fix(traefik): set up certitifcate resolver
This commit is contained in:
parent
0f8c243682
commit
3669606b44
5 changed files with 36 additions and 6 deletions
|
@ -50,10 +50,10 @@ services:
|
||||||
source: "/etc/localtime"
|
source: "/etc/localtime"
|
||||||
target: "/etc/localtime"
|
target: "/etc/localtime"
|
||||||
read_only: true
|
read_only: true
|
||||||
# For TLS certificate
|
# Traefik TLS volume
|
||||||
#- type: "bind"
|
- type: "bind"
|
||||||
# source: ""
|
source: "${TRAEFIK_TLS_HOST_DIR}"
|
||||||
# target: ""
|
target: "${TRAEFIK_TLS_CONTAINER_DIR}"
|
||||||
# -- Code flow --
|
# -- Code flow --
|
||||||
gitea:
|
gitea:
|
||||||
container_name: "code-flow"
|
container_name: "code-flow"
|
||||||
|
|
|
@ -6,7 +6,8 @@ http:
|
||||||
- "https"
|
- "https"
|
||||||
rule: "Host(`${GITEA_DOMAIN}`)"
|
rule: "Host(`${GITEA_DOMAIN}`)"
|
||||||
service: "git"
|
service: "git"
|
||||||
tls: {}
|
tls:
|
||||||
|
certResolver: resolver
|
||||||
services:
|
services:
|
||||||
git:
|
git:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
|
|
|
@ -98,6 +98,16 @@ while [[ $# -gt 0 ]]; do
|
||||||
shift
|
shift
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
--traefik-acme-ca-server)
|
||||||
|
TRAEFIK_ACME_CA_SERVER=$2
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--traefik-acme-email)
|
||||||
|
TRAEFIK_ACME_EMAIL=$2
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
# unknown argument
|
# unknown argument
|
||||||
shift
|
shift
|
||||||
|
@ -138,12 +148,22 @@ export TRAEFIK_LOG_LEVEL="${TRAEFIK_LOG_LEVEL:-info}"
|
||||||
export TRAEFIK_SEND_ANONYMOUS_USAGE="${TRAEFIK_SEND_ANONYMOUS_USAGE:-false}"
|
export TRAEFIK_SEND_ANONYMOUS_USAGE="${TRAEFIK_SEND_ANONYMOUS_USAGE:-false}"
|
||||||
export TRAEFIK_VERSION="${TRAEFIK_VERSION:-v2.6.3}"
|
export TRAEFIK_VERSION="${TRAEFIK_VERSION:-v2.6.3}"
|
||||||
export TRAEFIK_CONTAINER_IPV4_ADDRESS="${TRAEFIK_CONTAINER_IPV4_ADDRESS:-172.20.0.2}"
|
export TRAEFIK_CONTAINER_IPV4_ADDRESS="${TRAEFIK_CONTAINER_IPV4_ADDRESS:-172.20.0.2}"
|
||||||
|
export TRAEFIK_ACME_CA_SERVER="${TRAEFIK_ACME_CA_SERVER:-https://acme-v02.api.letsencrypt.org/directory}"
|
||||||
|
export TRAEFIK_ACME_EMAIL="${TRAEFIK_ACME_EMAIL:-admin@localhost}"
|
||||||
export TRAEFIK_SHARED_MOUNT_POINT="/flow/shared/traefik"
|
export TRAEFIK_SHARED_MOUNT_POINT="/flow/shared/traefik"
|
||||||
|
export TRAEFIK_TLS_HOST_DIR="/mnt/flow/traefik/tls"
|
||||||
|
export TRAEFIK_TLS_CONTAINER_DIR="/flow/traefik/tls"
|
||||||
|
|
||||||
mkdir -p "${DOCKER_ROOT}"
|
mkdir -p "${DOCKER_ROOT}"
|
||||||
envsubst < "${ROOT_SETUP_DIRECTORY}/template/compose/docker-compose.yaml" > "${DOCKER_ROOT}/docker-compose.yaml"
|
envsubst < "${ROOT_SETUP_DIRECTORY}/template/compose/docker-compose.yaml" > "${DOCKER_ROOT}/docker-compose.yaml"
|
||||||
|
|
||||||
## -- Traefik setup section --
|
## -- Traefik setup section --
|
||||||
|
if ! [ -d ${TRAEFIK_TLS_HOST_DIR} ]; then
|
||||||
|
mkdir -p ${TRAEFIK_TLS_HOST_DIR}
|
||||||
|
chown root:root ${TRAEFIK_TLS_HOST_DIR}
|
||||||
|
chmod a-rwx,u+rwx ${TRAEFIK_TLS_HOST_DIR}
|
||||||
|
fi
|
||||||
|
|
||||||
mkdir -p "${TRAEFIK_DOCKER_DIR}"
|
mkdir -p "${TRAEFIK_DOCKER_DIR}"
|
||||||
cp "${ROOT_SETUP_DIRECTORY}/template/traefik/Dockerfile" "${TRAEFIK_DOCKER_DIR}/Dockerfile"
|
cp "${ROOT_SETUP_DIRECTORY}/template/traefik/Dockerfile" "${TRAEFIK_DOCKER_DIR}/Dockerfile"
|
||||||
|
|
||||||
|
|
|
@ -6,4 +6,5 @@ http:
|
||||||
- "https"
|
- "https"
|
||||||
rule: "Host(`${ROOT_DOMAIN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
rule: "Host(`${ROOT_DOMAIN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||||
service: "api@internal"
|
service: "api@internal"
|
||||||
tls: {}
|
tls:
|
||||||
|
certResolver: resolver
|
||||||
|
|
|
@ -23,5 +23,13 @@ providers:
|
||||||
file:
|
file:
|
||||||
watch: true
|
watch: true
|
||||||
directory: "${TRAEFIK_SHARED_MOUNT_POINT}/dynamic"
|
directory: "${TRAEFIK_SHARED_MOUNT_POINT}/dynamic"
|
||||||
|
certificatesResolvers:
|
||||||
|
resolver:
|
||||||
|
acme:
|
||||||
|
caServer: "${TRAEFIK_ACME_CA_SERVER}"
|
||||||
|
email: "${TRAEFIK_ACME_EMAIL}"
|
||||||
|
storage: "${TRAEFIK_TLS_CONTAINER_DIR}/acme.json"
|
||||||
|
keyType: "RSA4096"
|
||||||
|
tlsChallenge: {}
|
||||||
log:
|
log:
|
||||||
level: "${TRAEFIK_LOG_LEVEL}"
|
level: "${TRAEFIK_LOG_LEVEL}"
|
||||||
|
|
Reference in a new issue