diff --git a/docker-compose/traefik/compose.yaml b/docker-compose/traefik/compose.yaml index 8e8e0c3..9beddf0 100644 --- a/docker-compose/traefik/compose.yaml +++ b/docker-compose/traefik/compose.yaml @@ -11,14 +11,14 @@ services: # <-- volumes: - /run/docker.sock:/run/docker.sock:ro - - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro - - ./data/certs/:/var/traefik/certs/:rw - - ./config/conf.d/:/etc/traefik/conf.d/:ro + - ./config/:/etc/traefik/:ro + - ./certs/:/var/traefik/certs/:rw environment: - CF_DNS_API_TOKEN=your-cloudflare-api-token # <-- Change this to your Cloudflare API Token networks: - frontend restart: unless-stopped + networks: frontend: external: true # <-- (Optional) Change this to false if you want to create a new network diff --git a/docker-compose/traefik/config/conf.d/externalservice.yaml b/docker-compose/traefik/config/conf.d/externalservice.yaml deleted file mode 100644 index dc7bff5..0000000 --- a/docker-compose/traefik/config/conf.d/externalservice.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -http: - # -- Change Router Configuration here... - routers: - your-local-router: - rule: "Host(`your-local-service.your-domain.com`)" # <-- Change Rules here... - service: your-local-service # <-- Change Service Name here... - priority: 1000 # <-- (Optional) Change Routing Priority here... - entryPoints: - - web - - websecure - tls: - certResolver: cloudflare - - # -- Change Service Configuration here... - services: - your-local-service: # <-- Change Service Name here... - loadBalancer: - servers: - - url: "http://your-local-service:port" # <-- Change Target Service URL here... diff --git a/docker-compose/traefik/config/conf.d/tls.yaml b/docker-compose/traefik/config/conf.d/tls.yaml deleted file mode 100644 index 3bf9464..0000000 --- a/docker-compose/traefik/config/conf.d/tls.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# -- Change TLS Configuration here... -tls: - options: - default: - minVersion: VersionTLS12 - sniStrict: true - curvePreferences: - - CurveP256 - - CurveP384 - - CurveP521 - cipherSuites: - - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 diff --git a/docker-compose/traefik/config/example.externalservice.yaml b/docker-compose/traefik/config/example.externalservice.yaml new file mode 100644 index 0000000..04a0505 --- /dev/null +++ b/docker-compose/traefik/config/example.externalservice.yaml @@ -0,0 +1,21 @@ +# --> (Example) Expose an external service using Traefik... +# http: +# # -- Change Router Configuration here... +# routers: +# your-local-router: +# rule: "Host(`your-local-service.your-domain.com`)" # <-- Change Rules here... +# service: your-local-service # <-- Change Service Name here... +# priority: 1000 # <-- (Optional) Change Routing Priority here... +# entryPoints: +# - web +# - websecure +# tls: +# certResolver: cloudflare +# +# # -- Change Service Configuration here... +# services: +# your-local-service: # <-- Change Service Name here... +# loadBalancer: +# servers: +# - url: "http://your-local-service:port" # <-- Change Target Service URL here... +# <-- diff --git a/docker-compose/traefik/config/conf.d/middleware-authentik.yaml b/docker-compose/traefik/config/example.middleware-authentik.yaml similarity index 89% rename from docker-compose/traefik/config/conf.d/middleware-authentik.yaml rename to docker-compose/traefik/config/example.middleware-authentik.yaml index 6a1c451..069febd 100644 --- a/docker-compose/traefik/config/conf.d/middleware-authentik.yaml +++ b/docker-compose/traefik/config/example.middleware-authentik.yaml @@ -1,4 +1,4 @@ -# --> (Optional) Securely expose apps using the Traefik proxy outpost... +# --> (Example) Securely expose apps using the Traefik proxy outpost... # http: # middlewares: # authentik-middleware: diff --git a/docker-compose/traefik/config/conf.d/middleware-passbolt.yaml b/docker-compose/traefik/config/example.middleware-passbolt.yaml similarity index 100% rename from docker-compose/traefik/config/conf.d/middleware-passbolt.yaml rename to docker-compose/traefik/config/example.middleware-passbolt.yaml diff --git a/docker-compose/traefik/config/example.tls.yaml b/docker-compose/traefik/config/example.tls.yaml new file mode 100644 index 0000000..973f1c0 --- /dev/null +++ b/docker-compose/traefik/config/example.tls.yaml @@ -0,0 +1,18 @@ +# --> (Example) Change TLS Configuration here... +# tls: +# options: +# default: +# minVersion: VersionTLS12 +# sniStrict: true +# curvePreferences: +# - CurveP256 +# - CurveP384 +# - CurveP521 +# cipherSuites: +# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 +# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 +# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 +# <-- diff --git a/kubernetes/cert-manager/example.certificate.yaml b/kubernetes/cert-manager/example.certificate.yaml new file mode 100644 index 0000000..042ae0b --- /dev/null +++ b/kubernetes/cert-manager/example.certificate.yaml @@ -0,0 +1,15 @@ +--- +# --> (Example) Create a Certificate for your hostname... +# apiVersion: cert-manager.io/v1 +# kind: Certificate +# metadata: +# name: your-certificate # <-- Replace with your certificate name +# namespace: your-namespace # <-- Replace with your namespace +# spec: +# secretName: your-secret # <-- Replace with your secret name +# issuerRef: +# name: clusterissuer # <-- Replace with your issuer name +# kind: ClusterIssuer +# dnsNames: +# - your-hostname # <-- Replace with your hostname +# <-- diff --git a/kubernetes/cert-manager/examples/certificate.yaml b/kubernetes/cert-manager/examples/certificate.yaml deleted file mode 100644 index faa1b3c..0000000 --- a/kubernetes/cert-manager/examples/certificate.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: your-certificate # <-- Replace with your certificate name - namespace: your-namespace # <-- Replace with your namespace -spec: - secretName: your-secret # <-- Replace with your secret name - issuerRef: - name: clusterissuer # <-- Replace with your issuer name - kind: ClusterIssuer - dnsNames: - - your-hostname # <-- Replace with your hostname diff --git a/kubernetes/traefik/certificate.yaml b/kubernetes/traefik/certificate.yaml index 3169aec..e0030e9 100644 --- a/kubernetes/traefik/certificate.yaml +++ b/kubernetes/traefik/certificate.yaml @@ -1,3 +1,4 @@ +--- # --> (Optional) Securely expose the Traefik dashboard... # apiVersion: cert-manager.io/v1 # kind: Certificate diff --git a/kubernetes/traefik/example.ingressroute.yaml b/kubernetes/traefik/example.ingressroute.yaml new file mode 100644 index 0000000..1bba813 --- /dev/null +++ b/kubernetes/traefik/example.ingressroute.yaml @@ -0,0 +1,21 @@ +--- +# --> (Example) Create an IngressRoute for your service... +# apiVersion: traefik.io/v1alpha1 +# kind: IngressRoute +# metadata: +# name: your-ingressroute # <-- Replace with your IngressRoute name +# namespace: your-namespace # <-- Replace with your namespace +# spec: +# entryPoints: +# - web +# - websecure +# routes: +# - match: Host(`your-fqdn`) # <-- Replace with your FQDN +# kind: Rule +# services: +# - name: your-service # <-- Replace with your service name +# port: 80 +# --> (Optional) Add certificate secret +# tls: +# secretName: your-certificate-secret +# <-- diff --git a/kubernetes/traefik/example.ingressroutetcp.yaml b/kubernetes/traefik/example.ingressroutetcp.yaml new file mode 100644 index 0000000..02f3b27 --- /dev/null +++ b/kubernetes/traefik/example.ingressroutetcp.yaml @@ -0,0 +1,21 @@ +--- +# --> (Example) Create an IngressRouteTCP for your service... +# apiVersion: traefik.io/v1alpha1 +# kind: IngressRouteTCP +# metadata: +# name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name +# namespace: your-namespace # <-- Replace with your namespace +# spec: +# entryPoints: +# - web +# - websecure +# routes: +# - match: HostSNI(`your-sni`) # <-- Replace with your SNI +# priority: 10 # <-- (Optional) change rule priority +# services: +# - name: your-service # <-- Replace with your service name +# port: 80 +# --> (Optional) Enable TLS Passthrough +# tls: +# passthrough: true +# <-- diff --git a/kubernetes/traefik/examples/ingressroute.yaml b/kubernetes/traefik/examples/ingressroute.yaml deleted file mode 100644 index a8e80ac..0000000 --- a/kubernetes/traefik/examples/ingressroute.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRoute -metadata: - name: your-ingressroute # <-- Replace with your IngressRoute name - namespace: your-namespace # <-- Replace with your namespace -spec: - entryPoints: - - web - - websecure - routes: - - match: Host(`your-fqdn`) # <-- Replace with your FQDN - kind: Rule - services: - - name: your-service # <-- Replace with your service name - port: 80 -# --> (Optional) Add certificate secret -# tls: -# secretName: your-certificate-secret -# <-- diff --git a/kubernetes/traefik/examples/ingressroutetcp.yaml b/kubernetes/traefik/examples/ingressroutetcp.yaml deleted file mode 100644 index 2b0f1ae..0000000 --- a/kubernetes/traefik/examples/ingressroutetcp.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -apiVersion: traefik.io/v1alpha1 -kind: IngressRouteTCP -metadata: - name: your-ingressroutetcp # <-- Replace with your IngressRouteTCP name - namespace: your-namespace # <-- Replace with your namespace -spec: - entryPoints: - - web - - websecure - routes: - - match: HostSNI(`your-sni`) # <-- Replace with your SNI - priority: 10 # <-- (Optional) change rule priority - services: - - name: your-service # <-- Replace with your service name - port: 80 -# --> (Optional) Enable TLS Passthrough -# tls: -# passthrough: true -# <-- diff --git a/kubernetes/traefik/middleware.yaml b/kubernetes/traefik/middleware.yaml index fad3409..1eb5355 100644 --- a/kubernetes/traefik/middleware.yaml +++ b/kubernetes/traefik/middleware.yaml @@ -1,3 +1,4 @@ +--- # --> (Optional) Securely expose the Traefik dashboard... # apiVersion: traefik.io/v1alpha1 # kind: Middleware