diff --git a/config/traefik.toml b/config/traefik.toml index 394dacf..ade42a6 100644 --- a/config/traefik.toml +++ b/config/traefik.toml @@ -1,107 +1,43 @@ -# accept invalid SSL certs for backends -InsecureSkipVerify = true - -defaultEntryPoints = ["http", "https"] - -[acme] -email = "hostmaster@zom.bi" -storage = "cert/acme.json" -entryPoint = "https" -onDemand = false -#OnHostRule = true -OnHostRule = false - - - [acme.httpChallenge] - entryPoint = "http" +[global] + checkNewVersion = false + sendAnonymousUsage = false [entryPoints] - [entryPoints.http] + [entryPoints.web] address = ":80" - [entryPoints.http.redirect] - entryPoint = "https" - [entryPoints.https] + + [entryPoints.websecure] address = ":443" - [entryPoints.https.tls] - # first certificate is default, serve nonsense to - # mitigate TLS probing - [[entryPoints.https.tls.certificates]] - certFile = "cert/snakeoil.pem" - keyFile = "cert/snakeoil.key" - [[entryPoints.https.tls.certificates]] - certFile = "cert/bitmask.me.origin.pem" - keyFile = "cert/bitmask.me.origin.key" - [[entryPoints.https.tls.certificates]] - certFile = "cert/grun.host.origin.pem" - keyFile = "cert/grun.host.origin.key" -[web] -address = ":8080" +[log] + level = "DEBUG" -[docker] -endpoint = "unix:///var/run/docker.sock" -domain = "docker.localhost" -watch = true -exposedbydefault = false +[accessLog] + format = "common" + filePath = "/dev/null" -# new domains and subdomains can be configured here. -# note that domains and subdomains not defined in this file will still work, -# when defined in a container Host-Rule. However, they will generate -# their own ACME request, and will count towards LetsEncrypt's rate limit. -[[acme.domains]] - main = "zom.bi" - sans = [ - "conference.zom.bi", - "mumble.zom.bi", - "mx.zom.bi", - "user.zom.bi", - "xmpp.zom.bi", - "irc.zom.bi", +[api] + dashboard = true - # web vhosts: - "api.zom.bi", - "autoconfig.zom.bi", - "blog.zom.bi", - "cloud.zom.bi", - "docker.zom.bi", - "download.zom.bi", - "gdpr.zom.bi", - "git.zom.bi", - "kanban.zom.bi", - "mail.zom.bi", - "music.zom.bi", - "org.zom.bi", - "ovpn.zom.bi", - "pad.zom.bi", - "push.zom.bi", - "static.zom.bi", - "stream.zom.bi", - "tube.zom.bi", - "upload.zom.bi", - "wiki.zom.bi", - "www.zom.bi", +[ping] - # test subdomain - "test.zom.bi", - ] +[providers.docker] + network = "proxy_web" + exposedByDefault = false + defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)" -[[acme.domains]] - main = "suprememachines.de" - sans = [ - "www.suprememachines.de", - "git.suprememachines.de", - "pad.suprememachines.de", - ] +[certificatesResolvers.default.acme] + email = "hostmaster@zom.bi" + storage = "/cert/acme.json" + [certificatesResolvers.default.acme.httpChallenge] + entryPoint = "web" -[[acme.domains]] - main = "aloneonline.net" - sans = ["www.aloneonline.net"] - -[[acme.domains]] - main = "graphs.xhain.space" - -# You can define multiple of these blocks, each of which will result in one -# certificate. -#[[acme.domains]] -# main = "zombi.systems" -# sans = ["www.zombi.systems", "blog.zombi.systems"] +[[tls.certificates]] + certFile = "cert/snakeoil.pem" + keyFile = "cert/snakeoil.key" +[[tls.certificates]] + certFile = "cert/bitmask.me.origin.pem" + keyFile = "cert/bitmask.me.origin.key" +[[tls.certificates]] + certFile = "cert/grun.host.origin.pem" + keyFile = "cert/grun.host.origin.key" diff --git a/docker-compose.yml b/docker-compose.yml index 76b3d9c..58b0a00 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,8 +2,7 @@ version: '2' services: proxy: - image: traefik:1.7 - command: --logLevel=ERROR + image: traefik:v2.1 ports: - "80:80" - "443:443" @@ -13,9 +12,29 @@ services: - "./cert/:/cert/" - "./config/:/etc/traefik/:ro" labels: - - "traefik.enable=false" # set to true to expose the Monitoring & API + - "traefik.enable=true" # set to true to expose the Monitoring & API + # middleware redirect + - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" + # global redirect to https + - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" + - "traefik.http.routers.http-catchall.entrypoints=web" + - "traefik.http.routers.http-catchall.middlewares=redirect-to-https" + - "traefik.backend=proxy" - "traefik.port=8080" + # Password middleware + #- "traefik.http.middlewares.auth.basicauth.users=zombi:zombibi0815" + # Dashboard + - "traefik.http.routers.dashboard.rule=host(`test.zom.bi`)" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.tls=true" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls.certresolver=default" + - "traefik.http.routers.dashboard.tls.domains[0].main=zom.bi" + - "traefik.http.routers.dashboard.tls.domains[0].sans=conference.zom.bi,mumble.zom.bi,mx.zom.bi,user.zom.bi,xmpp.zom.bi,irc.zom.bi,api.zom.bi,autoconfig.zom.bi,blog.zom.bi,cloud.zom.bi,docker.zom.bi,download.zom.bi,gdpr.zom.bi,git.zom.bi,kanban.zom.bi,mail.zom.bi,music.zom.bi,org.zom.bi,ovpn.zom.bi,pad.zom.bi,push.zom.bi,static.zom.bi,stream.zom.bi,tube.zom.bi,upload.zom.bi,wiki.zom.bi,www.zom.bi,test.zom.bi" + #- "traefik.http.routers.dashboard.middlewares=auth" + + - "traefik.http.services.dashboard.loadbalancer.server.port=8080" networks: - "web"