Version bump to 2.1
This commit is contained in:
parent
18600469eb
commit
2ef0cff0fe
2 changed files with 54 additions and 99 deletions
|
@ -1,107 +1,43 @@
|
|||
# accept invalid SSL certs for backends
|
||||
InsecureSkipVerify = true
|
||||
|
||||
defaultEntryPoints = ["http", "https"]
|
||||
|
||||
[acme]
|
||||
email = "hostmaster@zom.bi"
|
||||
storage = "cert/acme.json"
|
||||
entryPoint = "https"
|
||||
onDemand = false
|
||||
#OnHostRule = true
|
||||
OnHostRule = false
|
||||
|
||||
|
||||
[acme.httpChallenge]
|
||||
entryPoint = "http"
|
||||
[global]
|
||||
checkNewVersion = false
|
||||
sendAnonymousUsage = false
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.http]
|
||||
[entryPoints.web]
|
||||
address = ":80"
|
||||
[entryPoints.http.redirect]
|
||||
entryPoint = "https"
|
||||
[entryPoints.https]
|
||||
|
||||
[entryPoints.websecure]
|
||||
address = ":443"
|
||||
[entryPoints.https.tls]
|
||||
# first certificate is default, serve nonsense to
|
||||
# mitigate TLS probing
|
||||
[[entryPoints.https.tls.certificates]]
|
||||
certFile = "cert/snakeoil.pem"
|
||||
keyFile = "cert/snakeoil.key"
|
||||
[[entryPoints.https.tls.certificates]]
|
||||
certFile = "cert/bitmask.me.origin.pem"
|
||||
keyFile = "cert/bitmask.me.origin.key"
|
||||
[[entryPoints.https.tls.certificates]]
|
||||
certFile = "cert/grun.host.origin.pem"
|
||||
keyFile = "cert/grun.host.origin.key"
|
||||
|
||||
[web]
|
||||
address = ":8080"
|
||||
[log]
|
||||
level = "DEBUG"
|
||||
|
||||
[docker]
|
||||
endpoint = "unix:///var/run/docker.sock"
|
||||
domain = "docker.localhost"
|
||||
watch = true
|
||||
exposedbydefault = false
|
||||
[accessLog]
|
||||
format = "common"
|
||||
filePath = "/dev/null"
|
||||
|
||||
# new domains and subdomains can be configured here.
|
||||
# note that domains and subdomains not defined in this file will still work,
|
||||
# when defined in a container Host-Rule. However, they will generate
|
||||
# their own ACME request, and will count towards LetsEncrypt's rate limit.
|
||||
[[acme.domains]]
|
||||
main = "zom.bi"
|
||||
sans = [
|
||||
"conference.zom.bi",
|
||||
"mumble.zom.bi",
|
||||
"mx.zom.bi",
|
||||
"user.zom.bi",
|
||||
"xmpp.zom.bi",
|
||||
"irc.zom.bi",
|
||||
[api]
|
||||
dashboard = true
|
||||
|
||||
# web vhosts:
|
||||
"api.zom.bi",
|
||||
"autoconfig.zom.bi",
|
||||
"blog.zom.bi",
|
||||
"cloud.zom.bi",
|
||||
"docker.zom.bi",
|
||||
"download.zom.bi",
|
||||
"gdpr.zom.bi",
|
||||
"git.zom.bi",
|
||||
"kanban.zom.bi",
|
||||
"mail.zom.bi",
|
||||
"music.zom.bi",
|
||||
"org.zom.bi",
|
||||
"ovpn.zom.bi",
|
||||
"pad.zom.bi",
|
||||
"push.zom.bi",
|
||||
"static.zom.bi",
|
||||
"stream.zom.bi",
|
||||
"tube.zom.bi",
|
||||
"upload.zom.bi",
|
||||
"wiki.zom.bi",
|
||||
"www.zom.bi",
|
||||
[ping]
|
||||
|
||||
# test subdomain
|
||||
"test.zom.bi",
|
||||
]
|
||||
[providers.docker]
|
||||
network = "proxy_web"
|
||||
exposedByDefault = false
|
||||
defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
|
||||
|
||||
[[acme.domains]]
|
||||
main = "suprememachines.de"
|
||||
sans = [
|
||||
"www.suprememachines.de",
|
||||
"git.suprememachines.de",
|
||||
"pad.suprememachines.de",
|
||||
]
|
||||
[certificatesResolvers.default.acme]
|
||||
email = "hostmaster@zom.bi"
|
||||
storage = "/cert/acme.json"
|
||||
[certificatesResolvers.default.acme.httpChallenge]
|
||||
entryPoint = "web"
|
||||
|
||||
[[acme.domains]]
|
||||
main = "aloneonline.net"
|
||||
sans = ["www.aloneonline.net"]
|
||||
|
||||
[[acme.domains]]
|
||||
main = "graphs.xhain.space"
|
||||
|
||||
# You can define multiple of these blocks, each of which will result in one
|
||||
# certificate.
|
||||
#[[acme.domains]]
|
||||
# main = "zombi.systems"
|
||||
# sans = ["www.zombi.systems", "blog.zombi.systems"]
|
||||
[[tls.certificates]]
|
||||
certFile = "cert/snakeoil.pem"
|
||||
keyFile = "cert/snakeoil.key"
|
||||
[[tls.certificates]]
|
||||
certFile = "cert/bitmask.me.origin.pem"
|
||||
keyFile = "cert/bitmask.me.origin.key"
|
||||
[[tls.certificates]]
|
||||
certFile = "cert/grun.host.origin.pem"
|
||||
keyFile = "cert/grun.host.origin.key"
|
||||
|
|
|
@ -2,8 +2,7 @@ version: '2'
|
|||
|
||||
services:
|
||||
proxy:
|
||||
image: traefik:1.7
|
||||
command: --logLevel=ERROR
|
||||
image: traefik:v2.1
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
|
@ -13,9 +12,29 @@ services:
|
|||
- "./cert/:/cert/"
|
||||
- "./config/:/etc/traefik/:ro"
|
||||
labels:
|
||||
- "traefik.enable=false" # set to true to expose the Monitoring & API
|
||||
- "traefik.enable=true" # set to true to expose the Monitoring & API
|
||||
# middleware redirect
|
||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
# global redirect to https
|
||||
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
||||
- "traefik.http.routers.http-catchall.entrypoints=web"
|
||||
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
||||
|
||||
- "traefik.backend=proxy"
|
||||
- "traefik.port=8080"
|
||||
# Password middleware
|
||||
#- "traefik.http.middlewares.auth.basicauth.users=zombi:zombibi0815"
|
||||
# Dashboard
|
||||
- "traefik.http.routers.dashboard.rule=host(`test.zom.bi`)"
|
||||
- "traefik.http.routers.dashboard.entrypoints=websecure"
|
||||
- "traefik.http.routers.dashboard.tls=true"
|
||||
- "traefik.http.routers.dashboard.service=api@internal"
|
||||
- "traefik.http.routers.dashboard.tls.certresolver=default"
|
||||
- "traefik.http.routers.dashboard.tls.domains[0].main=zom.bi"
|
||||
- "traefik.http.routers.dashboard.tls.domains[0].sans=conference.zom.bi,mumble.zom.bi,mx.zom.bi,user.zom.bi,xmpp.zom.bi,irc.zom.bi,api.zom.bi,autoconfig.zom.bi,blog.zom.bi,cloud.zom.bi,docker.zom.bi,download.zom.bi,gdpr.zom.bi,git.zom.bi,kanban.zom.bi,mail.zom.bi,music.zom.bi,org.zom.bi,ovpn.zom.bi,pad.zom.bi,push.zom.bi,static.zom.bi,stream.zom.bi,tube.zom.bi,upload.zom.bi,wiki.zom.bi,www.zom.bi,test.zom.bi"
|
||||
#- "traefik.http.routers.dashboard.middlewares=auth"
|
||||
|
||||
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
|
||||
networks:
|
||||
- "web"
|
||||
|
||||
|
|
Loading…
Reference in a new issue