diff --git a/hosts/ps08rp/traefik/compose.yml b/hosts/ps08rp/traefik/compose.yml index fe8400d7f..4f32cc32b 100644 --- a/hosts/ps08rp/traefik/compose.yml +++ b/hosts/ps08rp/traefik/compose.yml @@ -1,18 +1,54 @@ +--- +version: "3.7" + services: traefik: - command: traefik + image: docker.io/traefik:v3.3 container_name: traefik + command: + - "--global.checkNewVersion=false" + - "--global.sendAnonymousUsage=false" + - "--api.insecure=false" + - "--api.dashboard=true" + - "--log.level=INFO" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entryPoints.web.address=:80" + - "--entrypoints.web.http.redirections.entryPoint.to=web-secure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--entryPoints.web-secure.address=:443" + - "--entryPoints.web-secure.http.tls.options=default" + - "--entryPoints.web-secure.http.tls.certResolver=cloudflare" + - "--entryPoints.web-secure.http.tls.domains[0].main=*.alexlebens.net" + - "--entryPoints.web-secure.http.tls.domains[0].sans[0]=alexlebens.net" + - "--certificatesresolvers.cloudflare.acme.dnschallenge=true" + - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare" + - "--certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=10" + - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53" + - "--certificatesresolvers.cloudflare.acme.email=alexanderlebens@gmail.com" + - "--certificatesresolvers.cloudflare.acme.storage=acme.json" + - "--metrics.prometheus=true" + - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" + - "--metrics.prometheus.addEntryPointsLabels=true" + - "--metrics.prometheus.addRoutersLabels=true" + - "--metrics.prometheus.addServicesLabels=true" + - "--metrics.prometheus.entryPoint=web-secure" + - "--metrics.prometheus.manualRouting=true" env_file: - .env - image: docker.io/traefik:v3.2 labels: - traefik.docker.network: traefik traefik.enable: true - traefik.http.routers.dashboard.entrypoints: websecure + traefik.docker.network: internal + traefik.http.routers.dashboard.entrypoints: web-secure traefik.http.routers.dashboard.rule: (Host(`traefik-ps08rp.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) traefik.http.routers.dashboard.service: api@internal traefik.http.routers.dashboard.tls: true traefik.http.routers.dashboard.tls.certresolver: cloudflare + traefik.http.routers.metrics.entrypoints: web-secure + traefik.http.routers.metrics.rule: (Host(`traefik-ps08rp.alexlebens.net`) && Path(`/metrics`)) + traefik.http.routers.metrics.service: prometheus@internal + traefik.http.routers.metrics.tls: true + traefik.http.routers.metrics.tls.certresolver: cloudflare networks: internal: null ports: @@ -21,9 +57,12 @@ services: privileged: true restart: always volumes: - - ./traefik_config:/etc/traefik + - letsencrypt:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock:ro networks: internal: name: internal + +volumes: + letsencrypt: diff --git a/hosts/ps08rp/traefik/traefik_config/conf/iplocal.yml b/hosts/ps08rp/traefik/traefik_config/conf/iplocal.yml deleted file mode 100644 index a70c101bd..000000000 --- a/hosts/ps08rp/traefik/traefik_config/conf/iplocal.yml +++ /dev/null @@ -1,15 +0,0 @@ -http: - middlewares: - ip-local: - IPAllowList: - sourceRange: - - "192.168.1.1/16" - - "172.27.0.0/16" - -tcp: - middlewares: - ip-local: - IPAllowList: - sourceRange: - - "192.168.1.1/16" - - "172.27.0.0/16" diff --git a/hosts/ps08rp/traefik/traefik_config/conf/metrics.yml b/hosts/ps08rp/traefik/traefik_config/conf/metrics.yml deleted file mode 100644 index cd777dcc4..000000000 --- a/hosts/ps08rp/traefik/traefik_config/conf/metrics.yml +++ /dev/null @@ -1,8 +0,0 @@ -http: - routers: - prometheus: - rule: "(Host(`traefik-ps08rp.alexlebens.net`) && Path(`/metrics`))" - entryPoints: websecure - service: prometheus@internal - middlewares: - - "ip-local@file" diff --git a/hosts/ps08rp/traefik/traefik_config/traefik.yml b/hosts/ps08rp/traefik/traefik_config/traefik.yml deleted file mode 100644 index bf702d183..000000000 --- a/hosts/ps08rp/traefik/traefik_config/traefik.yml +++ /dev/null @@ -1,113 +0,0 @@ -################################################################ -# Global -################################################################ - -global: - checkNewVersion: false - sendAnonymousUsage: false - -################################################################ -# EntryPoints -################################################################ - -entryPoints: - web: - address: :80 - http: - redirections: - entryPoint: - to: websecure - scheme: https - - websecure: - address: :443 - forwardedHeaders: - trustedIPs: - - "192.168.1.1/16" - proxyProtocol: - trustedIPs: - - "192.168.1.1/16" - http: - tls: - options: default - certResolver: cloudflare - domains: - - main: "*.alexlebens.net" - sans: - - "alexlebens.net" - middlewares: - - ip-local@file - -################################################################ -# Certificate Resolvers -################################################################ - -certificatesResolvers: - cloudflare: - acme: - email: alexanderlebens@gmail.com - storage: /etc/traefik/acme/acme.json - preferredChain: "ISRG Root X1" - dnsChallenge: - provider: cloudflare - delayBeforeCheck: "3" - resolvers: - - "1.1.1.1" - - "1.0.0.1" - -################################################################ -# Traefik logs -################################################################ - -log: - level: INFO - -################################################################ -# Access logs -################################################################ - -accessLog: {} - -################################################################ -# API and Dashboard -################################################################ - -api: - insecure: false - dashboard: true - -################################################################ -# Ping -################################################################ - -# ping: - -################################################################ -# Metrics -################################################################ - -metrics: - prometheus: - addEntryPointsLabels: true - addRoutersLabels: true - addServicesLabels: true - buckets: - - 0.1 - - 0.3 - - 1.2 - - 5.0 - entryPoint: websecure - manualRouting: true - -################################################################ -# Providers -################################################################ - -providers: - docker: - endpoint: "unix:///var/run/docker.sock" - exposedByDefault: false - - file: - directory: "/etc/traefik/conf" - watch: true diff --git a/hosts/ps09rp/traefik/compose.yml b/hosts/ps09rp/traefik/compose.yml index c1d276562..a5eddb1e8 100644 --- a/hosts/ps09rp/traefik/compose.yml +++ b/hosts/ps09rp/traefik/compose.yml @@ -1,18 +1,54 @@ +--- +version: "3.7" + services: traefik: - command: traefik + image: docker.io/traefik:v3.3 container_name: traefik + command: + - "--global.checkNewVersion=false" + - "--global.sendAnonymousUsage=false" + - "--api.insecure=false" + - "--api.dashboard=true" + - "--log.level=INFO" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entryPoints.web.address=:80" + - "--entrypoints.web.http.redirections.entryPoint.to=web-secure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--entryPoints.web-secure.address=:443" + - "--entryPoints.web-secure.http.tls.options=default" + - "--entryPoints.web-secure.http.tls.certResolver=cloudflare" + - "--entryPoints.web-secure.http.tls.domains[0].main=*.alexlebens.net" + - "--entryPoints.web-secure.http.tls.domains[0].sans[0]=alexlebens.net" + - "--certificatesresolvers.cloudflare.acme.dnschallenge=true" + - "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare" + - "--certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=10" + - "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1:53" + - "--certificatesresolvers.cloudflare.acme.email=alexanderlebens@gmail.com" + - "--certificatesresolvers.cloudflare.acme.storage=acme.json" + - "--metrics.prometheus=true" + - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0" + - "--metrics.prometheus.addEntryPointsLabels=true" + - "--metrics.prometheus.addRoutersLabels=true" + - "--metrics.prometheus.addServicesLabels=true" + - "--metrics.prometheus.entryPoint=web-secure" + - "--metrics.prometheus.manualRouting=true" env_file: - .env - image: docker.io/traefik:v3.2 labels: - traefik.docker.network: traefik traefik.enable: true - traefik.http.routers.dashboard.entrypoints: websecure + traefik.docker.network: internal + traefik.http.routers.dashboard.entrypoints: web-secure traefik.http.routers.dashboard.rule: (Host(`traefik-ps09rp.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) traefik.http.routers.dashboard.service: api@internal traefik.http.routers.dashboard.tls: true traefik.http.routers.dashboard.tls.certresolver: cloudflare + traefik.http.routers.metrics.entrypoints: web-secure + traefik.http.routers.metrics.rule: (Host(`traefik-ps09rp.alexlebens.net`) && Path(`/metrics`)) + traefik.http.routers.metrics.service: prometheus@internal + traefik.http.routers.metrics.tls: true + traefik.http.routers.metrics.tls.certresolver: cloudflare networks: internal: null ports: @@ -21,9 +57,12 @@ services: privileged: true restart: always volumes: - - ./traefik_config:/etc/traefik + - letsencrypt:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock:ro networks: internal: name: internal + +volumes: + letsencrypt: diff --git a/hosts/ps09rp/traefik/traefik_config/conf/iplocal.yml b/hosts/ps09rp/traefik/traefik_config/conf/iplocal.yml deleted file mode 100644 index a70c101bd..000000000 --- a/hosts/ps09rp/traefik/traefik_config/conf/iplocal.yml +++ /dev/null @@ -1,15 +0,0 @@ -http: - middlewares: - ip-local: - IPAllowList: - sourceRange: - - "192.168.1.1/16" - - "172.27.0.0/16" - -tcp: - middlewares: - ip-local: - IPAllowList: - sourceRange: - - "192.168.1.1/16" - - "172.27.0.0/16" diff --git a/hosts/ps09rp/traefik/traefik_config/conf/metrics.yml b/hosts/ps09rp/traefik/traefik_config/conf/metrics.yml deleted file mode 100644 index a117c8b72..000000000 --- a/hosts/ps09rp/traefik/traefik_config/conf/metrics.yml +++ /dev/null @@ -1,8 +0,0 @@ -http: - routers: - prometheus: - rule: "(Host(`traefik-ps09rp.alexlebens.net`) && Path(`/metrics`))" - entryPoints: websecure - service: prometheus@internal - middlewares: - - "ip-local@file" diff --git a/hosts/ps09rp/traefik/traefik_config/traefik.yml b/hosts/ps09rp/traefik/traefik_config/traefik.yml deleted file mode 100644 index bf702d183..000000000 --- a/hosts/ps09rp/traefik/traefik_config/traefik.yml +++ /dev/null @@ -1,113 +0,0 @@ -################################################################ -# Global -################################################################ - -global: - checkNewVersion: false - sendAnonymousUsage: false - -################################################################ -# EntryPoints -################################################################ - -entryPoints: - web: - address: :80 - http: - redirections: - entryPoint: - to: websecure - scheme: https - - websecure: - address: :443 - forwardedHeaders: - trustedIPs: - - "192.168.1.1/16" - proxyProtocol: - trustedIPs: - - "192.168.1.1/16" - http: - tls: - options: default - certResolver: cloudflare - domains: - - main: "*.alexlebens.net" - sans: - - "alexlebens.net" - middlewares: - - ip-local@file - -################################################################ -# Certificate Resolvers -################################################################ - -certificatesResolvers: - cloudflare: - acme: - email: alexanderlebens@gmail.com - storage: /etc/traefik/acme/acme.json - preferredChain: "ISRG Root X1" - dnsChallenge: - provider: cloudflare - delayBeforeCheck: "3" - resolvers: - - "1.1.1.1" - - "1.0.0.1" - -################################################################ -# Traefik logs -################################################################ - -log: - level: INFO - -################################################################ -# Access logs -################################################################ - -accessLog: {} - -################################################################ -# API and Dashboard -################################################################ - -api: - insecure: false - dashboard: true - -################################################################ -# Ping -################################################################ - -# ping: - -################################################################ -# Metrics -################################################################ - -metrics: - prometheus: - addEntryPointsLabels: true - addRoutersLabels: true - addServicesLabels: true - buckets: - - 0.1 - - 0.3 - - 1.2 - - 5.0 - entryPoint: websecure - manualRouting: true - -################################################################ -# Providers -################################################################ - -providers: - docker: - endpoint: "unix:///var/run/docker.sock" - exposedByDefault: false - - file: - directory: "/etc/traefik/conf" - watch: true