pub/learn-traefik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init commit

Browse Source
This commit is contained in:
Vassiliy Yegorov
2020-07-08 16:03:52 +07:00
commit edaa556a5e
30 changed files with 633 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
3.Traefik/DOMAINS.md Normal file
View File

@@ -0,0 +1,7 @@
# доменные зоны
- test2.tfm.zone
- traefik.tfm.zone
- grafana.tfm.zone
- prom.tfm.zone

2
3.Traefik/data/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
acme.json
logs/*

19
3.Traefik/data/custom/allow-redirect.yml Normal file
View File

@@ -0,0 +1,19 @@
http:
routers:
redirs:
rule: hostregexp(`{host:.+}`)
entrypoints:
- http
middlewares:
- redirect-to-https
service: noop
middlewares:
redirect-to-https:
redirectScheme:
scheme: https
permanent: false
services:
noop:
loadBalancer:
servers:
- url: "http://127.0.0.1"

46
3.Traefik/data/custom/nginx-docker-node1.yml Normal file
View File

@@ -0,0 +1,46 @@
http:
routers:
external-docker-route:
entryPoints:
- https
service: test2
middlewares:
- test2-auth
- test-retry
# - test2-whitelist
# - testHeader
rule: Host(`test2.tfm.zone`) # "Host(`example.com`) || (Host(`example.org`) && Path(`/traefik`))"
tls:
certResolver: letsEncrypt
# middlewares
middlewares:
test2-auth:
basicAuth:
users:
- "admin:$2y$05$Ixy4UWIEe7z5/xyhMEerveBs7bOWQVUCJAIL.55ANTzlLJWHnaqJ6" # not escaped $$ !
test2-whitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "8.8.8.8/32"
test-retry:
retry:
attempts: 4
testHeader:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlAllowOriginList:
- https://foo.bar.org
- https://example.org
accessControlMaxAge: 100
addVaryHeader: true
# Services
services:
test2:
loadBalancer:
servers:
- url: http://95.216.205.111:8080
passHostHeader: true

65
3.Traefik/data/traefik.yml Normal file
View File

@@ -0,0 +1,65 @@
global:
checkNewVersion: true
log:
filePath: /var/log/log.log
format: common # or json
level: "DEBUG" # DEBUG, PANIC, FATAL, ERROR, WARN, or INFO
accessLog:
filePath: /var/log/access.log
format: common # or json
bufferingSize: 100
filters:
statusCodes:
- "200"
- "300-302"
- "500-503"
retryAttempts: true
minDuration: "10ms"
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
metrics:
address: ":8082"
metrics:
prometheus: # datadog, statsD, influxDB
entryPoint: metrics
http:
routers:
redirs-docker:
rule: hostregexp(`{host:.+}`)
entrypoints:
- http
middlewares:
- redirect-docker-to-https
middlewares:
redirect-docker-to-https:
redirectScheme:
scheme: https
permanent: false
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
directory: /custom
watch: true
certificatesResolvers:
letsEncrypt:
acme:
email: info@tfm.zone # Change e-mail !
storage: acme.json
#caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # for tests only
httpChallenge:
entryPoint: http

39
3.Traefik/docker-compose.yml Normal file
View File

@@ -0,0 +1,39 @@
version: '3.7'
services:
traefik:
image: traefik
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/custom/:/custom/:ro
- ./data/acme.json:/acme.json
- ./data/logs/:/var/log/
labels:
- "traefik.enable=true"
- "traefik.docker.network=webproxy"
# - "traefik.http.routers.traefik-http.entrypoints=http"
# - "traefik.http.routers.traefik-http.rule=Host(`traefik.tfm.zone`)"
# - "traefik.http.routers.traefik-http.middlewares=traefik-redirectscheme,traefik-auth"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`traefik.tfm.zone`)" # change URL !
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.services.traefik-traefik.loadbalancer.server.port=888" # not understand why :)
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$2y$$05$$7GBmuRxTR0T3IZ5rQO4iB.cj2p23RjIIkLB/l5bPn3gzkpfVahvKO" # admin \ admin in "echo $(htpasswd -nbB admin admin) | sed -e s/\\$/\\$\\$/g"
- "traefik.http.middlewares.traefik-redirectscheme.redirectscheme.scheme=https"
networks:
- webproxy
networks:
webproxy:
name: webproxy

6
3.Traefik/start-traefik.sh Executable file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
touch data/acme.json
chmod 600 data/acme.json
docker-compose up -d