mirror of
https://github.com/atareao/self-hosted.git
synced 2024-06-29 18:45:38 +02:00
⚡ mprove traefik
This commit is contained in:
parent
e545efa02f
commit
f9974dbdb3
|
@ -1,13 +1,40 @@
|
|||
# Installation
|
||||
|
||||
Prerequisites,
|
||||
|
||||
```bash
|
||||
sudo apt install apache2-utils
|
||||
```
|
||||
|
||||
```
|
||||
git clone https://github.com/atareao/self-hosted.git
|
||||
cd self-hosted/traefik
|
||||
```
|
||||
|
||||
Change `FQDN` for your server in `.env`,
|
||||
|
||||
```bash
|
||||
cp sample.env .env
|
||||
cp sample.traefik.yml traefik.yml
|
||||
touch acme.json
|
||||
chmod 600 acme.json
|
||||
htpasswd -nb usuario contraseña >> users.txt
|
||||
```
|
||||
|
||||
|
||||
Generate credentials for your user,
|
||||
|
||||
```bash
|
||||
htpasswd -nb usuario contraseña >> config/users.txt
|
||||
```
|
||||
|
||||
|
||||
Change the email for letsencrypt,
|
||||
|
||||
```bash
|
||||
sed -i "s/tu@correo.es/<tu-correo>/g" config/traefik.yml
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
```bash
|
||||
docker network create proxy
|
||||
docker-compose up -d
|
||||
docker-compose logs -f
|
||||
|
|
0
traefik/config/acme.json
Normal file
0
traefik/config/acme.json
Normal file
26
traefik/config/dynamic.yml
Normal file
26
traefik/config/dynamic.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
http:
|
||||
middlewares:
|
||||
myauth:
|
||||
basicAuth:
|
||||
users:
|
||||
- "user:XXXXXXXXXXXXXXXXXXXXXX"
|
||||
# torblock:
|
||||
# plugin:
|
||||
# torblock:
|
||||
# enabled: true
|
||||
# mygeoblock:
|
||||
# plugin:
|
||||
# GeoBlock:
|
||||
# allowLocalRequests: true
|
||||
# logLocalRequests: false
|
||||
# logAllowedRequests: false
|
||||
# logApiRequests: false
|
||||
# api: "https://get.geojs.io/v1/ip/country/{ip}"
|
||||
# apiTimeoutMs: 500
|
||||
# cacheSize: 25
|
||||
# forceMonthlyUpdate: true
|
||||
# allowUnknownCountries: false
|
||||
# unknownCountryApiResponse: "nil"
|
||||
# countries:
|
||||
# - ES
|
||||
# - US
|
71
traefik/config/traefik.yml
Normal file
71
traefik/config/traefik.yml
Normal file
|
@ -0,0 +1,71 @@
|
|||
api:
|
||||
dashboard: true
|
||||
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: websecure
|
||||
scheme: https
|
||||
permanent: true
|
||||
websecure:
|
||||
address: ":443"
|
||||
http:
|
||||
tls:
|
||||
certresolver: letsencrypt
|
||||
# middlewares:
|
||||
# - mygeoblock@file
|
||||
# - torblock@file
|
||||
|
||||
serversTransport:
|
||||
maxIdleConnsPerHost: 1
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: true
|
||||
network: proxy
|
||||
file:
|
||||
filename: /dynamic.yml
|
||||
|
||||
log:
|
||||
level: INFO
|
||||
filePath: "/var/log/traefik/traefik.log"
|
||||
accessLog:
|
||||
filePath: "/var/log/traefik/access.log"
|
||||
bufferingSize: 100
|
||||
fields:
|
||||
defaultMode: keep
|
||||
names:
|
||||
ClientUsername: keep
|
||||
headers:
|
||||
defaultMode: keep
|
||||
names:
|
||||
Content-Type: keep
|
||||
X-Forwarded-For: keep
|
||||
filters:
|
||||
statusCodes:
|
||||
- "300-302"
|
||||
- "400-409"
|
||||
retryAttempts: true
|
||||
minDuration: "10ms"
|
||||
|
||||
|
||||
certificatesResolvers:
|
||||
letsencrypt:
|
||||
acme:
|
||||
email: tu@correo.es
|
||||
storage: acme.json
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
|
||||
#experimental:
|
||||
# plugins:
|
||||
# GeoBlock:
|
||||
# moduleName: "github.com/PascalMinder/geoblock"
|
||||
# version: "v0.2.5"
|
||||
# torblock:
|
||||
# moduleName: "github.com/jpxd/torblock"
|
||||
# version: "v0.1.1"
|
0
traefik/config/users.txt
Normal file
0
traefik/config/users.txt
Normal file
|
@ -1,9 +1,10 @@
|
|||
version: '3'
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.7.1
|
||||
image: traefik:v2.10
|
||||
container_name: traefik
|
||||
init: true
|
||||
restart: unless-stopped
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
|
@ -12,22 +13,25 @@ services:
|
|||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
environment:
|
||||
- TZ=Europe/Madrid
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./traefik.yml:/traefik.yml:ro
|
||||
- ./users.txt:/users.txt:ro
|
||||
- ./acme.json:/acme.json
|
||||
- ./config/traefik.yml:/traefik.yml:ro
|
||||
- ./config/dynamic.yml:/dynamic.yml:ro
|
||||
- ./config/users.txt:/users.txt:ro
|
||||
- ./config/acme.json:/acme.json
|
||||
- logs:/var/log/traefik
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.middlewares.basicauth.basicauth.usersfile=/users.txt
|
||||
- traefik.http.services.traefik.loadbalancer.server.port=80
|
||||
- traefik.http.routers.traefik-secure.entrypoints=websecure
|
||||
- traefik.http.routers.traefik-secure.rule=Host(`${HOSTNAME}`)
|
||||
- traefik.http.routers.traefik-secure.middlewares=basicauth
|
||||
- traefik.http.routers.traefik-secure.tls=true
|
||||
- traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt
|
||||
- traefik.http.routers.traefik-secure.rule=Host(`${FQDN}`)
|
||||
- traefik.http.routers.traefik-secure.middlewares=myauth@file
|
||||
- traefik.http.routers.traefik-secure.service=api@internal
|
||||
|
||||
volumes:
|
||||
logs: {}
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
|
|
|
@ -1 +1 @@
|
|||
HOSTNAME=traefik.tuservidor.es
|
||||
FQDN=traefik.tuservidor.es
|
||||
|
|
|
@ -1,35 +0,0 @@
|
|||
api:
|
||||
dashboard: true
|
||||
|
||||
entryPoints:
|
||||
web:
|
||||
address: ":80"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: websecure
|
||||
permanent: true
|
||||
websecure:
|
||||
address: ":443"
|
||||
git:
|
||||
address: ":2222"
|
||||
|
||||
serversTransport:
|
||||
maxIdleConnsPerHost: 1
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: false
|
||||
network: proxy
|
||||
|
||||
log:
|
||||
level: INFO
|
||||
|
||||
certificatesResolvers:
|
||||
letsencrypt:
|
||||
acme:
|
||||
email: tucorreo@electronico.es
|
||||
storage: acme.json
|
||||
httpChallenge:
|
||||
entryPoint: web
|
|
@ -1 +0,0 @@
|
|||
admin:$apr1$vDMyFYgA$PAoUx5F1Y5ZLdCGWLx62y/
|
Loading…
Reference in New Issue
Block a user