxy to ignore this container, do not proxy requests to it - restart: always #if this container stops for any reason, docker will restart it automatically - networks: - - default #put this service on the built-in docker bridge network - reverse-proxy: - image: traefik:v1.7 - container_name: traefik-gc #referenced in ./configs/traefik.toml by this name in [api] section + image: traefik:latest + container_name: traefik + command: + - "--api=false" + - "--entryPoints.http.address=:80" + - "--entryPoints.https.address=:443" + - "--providers.docker=true" + - "--accesslog=true" + - "--log=true" + - "--log.level=INFO" + - "--providers.file.directory=/etc/traefik/custom/" + labels: + - "com.ouroboros.enable=true" #enables watchtower for auto updates + - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" + - "traefik.http.middlewares.https-only.redirectscheme.permanent=true" restart: unless-stopped #Docker will automatically restart this container unless you intentionally stopped it ports: - 80:80 - 443:443 -# - 8080:8080 #admin web UI port volumes: - /var/run/docker.sock:/var/run/docker.sock #allows traefik to monitor for changes and to read labels - - ./configs/traefik.toml:/etc/traefik/traefik.toml #traefik config file - - ./rules:/etc/traefik/rules - - traefik-cert-gc:/etc/traefik/acme/ #volume for storing LetsEncrypt cets + - ./certs/:/certs/:ro + - ./configs/traefik:/etc/traefik/custom:ro #The following section allows you to deifne services which must be started before this service can start depends_on: - dynamic-dns diff --git a/gatecounter-test.toml b/gatecounter-test.toml deleted file mode 100644 index acc7a9d..0000000 --- a/gatecounter-test.toml +++ /dev/null @@ -1,10 +0,0 @@ -[backends] -[backends.gatecounter] - [backends.gatecounter.servers.gatecounter-server] - url = "http://grafana:3000" -[frontends] -[frontends.gatecounter] -entryPoints = ["http"] -backend = "gatecounter" - [frontends.gatecounter.routes.test] - rule = "HostRegexp:grafana.{hostname:[a-z]+}{suffix:(\.local|\.home)}" \ No newline at end of file