fix(traefik): set up certitifcate resolver
This commit is contained in:
parent
0f8c243682
commit
3669606b44
5 changed files with 36 additions and 6 deletions
|
@ -50,10 +50,10 @@ services:
|
|||
source: "/etc/localtime"
|
||||
target: "/etc/localtime"
|
||||
read_only: true
|
||||
# For TLS certificate
|
||||
#- type: "bind"
|
||||
# source: ""
|
||||
# target: ""
|
||||
# Traefik TLS volume
|
||||
- type: "bind"
|
||||
source: "${TRAEFIK_TLS_HOST_DIR}"
|
||||
target: "${TRAEFIK_TLS_CONTAINER_DIR}"
|
||||
# -- Code flow --
|
||||
gitea:
|
||||
container_name: "code-flow"
|
||||
|
|
|
@ -6,7 +6,8 @@ http:
|
|||
- "https"
|
||||
rule: "Host(`${GITEA_DOMAIN}`)"
|
||||
service: "git"
|
||||
tls: {}
|
||||
tls:
|
||||
certResolver: resolver
|
||||
services:
|
||||
git:
|
||||
loadBalancer:
|
||||
|
|
|
@ -98,6 +98,16 @@ while [[ $# -gt 0 ]]; do
|
|||
shift
|
||||
shift
|
||||
;;
|
||||
--traefik-acme-ca-server)
|
||||
TRAEFIK_ACME_CA_SERVER=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
--traefik-acme-email)
|
||||
TRAEFIK_ACME_EMAIL=$2
|
||||
shift
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
# unknown argument
|
||||
shift
|
||||
|
@ -138,12 +148,22 @@ export TRAEFIK_LOG_LEVEL="${TRAEFIK_LOG_LEVEL:-info}"
|
|||
export TRAEFIK_SEND_ANONYMOUS_USAGE="${TRAEFIK_SEND_ANONYMOUS_USAGE:-false}"
|
||||
export TRAEFIK_VERSION="${TRAEFIK_VERSION:-v2.6.3}"
|
||||
export TRAEFIK_CONTAINER_IPV4_ADDRESS="${TRAEFIK_CONTAINER_IPV4_ADDRESS:-172.20.0.2}"
|
||||
export TRAEFIK_ACME_CA_SERVER="${TRAEFIK_ACME_CA_SERVER:-https://acme-v02.api.letsencrypt.org/directory}"
|
||||
export TRAEFIK_ACME_EMAIL="${TRAEFIK_ACME_EMAIL:-admin@localhost}"
|
||||
export TRAEFIK_SHARED_MOUNT_POINT="/flow/shared/traefik"
|
||||
export TRAEFIK_TLS_HOST_DIR="/mnt/flow/traefik/tls"
|
||||
export TRAEFIK_TLS_CONTAINER_DIR="/flow/traefik/tls"
|
||||
|
||||
mkdir -p "${DOCKER_ROOT}"
|
||||
envsubst < "${ROOT_SETUP_DIRECTORY}/template/compose/docker-compose.yaml" > "${DOCKER_ROOT}/docker-compose.yaml"
|
||||
|
||||
## -- Traefik setup section --
|
||||
if ! [ -d ${TRAEFIK_TLS_HOST_DIR} ]; then
|
||||
mkdir -p ${TRAEFIK_TLS_HOST_DIR}
|
||||
chown root:root ${TRAEFIK_TLS_HOST_DIR}
|
||||
chmod a-rwx,u+rwx ${TRAEFIK_TLS_HOST_DIR}
|
||||
fi
|
||||
|
||||
mkdir -p "${TRAEFIK_DOCKER_DIR}"
|
||||
cp "${ROOT_SETUP_DIRECTORY}/template/traefik/Dockerfile" "${TRAEFIK_DOCKER_DIR}/Dockerfile"
|
||||
|
||||
|
|
|
@ -6,4 +6,5 @@ http:
|
|||
- "https"
|
||||
rule: "Host(`${ROOT_DOMAIN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||
service: "api@internal"
|
||||
tls: {}
|
||||
tls:
|
||||
certResolver: resolver
|
||||
|
|
|
@ -23,5 +23,13 @@ providers:
|
|||
file:
|
||||
watch: true
|
||||
directory: "${TRAEFIK_SHARED_MOUNT_POINT}/dynamic"
|
||||
certificatesResolvers:
|
||||
resolver:
|
||||
acme:
|
||||
caServer: "${TRAEFIK_ACME_CA_SERVER}"
|
||||
email: "${TRAEFIK_ACME_EMAIL}"
|
||||
storage: "${TRAEFIK_TLS_CONTAINER_DIR}/acme.json"
|
||||
keyType: "RSA4096"
|
||||
tlsChallenge: {}
|
||||
log:
|
||||
level: "${TRAEFIK_LOG_LEVEL}"
|
||||
|
|
Reference in a new issue