Update traefik config + labels on services
see https://cloud.gnous.fr/apps/deck/#/board/4/card/196
This commit is contained in:
parent
f75248db24
commit
ca70931184
@ -16,22 +16,14 @@ services:
|
||||
- ${DATA_PATH}:/var/www/
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.middlewares.apache-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.apache-http.middlewares=apache-redirect-websecure"
|
||||
- "traefik.http.routers.apache-http.rule=Host(`${CN}`, `${SAN1}`)"
|
||||
# - "traefik.http.routers.apache-http.rule=Host(`${CN}`, `${SAN1}`, `${TRAVAUXCN}`)"
|
||||
- "traefik.http.routers.apache-http.entrypoints=web"
|
||||
- "traefik.http.routers.apache-https.rule=Host(`${CN}`, `${SAN1}`)"
|
||||
# - "traefik.http.routers.apache-https.rule=Host(`${CN}`, `${SAN1}`, `${TRAVAUXCN}`)"
|
||||
- "traefik.http.routers.apache-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.apache-https.tls=true"
|
||||
- "traefik.http.routers.apache-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.middlewares.apache-force-cn.redirectregex.regex=^https://${SAN1}/(.*)"
|
||||
- "traefik.http.middlewares.apache-force-cn.redirectregex.replacement=https://${CN}/$${1}"
|
||||
# - "traefik.http.middlewares.apache-travaux.redirectregex.regex=^https://${TRAVAUXCN}/"
|
||||
# - "traefik.http.middlewares.apache-travaux.redirectregex.replacement=https://${CN}/travaux.php"
|
||||
- "traefik.http.routers.apache-https.middlewares=apache-force-cn"
|
||||
# - "traefik.http.routers.apache-https.middlewares=apache-force-cn,apache-travaux"
|
||||
- "traefik.http.routers.gnousweb.rule=Host(`${CN}`, `${SAN1}`)"
|
||||
# - "traefik.http.routers.gnousweb.rule=Host(`${CN}`, `${SAN1}`, `${TRAVAUXCN}`)"
|
||||
- "traefik.http.middlewares.gnousweb-force-cn.redirectregex.regex=^https://${SAN1}/(.*)"
|
||||
- "traefik.http.middlewares.gnousweb-force-cn.redirectregex.replacement=https://${CN}/$${1}"
|
||||
# - "traefik.http.middlewares.gnous-travaux.redirectregex.regex=^https://${TRAVAUXCN}/"
|
||||
# - "traefik.http.middlewares.gnous-travaux.redirectregex.replacement=https://${CN}/travaux.php"
|
||||
- "traefik.http.routers.gnousweb.middlewares=gnousweb-force-cn"
|
||||
# - "traefik.http.routers.gnousweb.middlewares=apache-force-cn,apache-travaux"
|
||||
- "co.elastic.logs/module=apache"
|
||||
- "co.elastic.logs/fileset=access"
|
||||
|
||||
|
@ -16,13 +16,8 @@ services:
|
||||
- ${DATA_PATH}/public-html:/var/www/html/
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.maintenance-http.rule=HostRegexp(`{catchall:.*}`)"
|
||||
- "traefik.http.routers.maintenance-http.entrypoints=web"
|
||||
- "traefik.http.routers.maintenance-http.priority=1"
|
||||
- "traefik.http.routers.maintenance-https.rule=HostRegexp(`{catchall:.*}`)"
|
||||
- "traefik.http.routers.maintenance-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.maintenance-https.priority=1"
|
||||
- "traefik.http.routers.maintenance-https.tls=true"
|
||||
- "traefik.http.routers.maintenance.rule=HostRegexp(`{catchall:.*}`)"
|
||||
- "traefik.http.routers.maintenance.priority=1"
|
||||
- "co.elastic.logs/module=apache"
|
||||
- "co.elastic.logs/fileset=access"
|
||||
|
||||
|
@ -16,17 +16,10 @@ services:
|
||||
- ${DATA_PATH}:/var/www/
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.middlewares.apache-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.apache-test-http.middlewares=apache-redirect-websecure"
|
||||
- "traefik.http.routers.apache-test-http.rule=Host(`${CN}`, `${SAN1}`)"
|
||||
- "traefik.http.routers.apache-test-http.entrypoints=web"
|
||||
- "traefik.http.routers.apache-test-https.rule=Host(`${CN}`, `${SAN1}`)"
|
||||
- "traefik.http.routers.apache-test-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.apache-test-https.middlewares=apache-test-redirectregex"
|
||||
- "traefik.http.routers.apache-test-https.tls=true"
|
||||
- "traefik.http.routers.apache-test-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.middlewares.apache-test-redirectregex.redirectregex.regex=^https://${SAN1}/(.*)"
|
||||
- "traefik.http.middlewares.apache-test-redirectregex.redirectregex.replacement=https://${CN}/$${1}"
|
||||
- "traefik.http.routers.gnouswebtest.rule=Host(`${CN}`, `${SAN1}`)"
|
||||
- "traefik.http.routers.gnouswebtest.middlewares=gnouswebtest-redirectregex"
|
||||
- "traefik.http.middlewares.gnouswebtest-redirectregex.redirectregex.regex=^https://${SAN1}/(.*)"
|
||||
- "traefik.http.middlewares.gnouswebtest-redirectregex.redirectregex.replacement=https://${CN}/$${1}"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
@ -38,14 +38,7 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.middlewares.kb-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.kb-http.middlewares=kb-redirect-websecure"
|
||||
- "traefik.http.routers.kb-http.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.kb-http.entrypoints=web"
|
||||
- "traefik.http.routers.kb-https.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.kb-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.kb-https.tls=true"
|
||||
- "traefik.http.routers.kb-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.routers.kb.rule=Host(`${CN}`)"
|
||||
- "co.elastic.logs/module=kibana"
|
||||
|
||||
networks:
|
||||
|
@ -27,16 +27,9 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.gitea-web-svc.loadbalancer.server.port=3000"
|
||||
- "traefik.http.routers.git-https.service=gitea-web-svc"
|
||||
- "traefik.http.middlewares.git-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.git-http.middlewares=git-redirect-websecure"
|
||||
- "traefik.http.routers.git-http.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.git-http.entrypoints=web"
|
||||
- "traefik.http.routers.git-https.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.git-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.git-https.tls=true"
|
||||
- "traefik.http.routers.git-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.services.gitea-svc.loadbalancer.server.port=3000"
|
||||
- "traefik.http.routers.gitea.service=gitea-svc"
|
||||
- "traefik.http.routers.gitea.rule=Host(`${CN}`)"
|
||||
|
||||
db:
|
||||
image: postgres:13.5
|
||||
|
@ -21,16 +21,9 @@ services:
|
||||
- ${DATA_PATH}/data:/var/opt/gitlab
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.gitlab-https.service=app"
|
||||
- "traefik.http.routers.gitlab.service=app"
|
||||
- "traefik.http.services.app.loadbalancer.server.port=80"
|
||||
- "traefik.http.middlewares.gitlab-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.gitlab-http.middlewares=gitlab-redirect-websecure"
|
||||
- "traefik.http.routers.gitlab-http.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.gitlab-http.entrypoints=web"
|
||||
- "traefik.http.routers.gitlab-https.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.gitlab-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.gitlab-https.tls=true"
|
||||
- "traefik.http.routers.gitlab-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.routers.gitlab.rule=Host(`${CN}`)"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
@ -27,16 +27,9 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.synapse-web-svc.loadbalancer.server.port=8008"
|
||||
- "traefik.http.routers.synapse-https.service=synapse-web-svc"
|
||||
- "traefik.http.middlewares.synapse-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.synapse-http.middlewares=synapse-redirect-websecure"
|
||||
- "traefik.http.routers.synapse-http.rule=Host(`${SYNAPSE_CN}`)"
|
||||
- "traefik.http.routers.synapse-http.entrypoints=web"
|
||||
- "traefik.http.routers.synapse-https.rule=Host(`${SYNAPSE_CN}`)"
|
||||
- "traefik.http.routers.synapse-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.synapse-https.tls=true"
|
||||
- "traefik.http.routers.synapse-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.services.synapse-svc.loadbalancer.server.port=8008"
|
||||
- "traefik.http.routers.synapse.service=synapse-svc"
|
||||
- "traefik.http.routers.synapse.rule=Host(`${SYNAPSE_CN}`)"
|
||||
|
||||
db:
|
||||
image: postgres:13.9-alpine
|
||||
|
@ -30,16 +30,9 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.mm-web-svc.loadbalancer.server.port=8000"
|
||||
- "traefik.http.routers.mm-https.service=mm-web-svc"
|
||||
- "traefik.http.middlewares.mm-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.mm-http.middlewares=mm-redirect-websecure"
|
||||
- "traefik.http.routers.mm-http.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.mm-http.entrypoints=web"
|
||||
- "traefik.http.routers.mm-https.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.mm-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.mm-https.tls=true"
|
||||
- "traefik.http.routers.mm-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.services.mm-svc.loadbalancer.server.port=8000"
|
||||
- "traefik.http.routers.mm.service=mm-svc"
|
||||
- "traefik.http.routers.mm.rule=Host(`${CN}`)"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
@ -11,16 +11,9 @@ services:
|
||||
- JWT_ENABLED=true
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.middlewares.ds-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.ds-http.middlewares=ds-redirect-websecure"
|
||||
- "traefik.http.routers.ds-http.rule=Host(`${OOCN}`)"
|
||||
- "traefik.http.routers.ds-http.entrypoints=web"
|
||||
- "traefik.http.routers.ds-https.rule=Host(`${OOCN}`)"
|
||||
- "traefik.http.routers.ds-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.ds-https.tls=true"
|
||||
- "traefik.http.routers.ds-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.routers.documentserver.rule=Host(`${OOCN}`)"
|
||||
- "traefik.http.middlewares.ds-header.headers.customRequestHeaders.X-Forwarded-Proto=https"
|
||||
- "traefik.http.routers.ds-https.middlewares=ds-header"
|
||||
- "traefik.http.routers.documentserver.middlewares=ds-header"
|
||||
|
||||
redis:
|
||||
image: redis:6.2.1
|
||||
@ -63,19 +56,12 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.middlewares.nc-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.nc-http.middlewares=nc-redirect-websecure"
|
||||
- "traefik.http.routers.nc-http.rule=Host(`${NCCN}`,`${SAN1}`)"
|
||||
- "traefik.http.routers.nc-http.entrypoints=web"
|
||||
- "traefik.http.routers.nc-https.rule=Host(`${NCCN}`,`${SAN1}`)"
|
||||
- "traefik.http.routers.nc-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.nc-https.tls=true"
|
||||
- "traefik.http.routers.nc-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.routers.nc.rule=Host(`${NCCN}`,`${SAN1}`)"
|
||||
- "traefik.http.middlewares.nc-redirectregex.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
|
||||
- "traefik.http.middlewares.nc-redirectregex.redirectregex.replacement=https://$${1}/remote.php/dav/"
|
||||
- "traefik.http.middlewares.nc-redirectregex.redirectregex.permanent=true"
|
||||
- "traefik.http.routers.nc-https.middlewares=nc-redirectregex"
|
||||
- "traefik.http.routers.nc-https.middlewares=nc-Header"
|
||||
- "traefik.http.routers.nc.middlewares=nc-redirectregex"
|
||||
- "traefik.http.routers.nc.middlewares=nc-Header"
|
||||
- "traefik.http.middlewares.nc-Header.headers.stsSeconds=15552000"
|
||||
- "co.elastic.logs/module=apache"
|
||||
- "co.elastic.logs/fileset=access"
|
||||
|
@ -15,14 +15,7 @@ services:
|
||||
- /etc/timezone:/etc/timezone:ro
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.middlewares.docs-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.docs-http.middlewares=docs-redirect-websecure"
|
||||
- "traefik.http.routers.docs-http.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.docs-http.entrypoints=web"
|
||||
- "traefik.http.routers.docs-https.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.docs-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.docs-https.tls=true"
|
||||
- "traefik.http.routers.docs-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.routers.docs.rule=Host(`${CN}`)"
|
||||
- "co.elastic.logs/module=nginx"
|
||||
|
||||
networks:
|
||||
|
@ -24,14 +24,7 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.middlewares.rc-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.rc-http.middlewares=rc-redirect-websecure"
|
||||
- "traefik.http.routers.rc-http.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.rc-http.entrypoints=web"
|
||||
- "traefik.http.routers.rc-https.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.rc-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.rc-https.tls=true"
|
||||
- "traefik.http.routers.rc-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.routers.rc.rule=Host(`${CN}`)"
|
||||
- "co.elastic.logs/module=apache"
|
||||
- "co.elastic.logs/fileset=access"
|
||||
|
||||
|
@ -3,26 +3,15 @@ version: "3.8"
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.3.4
|
||||
command:
|
||||
- "--log.level=ERROR"
|
||||
# - "--api.insecure=true"
|
||||
- "--providers.docker=true"
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
- "--entrypoints.web.address=:80"
|
||||
- "--entrypoints.websecure.address=:443"
|
||||
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
|
||||
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
|
||||
- "--certificatesresolvers.myhttpchallenge.acme.email=${EMAIL}"
|
||||
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
|
||||
- "--accesslog=true"
|
||||
restart: always
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
# - 8080:8080
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ${DATA_PATH}:/letsencrypt
|
||||
- ${DATA_PATH}/letsencrypt:/letsencrypt
|
||||
- ${DATA_PATH}/traefik.toml:/traefik.toml
|
||||
- ${DATA_PATH}/traefik_dynamic.toml:/traefik_dynamic.toml
|
||||
container_name: traefik
|
||||
labels:
|
||||
- "co.elastic.logs/module=traefik"
|
||||
|
@ -26,14 +26,7 @@ services:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.middlewares.wp-redirect-websecure.redirectscheme.scheme=https"
|
||||
- "traefik.http.routers.wp-http.middlewares=wp-redirect-websecure"
|
||||
- "traefik.http.routers.wp-http.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.wp-http.entrypoints=web"
|
||||
- "traefik.http.routers.wp-https.rule=Host(`${CN}`)"
|
||||
- "traefik.http.routers.wp-https.entrypoints=websecure"
|
||||
- "traefik.http.routers.wp-https.tls=true"
|
||||
- "traefik.http.routers.wp-https.tls.certresolver=myhttpchallenge"
|
||||
- "traefik.http.routers.wp-valpo.rule=Host(`${CN}`)"
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
Loading…
Reference in New Issue
Block a user