diff --git a/hosts/ps10rp/traefik/.env b/hosts/ps10rp/traefik/.env deleted file mode 100644 index 528a16379..000000000 --- a/hosts/ps10rp/traefik/.env +++ /dev/null @@ -1,3 +0,0 @@ -CF_API_EMAIL=alexanderlebens@gmail.com -CF_API_KEY="" -PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin diff --git a/hosts/ps10rp/traefik/docker-compose.yml b/hosts/ps10rp/traefik/docker-compose.yml index 17974e0fd..1d32ff61a 100644 --- a/hosts/ps10rp/traefik/docker-compose.yml +++ b/hosts/ps10rp/traefik/docker-compose.yml @@ -1,48 +1,91 @@ +--- +version: "3.7" + services: + tailscale-traefik: + image: ghcr.io/tailscale/tailscale:latest + container_name: tailscale-traefik + cap_add: + - net_admin + - sys_module + environment: + - TS_STATE_DIR=/var/lib/tailscale + - TS_ENABLE_METRICS=true + - TS_HOSTNAME=traefik-ps10rp + env_file: + - .ts-env + network_mode: service:traefik + restart: always + volumes: + - tailscale:/var/lib/tailscale + devices: + - /dev/net/tun:/dev/net/tun + traefik: - command: traefik + image: ghcr.io/traefik/traefik:3.3.1 container_name: traefik - dns: - - 172.19.0.3 - - 1.1.1.1 + command: + - "--global.checkNewVersion=false" + - "--global.sendAnonymousUsage=false" + - "--api.insecure=false" + - "--api.dashboard=true" + - "--log.level=INFO" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entryPoints.web.address=:80" + - "--entrypoints.web.http.redirections.entryPoint.to=web-secure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--entryPoints.web-secure.address=:443" + - "--entryPoints.web-secure.http.tls.options=default" + - "--entryPoints.web-secure.http.tls.certResolver=cloudflare" + - "--entryPoints.web-secure.http.tls.domains[0].main=*.alexlebens.net" + - "--entryPoints.web-secure.http.tls.domains[0].sans[0]=alexlebens.net" + - "--certificatesresolvers.cloudflare.acme.dnschallenge=true" + - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare" + - "--certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=10" + - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53" + - "--certificatesresolvers.cloudflare.acme.email=alexanderlebens@gmail.com" + - "--certificatesresolvers.cloudflare.acme.storage=acme.json" + - "--metrics.prometheus=true" + - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" + - "--metrics.prometheus.addEntryPointsLabels=true" + - "--metrics.prometheus.addRoutersLabels=true" + - "--metrics.prometheus.addServicesLabels=true" + - "--metrics.prometheus.entryPoint=web-secure" + - "--metrics.prometheus.manualRouting=true" env_file: - .env - image: docker.io/traefik:v3.3 labels: - traefik.docker.network: traefik traefik.enable: true - traefik.http.routers.dashboard.entrypoints: websecure - traefik.http.routers.dashboard.rule: (Host(`traefik-ps10rp.lebens-home.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) + traefik.docker.network: internal + traefik.http.routers.dashboard.entrypoints: web-secure + traefik.http.routers.dashboard.rule: (Host(`traefik-ps10rp.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) traefik.http.routers.dashboard.service: api@internal traefik.http.routers.dashboard.tls: true traefik.http.routers.dashboard.tls.certresolver: cloudflare + traefik.http.routers.metrics.entrypoints: web-secure + traefik.http.routers.metrics.rule: (Host(`traefik-ps10rp.alexlebens.net`) && Path(`/metrics`)) + traefik.http.routers.metrics.service: prometheus@internal + traefik.http.routers.metrics.tls: true + traefik.http.routers.metrics.tls.certresolver: cloudflare networks: - traefik: null + internal: null ports: - 80:80 - 443:443 privileged: true restart: always volumes: - - config:/etc/traefik - - log:/log + - letsencrypt:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock:ro networks: - traefik: - name: traefik + internal: + name: internal + driver: bridge + ipam: + config: + - subnet: 172.18.0.0/16 volumes: - config: - driver: local - driver_opts: - type: none - o: bind - device: /mnt/data/containers/traefik/config - - log: - driver: local - driver_opts: - type: none - o: bind - device: /mnt/data/containers/traefik/log + letsencrypt: diff --git a/hosts/ps10rp/traefik/traefik_config/conf/iplocal.yml b/hosts/ps10rp/traefik/traefik_config/conf/iplocal.yml deleted file mode 100644 index a70c101bd..000000000 --- a/hosts/ps10rp/traefik/traefik_config/conf/iplocal.yml +++ /dev/null @@ -1,15 +0,0 @@ -http: - middlewares: - ip-local: - IPAllowList: - sourceRange: - - "192.168.1.1/16" - - "172.27.0.0/16" - -tcp: - middlewares: - ip-local: - IPAllowList: - sourceRange: - - "192.168.1.1/16" - - "172.27.0.0/16" diff --git a/hosts/ps10rp/traefik/traefik_config/conf/metrics.yml b/hosts/ps10rp/traefik/traefik_config/conf/metrics.yml deleted file mode 100644 index 3b02e5a23..000000000 --- a/hosts/ps10rp/traefik/traefik_config/conf/metrics.yml +++ /dev/null @@ -1,8 +0,0 @@ -http: - routers: - prometheus: - rule: "(Host(`traefik-ps10rp.alexlebens.net`) && Path(`/metrics`))" - entryPoints: websecure - service: prometheus@internal - middlewares: - - "ip-local@file" diff --git a/hosts/ps10rp/traefik/traefik_config/traefik.yml b/hosts/ps10rp/traefik/traefik_config/traefik.yml deleted file mode 100644 index 86af6d60b..000000000 --- a/hosts/ps10rp/traefik/traefik_config/traefik.yml +++ /dev/null @@ -1,113 +0,0 @@ -################################################################ -# Global -################################################################ - -global: - checkNewVersion: true - sendAnonymousUsage: false - -################################################################ -# EntryPoints -################################################################ - -entryPoints: - web: - address: :80 - http: - redirections: - entryPoint: - to: websecure - scheme: https - - websecure: - address: :443 - forwardedHeaders: - trustedIPs: - - "192.168.1.1/16" - proxyProtocol: - trustedIPs: - - "192.168.1.1/16" - http: - tls: - options: default - certResolver: cloudflare - domains: - - main: "*.lebens-home.net" - sans: - - "lebens-home.net" - middlewares: - - ip-local@file - -################################################################ -# Certificate Resolvers -################################################################ - -certificatesResolvers: - cloudflare: - acme: - email: alexanderlebens@gmail.com - storage: /etc/traefik/acme/acme.json - preferredChain: "ISRG Root X1" - dnsChallenge: - provider: cloudflare - delayBeforeCheck: "3" - resolvers: - - "1.1.1.1" - - "1.0.0.1" - -################################################################ -# Traefik logs -################################################################ - -log: - level: INFO - -################################################################ -# Access logs -################################################################ - -accessLog: {} - -################################################################ -# API and Dashboard -################################################################ - -api: - insecure: false - dashboard: true - -################################################################ -# Ping -################################################################ - -# ping: - -################################################################ -# Metrics -################################################################ - -metrics: - prometheus: - addEntryPointsLabels: true - addRoutersLabels: true - addServicesLabels: true - buckets: - - 0.1 - - 0.3 - - 1.2 - - 5.0 - entryPoint: websecure - manualRouting: true - -################################################################ -# Providers -################################################################ - -providers: - docker: - endpoint: "unix:///var/run/docker.sock" - exposedByDefault: false - - file: - directory: "/etc/traefik/conf" - watch: true