From fdd4757237ac541a526ebca8463de425bf0bb91b Mon Sep 17 00:00:00 2001 From: Marc Cataford Date: Sun, 4 Dec 2022 11:14:41 -0500 Subject: [PATCH] Feat/traefik as gateway (#13) * feat: set up traefik * feat: set up deluge+traefik * feat: enable https --- deluge/docker-compose.yml | 10 +++++++++- traefik/.gitignore | 1 + traefik/docker-compose.yml | 19 +++++++++++++++++++ traefik/tasks.py | 29 +++++++++++++++++++++++++++++ traefik/traefik.toml | 28 ++++++++++++++++++++++++++++ traefik/traefik_dynamic.toml | 6 ++++++ 6 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 traefik/.gitignore create mode 100644 traefik/docker-compose.yml create mode 100644 traefik/tasks.py create mode 100644 traefik/traefik.toml create mode 100644 traefik/traefik_dynamic.toml diff --git a/deluge/docker-compose.yml b/deluge/docker-compose.yml index ed975dd..a080cd6 100644 --- a/deluge/docker-compose.yml +++ b/deluge/docker-compose.yml @@ -14,7 +14,15 @@ services: - 6881:6881 - 6881:6881/udp restart: unless-stopped - + labels: + - traefik.http.routers.deluge.rule=PathPrefix(`/deluge/`) + - traefik.http.routers.deluge.tls=true + - traefik.http.routers.deluge.tls.certresolver=lets-encrypt + - traefik.http.middlewares.deluge-stripprefix.stripprefix.prefixes=/deluge + - traefik.http.routers.deluge.middlewares=deluge-stripprefix,deluge-base-headers + - traefik.http.middlewares.deluge-base-headers.headers.customrequestheaders.X-Deluge-Base=/deluge/ + - traefik.http.services.deluge.loadbalancer.server.port=8112 + - traefik.enable=true networks: default: name: kong-net diff --git a/traefik/.gitignore b/traefik/.gitignore new file mode 100644 index 0000000..08a7346 --- /dev/null +++ b/traefik/.gitignore @@ -0,0 +1 @@ +acme.json diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml new file mode 100644 index 0000000..2a32014 --- /dev/null +++ b/traefik/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3.7' + +services: + traefik: + image: traefik:v2.9 + ports: + - "80:80" + - "443:443" + - "8080:8080" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./traefik.toml:/traefik.toml + - ./traefik_dynamic.toml:/traefik_dynamic.toml + - ./acme.json:/acme.json + +networks: + default: + name: kong-net + external: true diff --git a/traefik/tasks.py b/traefik/tasks.py new file mode 100644 index 0000000..21111f9 --- /dev/null +++ b/traefik/tasks.py @@ -0,0 +1,29 @@ +import invoke +import pathlib + +PATH = pathlib.Path(__file__).parent + + +@invoke.task() +def start(ctx): + with ctx.cd(PATH): + ctx.run("docker-compose up -d") + + +@invoke.task() +def stop(ctx): + with ctx.cd(PATH): + ctx.run("docker-compose down") + + +@invoke.task() +def restart(ctx): + with ctx.cd(PATH): + ctx.run("docker-compose restart") + + +ns = invoke.Collection("traefik") + +ns.add_task(start) +ns.add_task(restart) +ns.add_task(stop) diff --git a/traefik/traefik.toml b/traefik/traefik.toml new file mode 100644 index 0000000..c7a53e0 --- /dev/null +++ b/traefik/traefik.toml @@ -0,0 +1,28 @@ +[entryPoints] + [entryPoints.web] + address = ":80" + [entryPoints.web.http.redirections.entryPoint] + to = "websecure" + scheme = "https" + [entryPoints.websecure] + address = ":443" + +[log] + level = "DEBUG" + +[api] + dashboard = true + +[certificatesResolvers.lets-encrypt.acme] + email = "traefik@karnov.club" + storage = "acme.json" + [certificatesResolvers.lets-encrypt.acme.tlsChallenge] + +[providers.docker] + watch = true + useBindPortIP = true + network = "kong-net" + exposedByDefault = false + +[providers.file] + filename = "traefik_dynamic.toml" diff --git a/traefik/traefik_dynamic.toml b/traefik/traefik_dynamic.toml new file mode 100644 index 0000000..bc2d41f --- /dev/null +++ b/traefik/traefik_dynamic.toml @@ -0,0 +1,6 @@ +[http.routers.api] + rule = "Host(`spadinaistan.karnov.club`)" + entrypoints = ["web"] + service = "api@internal" + [http.routers.api.tls] + certResolver = "lets-encrypt"