From c6427658dfaf258785460f2a14e782d7504fa749 Mon Sep 17 00:00:00 2001 From: Christian Lempa Date: Fri, 8 Nov 2024 11:06:02 +0100 Subject: [PATCH] updated traefik boilerplates --- docker-compose/traefik/compose.yaml | 22 +++-- .../conf.d/example-externalservice.yaml | 16 ---- .../conf.d/externalservice.yaml.example | 16 ++++ docker-compose/traefik/config/traefik.yaml | 82 ++++++------------- 4 files changed, 49 insertions(+), 87 deletions(-) delete mode 100644 docker-compose/traefik/config/conf.d/example-externalservice.yaml create mode 100644 docker-compose/traefik/config/conf.d/externalservice.yaml.example diff --git a/docker-compose/traefik/compose.yaml b/docker-compose/traefik/compose.yaml index b3f9bba..93e8f08 100644 --- a/docker-compose/traefik/compose.yaml +++ b/docker-compose/traefik/compose.yaml @@ -6,21 +6,19 @@ services: ports: - 80:80 - 443:443 - # -- (Optional) Enable Dashboard, don't do in production + # --> (Optional) Enable Dashboard, don't do in production # - 8080:8080 + # <-- volumes: - /run/docker.sock:/run/docker.sock:ro - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro - - ./config/conf.d/:/etc/traefik/conf.d/:ro - ./data/certs/:/var/traefik/certs/:rw - # -- (Optional) When using Cloudflare as Cert Resolver - # environment: - # - CF_DNS_API_TOKEN=your-cloudflare-api-token - # -- (Optional) When using a custom network - # networks: - # - your-traefik-network + - ./config/conf.d/:/etc/traefik/conf.d/:ro + environment: + - CF_DNS_API_TOKEN=your-cloudflare-api-token # <-- Change this to your Cloudflare API Token + networks: + - frontend restart: unless-stopped -# -- (Optional) When using a custom network -# networks: -# your-traefik-network: -# external: true +networks: + frontend: + external: true # <-- (Optional) Change this to false if you want to create a new network diff --git a/docker-compose/traefik/config/conf.d/example-externalservice.yaml b/docker-compose/traefik/config/conf.d/example-externalservice.yaml deleted file mode 100644 index aa8f84a..0000000 --- a/docker-compose/traefik/config/conf.d/example-externalservice.yaml +++ /dev/null @@ -1,16 +0,0 @@ -http: - routers: - your-local-router: - rule: "Host(`your-local-service.your-domain.com`) && PathPrefix(`/`)" - service: your-local-service - priority: 1000 - entryPoints: - - web - # (optional) Permanent Redirect to HTTPS - # - websecure - - services: - your-local-service: - loadBalancer: - servers: - - url: "http://your-local-service:port" diff --git a/docker-compose/traefik/config/conf.d/externalservice.yaml.example b/docker-compose/traefik/config/conf.d/externalservice.yaml.example new file mode 100644 index 0000000..a138191 --- /dev/null +++ b/docker-compose/traefik/config/conf.d/externalservice.yaml.example @@ -0,0 +1,16 @@ +http: + # -- Change Router Configuration here... + routers: + your-local-router: + rule: "Host(`your-local-service.your-domain.com`)" # <-- Change Rules here... + service: your-local-service # <-- Change Service Name here... + priority: 1000 # <-- (Optional) Change Routing Priority here... + entryPoints: + - web, websecure + + # -- Change Service Configuration here... + services: + your-local-service: # <-- Change Service Name here... + loadBalancer: + servers: + - url: "http://your-local-service:port" # <-- Change Target Service URL here... diff --git a/docker-compose/traefik/config/traefik.yaml b/docker-compose/traefik/config/traefik.yaml index f5ce3b6..850b1be 100644 --- a/docker-compose/traefik/config/traefik.yaml +++ b/docker-compose/traefik/config/traefik.yaml @@ -2,93 +2,57 @@ global: checkNewVersion: false sendAnonymousUsage: false -# -- (Optional) Change log level and format here ... +# --> (Optional) Change log level and format here ... # - level: [TRACE, DEBUG, INFO, WARN, ERROR, FATAL] -# - format: [common, json] # log: # level: ERROR -# format: common -# filePath: /var/log/traefik/traefik.log +# <-- -# -- (Optional) Enable accesslog and change format here ... -# - format: [common, json] -# accesslog: -# format: common -# filePath: /var/log/traefik/access.log +# --> (Optional) Enable accesslog here ... +# accesslog: {} +# <-- -# -- (Optional) Enable API and Dashboard here, don't do in production +# --> (Optional) Enable API and Dashboard here, don't do in production # api: # dashboard: true -# disableDashboardAd: true # insecure: true +# <-- # -- Change EntryPoints here... entryPoints: web: address: :80 - # -- (Optional) Redirect all HTTP to HTTPS + # --> (Optional) Redirect all HTTP to HTTPS # http: # redirections: # entryPoint: # to: websecure # scheme: https + # <-- websecure: address: :443 - # -- (Optional) Add custom Entrypoint - # custom: - # address: :8081 # -- Configure your CertificateResolver here... -# certificatesResolvers: -# cloudflare-staging: -# acme: -# email: your-email@example.com -# storage: /var/traefik/certs/cloudflare-acme.json -# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" -# -- (Optional) Remove this section, when using DNS Challenge -# httpChallenge: -# entryPoint: web -# -- (Optional) Configure DNS Challenge -# dnsChallenge: -# provider: your-resolver (e.g. cloudflare) -# resolvers: -# - "1.1.1.1:53" -# - "8.8.8.8:53" -# cloudflare: -# acme: -# email: your-email@example.com -# storage: /var/traefik/certs/cloudflare-acme.json -# caServer: "https://acme-v02.api.letsencrypt.org/directory" -# -- (Optional) Remove this section, when using DNS Challenge -# httpChallenge: -# entryPoint: web -# -- (Optional) Configure DNS Challenge -# dnsChallenge: -# provider: your-resolver (e.g. cloudflare) -# resolvers: -# - "1.1.1.1:53" -# - "8.8.8.8:53" +certificatesResolvers: + cloudflare: + acme: + email: your-email@example.com # <-- Change this to your email + storage: /var/traefik/certs/cloudflare-acme.json + caServer: "https://acme-v02.api.letsencrypt.org/directory" + dnsChallenge: + provider: cloudflare # <-- (Optional) Change this to your DNS provider + resolvers: + - "1.1.1.1:53" + - "8.8.8.8:53" -# -- (Optional) Disable TLS Cert verification check +# --> (Optional) Disable TLS Cert verification check # serversTransport: # insecureSkipVerify: true - -# -- (Optional) Overwrite Default Certificates -# tls: -# stores: -# default: -# defaultCertificate: -# certFile: /etc/traefik/certs/cert.pem -# keyFile: /etc/traefik/certs/cert-key.pem -# -- (Optional) Disable TLS version 1.0 and 1.1 -# options: -# default: -# minVersion: VersionTLS12 +# <-- providers: docker: - # -- (Optional) Enable this, if you want to expose all containers automatically - exposedByDefault: false + exposedByDefault: false # <-- (Optional) Change this to true if you want to expose all services file: directory: /etc/traefik watch: true