Version bump to 2.1

2019-12-01 01:16:21 +01:00 · 2019-12-01 01:16:21 +01:00 · 2ef0cff0fe
commit 2ef0cff0fe
parent 18600469eb
2 changed files with 54 additions and 99 deletions
--- a/config/traefik.toml
+++ b/config/traefik.toml
@ -1,107 +1,43 @@
-# accept invalid SSL certs for backends
-InsecureSkipVerify = true
-
-defaultEntryPoints = ["http", "https"]
-
-[acme]
-email = "hostmaster@zom.bi"
-storage = "cert/acme.json"
-entryPoint = "https"
-onDemand = false
-#OnHostRule = true
-OnHostRule = false
-
-
-  [acme.httpChallenge]
-  entryPoint = "http"
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false

 [entryPoints]
-  [entryPoints.http]
+  [entryPoints.web]
    address = ":80"
-      [entryPoints.http.redirect]
-        entryPoint = "https"
-  [entryPoints.https]
+
+  [entryPoints.websecure]
    address = ":443"
-      [entryPoints.https.tls]
-        # first certificate is default, serve nonsense to
-        # mitigate TLS probing
-        [[entryPoints.https.tls.certificates]]
-          certFile = "cert/snakeoil.pem"
-          keyFile = "cert/snakeoil.key"
-        [[entryPoints.https.tls.certificates]]
-          certFile = "cert/bitmask.me.origin.pem"
-          keyFile = "cert/bitmask.me.origin.key"
-        [[entryPoints.https.tls.certificates]]
-          certFile = "cert/grun.host.origin.pem"
-          keyFile = "cert/grun.host.origin.key"

-[web]
-address = ":8080"
+[log]
+  level = "DEBUG"

-[docker]
-endpoint = "unix:///var/run/docker.sock"
-domain = "docker.localhost"
-watch = true
-exposedbydefault = false
+[accessLog]
+  format = "common"
+  filePath = "/dev/null"

-# new domains and subdomains can be configured here.
-# note that domains and subdomains not defined in this file will still work,
-# when defined in a container Host-Rule. However, they will generate
-# their own ACME request, and will count towards LetsEncrypt's rate limit.
-[[acme.domains]]
-  main = "zom.bi"
-  sans = [
-    "conference.zom.bi",
-    "mumble.zom.bi",
-    "mx.zom.bi",
-    "user.zom.bi",
-    "xmpp.zom.bi",
-    "irc.zom.bi",
+[api]
+  dashboard = true

-    # web vhosts:
-    "api.zom.bi",
-    "autoconfig.zom.bi",
-    "blog.zom.bi",
-    "cloud.zom.bi",
-    "docker.zom.bi",
-    "download.zom.bi",
-    "gdpr.zom.bi",
-    "git.zom.bi",
-    "kanban.zom.bi",
-    "mail.zom.bi",
-    "music.zom.bi",
-    "org.zom.bi",
-    "ovpn.zom.bi",
-    "pad.zom.bi",
-    "push.zom.bi",
-    "static.zom.bi",
-    "stream.zom.bi",
-    "tube.zom.bi",
-    "upload.zom.bi",
-    "wiki.zom.bi",
-    "www.zom.bi",
+[ping]

-    # test subdomain
-    "test.zom.bi",
-  ]
+[providers.docker]
+  network = "proxy_web"
+  exposedByDefault = false
+  defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"

-[[acme.domains]]
-  main = "suprememachines.de"
-  sans = [
-    "www.suprememachines.de",
-    "git.suprememachines.de",
-    "pad.suprememachines.de",
-  ]
+[certificatesResolvers.default.acme]
+  email = "hostmaster@zom.bi"
+  storage = "/cert/acme.json"
+  [certificatesResolvers.default.acme.httpChallenge]
+    entryPoint = "web"

-[[acme.domains]]
-  main = "aloneonline.net"
-  sans = ["www.aloneonline.net"]
-
-[[acme.domains]]
-  main = "graphs.xhain.space"
-
-# You can define multiple of these blocks, each of which will result in one
-# certificate.
-#[[acme.domains]]
-#  main = "zombi.systems"
-#  sans = ["www.zombi.systems", "blog.zombi.systems"]
+[[tls.certificates]]
+  certFile = "cert/snakeoil.pem"
+  keyFile = "cert/snakeoil.key"
+[[tls.certificates]]
+  certFile = "cert/bitmask.me.origin.pem"
+  keyFile = "cert/bitmask.me.origin.key"
+[[tls.certificates]]
+  certFile = "cert/grun.host.origin.pem"
+  keyFile = "cert/grun.host.origin.key"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -2,8 +2,7 @@ version: '2'

 services:
  proxy:
-    image: traefik:1.7
-    command: --logLevel=ERROR
+    image: traefik:v2.1
    ports:
      - "80:80"
      - "443:443"
@ -13,9 +12,29 @@ services:
      - "./cert/:/cert/"
      - "./config/:/etc/traefik/:ro"
    labels:
-      - "traefik.enable=false" # set to true to expose the Monitoring & API
+      - "traefik.enable=true" # set to true to expose the Monitoring & API
+      # middleware redirect
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      # global redirect to https
+      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+
      - "traefik.backend=proxy"
      - "traefik.port=8080"
+      # Password middleware
+      #- "traefik.http.middlewares.auth.basicauth.users=zombi:zombibi0815"
+      # Dashboard
+      - "traefik.http.routers.dashboard.rule=host(`test.zom.bi`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls.certresolver=default"
+      - "traefik.http.routers.dashboard.tls.domains[0].main=zom.bi"
+      - "traefik.http.routers.dashboard.tls.domains[0].sans=conference.zom.bi,mumble.zom.bi,mx.zom.bi,user.zom.bi,xmpp.zom.bi,irc.zom.bi,api.zom.bi,autoconfig.zom.bi,blog.zom.bi,cloud.zom.bi,docker.zom.bi,download.zom.bi,gdpr.zom.bi,git.zom.bi,kanban.zom.bi,mail.zom.bi,music.zom.bi,org.zom.bi,ovpn.zom.bi,pad.zom.bi,push.zom.bi,static.zom.bi,stream.zom.bi,tube.zom.bi,upload.zom.bi,wiki.zom.bi,www.zom.bi,test.zom.bi"
+      #- "traefik.http.routers.dashboard.middlewares=auth"
+
+      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
    networks:
      - "web"