Centralise into an app definition

2020-05-11 01:43:51 +02:00
parent c06ac8fe4f
commit ff5a1bc213
5 changed files with 8 additions and 0 deletions
--- a/traefik.dockerapp/docker-compose.yml
+++ b/traefik.dockerapp/docker-compose.yml
@ -0,0 +1,49 @@
+---
+version: "3.8"
+
+services:
+  traefik:
+    image: "traefik:v2.2"
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "letsencrypt:/etc/letsencrypt"
+    configs:
+      - source: traefik-yml-prod-v1
+        target: /etc/traefik/traefik.yml
+      - source: file-provider-prod-v1
+        target: /etc/traefik/file-provider.yml
+    networks:
+      - proxy
+    deploy:
+      mode: replicated
+      replicas: 1
+      update_config:
+        failure_action: rollback
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.traefik.loadbalancer.server.port=web"
+        - "traefik.http.routers.traefik.rule=Host(`traefik.swarm.autonomic.zone`)"
+        - "traefik.http.routers.traefik.entrypoints=web-secure"
+        - "traefik.http.routers.traefik.tls.certresolver=staging"
+        - "traefik.http.routers.traefik.service=api@internal"
+        - "traefik.http.routers.traefik.middlewares=keycloak@file"
+
+networks:
+  proxy:
+    external: true
+
+configs:
+  traefik-yml-prod-v1:
+    file: traefik.yml
+  file-provider-prod-v1:
+    file: file-provider.yml
+
+volumes:
+  letsencrypt:
--- a/traefik.dockerapp/file-provider.yml
+++ b/traefik.dockerapp/file-provider.yml
@ -0,0 +1,9 @@
+---
+http:
+  middlewares:
+    keycloak:
+      forwardAuth:
+        address: "http://traefik-forward-auth:4181"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-Forwarded-User
--- a/traefik.dockerapp/metadata.yml
+++ b/traefik.dockerapp/metadata.yml
@ -0,0 +1,7 @@
+---
+version: 0.1.0
+name: traefik
+description: Open source edge router
+maintainers:
+  - name: decentral1se
+    email: lukewm@riseup.net
--- a/traefik.dockerapp/parameters.yml
+++ b/traefik.dockerapp/parameters.yml
@ -0,0 +1 @@
+---
--- a/traefik.dockerapp/traefik.yml
+++ b/traefik.dockerapp/traefik.yml
@ -0,0 +1,41 @@
+---
+log:
+  level: INFO
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    network: proxy
+    swarmMode: true
+  file:
+    filename: /etc/traefik/file-provider.yml
+
+api:
+  dashboard: true
+  debug: true
+
+entrypoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: web-secure
+  web-secure:
+    address: ":443"
+
+certificatesResolvers:
+  staging:
+    acme:
+      email: helo@autonomic.zone
+      storage: /etc/letsencrypt/staging-acme.json
+      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      httpChallenge:
+        entryPoint: web
+  production:
+    acme:
+      email: helo@autonomic.zone
+      storage: /etc/letsencrypt/production-acme.json
+      httpChallenge:
+        entryPoint: web