mirror of
https://github.com/atareao/self-hosted.git
synced 2024-07-03 20:45:39 +02:00
⚡ mprove traefik
This commit is contained in:
parent
e545efa02f
commit
f9974dbdb3
|
@ -1,13 +1,40 @@
|
||||||
# Installation
|
# Installation
|
||||||
|
|
||||||
|
Prerequisites,
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt install apache2-utils
|
||||||
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
git clone https://github.com/atareao/self-hosted.git
|
git clone https://github.com/atareao/self-hosted.git
|
||||||
cd self-hosted/traefik
|
cd self-hosted/traefik
|
||||||
|
```
|
||||||
|
|
||||||
|
Change `FQDN` for your server in `.env`,
|
||||||
|
|
||||||
|
```bash
|
||||||
cp sample.env .env
|
cp sample.env .env
|
||||||
cp sample.traefik.yml traefik.yml
|
```
|
||||||
touch acme.json
|
|
||||||
chmod 600 acme.json
|
|
||||||
htpasswd -nb usuario contraseña >> users.txt
|
Generate credentials for your user,
|
||||||
|
|
||||||
|
```bash
|
||||||
|
htpasswd -nb usuario contraseña >> config/users.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
Change the email for letsencrypt,
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sed -i "s/tu@correo.es/<tu-correo>/g" config/traefik.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
```bash
|
||||||
docker network create proxy
|
docker network create proxy
|
||||||
docker-compose up -d
|
docker-compose up -d
|
||||||
docker-compose logs -f
|
docker-compose logs -f
|
||||||
|
|
0
traefik/config/acme.json
Normal file
0
traefik/config/acme.json
Normal file
26
traefik/config/dynamic.yml
Normal file
26
traefik/config/dynamic.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
http:
|
||||||
|
middlewares:
|
||||||
|
myauth:
|
||||||
|
basicAuth:
|
||||||
|
users:
|
||||||
|
- "user:XXXXXXXXXXXXXXXXXXXXXX"
|
||||||
|
# torblock:
|
||||||
|
# plugin:
|
||||||
|
# torblock:
|
||||||
|
# enabled: true
|
||||||
|
# mygeoblock:
|
||||||
|
# plugin:
|
||||||
|
# GeoBlock:
|
||||||
|
# allowLocalRequests: true
|
||||||
|
# logLocalRequests: false
|
||||||
|
# logAllowedRequests: false
|
||||||
|
# logApiRequests: false
|
||||||
|
# api: "https://get.geojs.io/v1/ip/country/{ip}"
|
||||||
|
# apiTimeoutMs: 500
|
||||||
|
# cacheSize: 25
|
||||||
|
# forceMonthlyUpdate: true
|
||||||
|
# allowUnknownCountries: false
|
||||||
|
# unknownCountryApiResponse: "nil"
|
||||||
|
# countries:
|
||||||
|
# - ES
|
||||||
|
# - US
|
71
traefik/config/traefik.yml
Normal file
71
traefik/config/traefik.yml
Normal file
|
@ -0,0 +1,71 @@
|
||||||
|
api:
|
||||||
|
dashboard: true
|
||||||
|
|
||||||
|
entryPoints:
|
||||||
|
web:
|
||||||
|
address: ":80"
|
||||||
|
http:
|
||||||
|
redirections:
|
||||||
|
entryPoint:
|
||||||
|
to: websecure
|
||||||
|
scheme: https
|
||||||
|
permanent: true
|
||||||
|
websecure:
|
||||||
|
address: ":443"
|
||||||
|
http:
|
||||||
|
tls:
|
||||||
|
certresolver: letsencrypt
|
||||||
|
# middlewares:
|
||||||
|
# - mygeoblock@file
|
||||||
|
# - torblock@file
|
||||||
|
|
||||||
|
serversTransport:
|
||||||
|
maxIdleConnsPerHost: 1
|
||||||
|
|
||||||
|
providers:
|
||||||
|
docker:
|
||||||
|
endpoint: "unix:///var/run/docker.sock"
|
||||||
|
exposedByDefault: true
|
||||||
|
network: proxy
|
||||||
|
file:
|
||||||
|
filename: /dynamic.yml
|
||||||
|
|
||||||
|
log:
|
||||||
|
level: INFO
|
||||||
|
filePath: "/var/log/traefik/traefik.log"
|
||||||
|
accessLog:
|
||||||
|
filePath: "/var/log/traefik/access.log"
|
||||||
|
bufferingSize: 100
|
||||||
|
fields:
|
||||||
|
defaultMode: keep
|
||||||
|
names:
|
||||||
|
ClientUsername: keep
|
||||||
|
headers:
|
||||||
|
defaultMode: keep
|
||||||
|
names:
|
||||||
|
Content-Type: keep
|
||||||
|
X-Forwarded-For: keep
|
||||||
|
filters:
|
||||||
|
statusCodes:
|
||||||
|
- "300-302"
|
||||||
|
- "400-409"
|
||||||
|
retryAttempts: true
|
||||||
|
minDuration: "10ms"
|
||||||
|
|
||||||
|
|
||||||
|
certificatesResolvers:
|
||||||
|
letsencrypt:
|
||||||
|
acme:
|
||||||
|
email: tu@correo.es
|
||||||
|
storage: acme.json
|
||||||
|
httpChallenge:
|
||||||
|
entryPoint: web
|
||||||
|
|
||||||
|
#experimental:
|
||||||
|
# plugins:
|
||||||
|
# GeoBlock:
|
||||||
|
# moduleName: "github.com/PascalMinder/geoblock"
|
||||||
|
# version: "v0.2.5"
|
||||||
|
# torblock:
|
||||||
|
# moduleName: "github.com/jpxd/torblock"
|
||||||
|
# version: "v0.1.1"
|
0
traefik/config/users.txt
Normal file
0
traefik/config/users.txt
Normal file
|
@ -1,9 +1,10 @@
|
||||||
version: '3'
|
version: "3.7"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
traefik:
|
traefik:
|
||||||
image: traefik:v2.7.1
|
image: traefik:v2.10
|
||||||
container_name: traefik
|
container_name: traefik
|
||||||
|
init: true
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
security_opt:
|
security_opt:
|
||||||
- no-new-privileges:true
|
- no-new-privileges:true
|
||||||
|
@ -12,22 +13,25 @@ services:
|
||||||
ports:
|
ports:
|
||||||
- 80:80
|
- 80:80
|
||||||
- 443:443
|
- 443:443
|
||||||
|
environment:
|
||||||
|
- TZ=Europe/Madrid
|
||||||
volumes:
|
volumes:
|
||||||
- /etc/localtime:/etc/localtime:ro
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
- ./traefik.yml:/traefik.yml:ro
|
- ./config/traefik.yml:/traefik.yml:ro
|
||||||
- ./users.txt:/users.txt:ro
|
- ./config/dynamic.yml:/dynamic.yml:ro
|
||||||
- ./acme.json:/acme.json
|
- ./config/users.txt:/users.txt:ro
|
||||||
|
- ./config/acme.json:/acme.json
|
||||||
|
- logs:/var/log/traefik
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.middlewares.basicauth.basicauth.usersfile=/users.txt
|
- traefik.http.services.traefik.loadbalancer.server.port=80
|
||||||
- traefik.http.routers.traefik-secure.entrypoints=websecure
|
- traefik.http.routers.traefik-secure.entrypoints=websecure
|
||||||
- traefik.http.routers.traefik-secure.rule=Host(`${HOSTNAME}`)
|
- traefik.http.routers.traefik-secure.rule=Host(`${FQDN}`)
|
||||||
- traefik.http.routers.traefik-secure.middlewares=basicauth
|
- traefik.http.routers.traefik-secure.middlewares=myauth@file
|
||||||
- traefik.http.routers.traefik-secure.tls=true
|
|
||||||
- traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt
|
|
||||||
- traefik.http.routers.traefik-secure.service=api@internal
|
- traefik.http.routers.traefik-secure.service=api@internal
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
logs: {}
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
HOSTNAME=traefik.tuservidor.es
|
FQDN=traefik.tuservidor.es
|
||||||
|
|
|
@ -1,35 +0,0 @@
|
||||||
api:
|
|
||||||
dashboard: true
|
|
||||||
|
|
||||||
entryPoints:
|
|
||||||
web:
|
|
||||||
address: ":80"
|
|
||||||
http:
|
|
||||||
redirections:
|
|
||||||
entryPoint:
|
|
||||||
to: websecure
|
|
||||||
permanent: true
|
|
||||||
websecure:
|
|
||||||
address: ":443"
|
|
||||||
git:
|
|
||||||
address: ":2222"
|
|
||||||
|
|
||||||
serversTransport:
|
|
||||||
maxIdleConnsPerHost: 1
|
|
||||||
|
|
||||||
providers:
|
|
||||||
docker:
|
|
||||||
endpoint: "unix:///var/run/docker.sock"
|
|
||||||
exposedByDefault: false
|
|
||||||
network: proxy
|
|
||||||
|
|
||||||
log:
|
|
||||||
level: INFO
|
|
||||||
|
|
||||||
certificatesResolvers:
|
|
||||||
letsencrypt:
|
|
||||||
acme:
|
|
||||||
email: tucorreo@electronico.es
|
|
||||||
storage: acme.json
|
|
||||||
httpChallenge:
|
|
||||||
entryPoint: web
|
|
|
@ -1 +0,0 @@
|
||||||
admin:$apr1$vDMyFYgA$PAoUx5F1Y5ZLdCGWLx62y/
|
|
Loading…
Reference in New Issue
Block a user