Version bump to 2.1
This commit is contained in:
parent
18600469eb
commit
2ef0cff0fe
2 changed files with 54 additions and 99 deletions
|
@ -1,107 +1,43 @@
|
||||||
# accept invalid SSL certs for backends
|
[global]
|
||||||
InsecureSkipVerify = true
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
defaultEntryPoints = ["http", "https"]
|
|
||||||
|
|
||||||
[acme]
|
|
||||||
email = "hostmaster@zom.bi"
|
|
||||||
storage = "cert/acme.json"
|
|
||||||
entryPoint = "https"
|
|
||||||
onDemand = false
|
|
||||||
#OnHostRule = true
|
|
||||||
OnHostRule = false
|
|
||||||
|
|
||||||
|
|
||||||
[acme.httpChallenge]
|
|
||||||
entryPoint = "http"
|
|
||||||
|
|
||||||
[entryPoints]
|
[entryPoints]
|
||||||
[entryPoints.http]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
[entryPoints.http.redirect]
|
|
||||||
entryPoint = "https"
|
[entryPoints.websecure]
|
||||||
[entryPoints.https]
|
|
||||||
address = ":443"
|
address = ":443"
|
||||||
[entryPoints.https.tls]
|
|
||||||
# first certificate is default, serve nonsense to
|
|
||||||
# mitigate TLS probing
|
|
||||||
[[entryPoints.https.tls.certificates]]
|
|
||||||
certFile = "cert/snakeoil.pem"
|
|
||||||
keyFile = "cert/snakeoil.key"
|
|
||||||
[[entryPoints.https.tls.certificates]]
|
|
||||||
certFile = "cert/bitmask.me.origin.pem"
|
|
||||||
keyFile = "cert/bitmask.me.origin.key"
|
|
||||||
[[entryPoints.https.tls.certificates]]
|
|
||||||
certFile = "cert/grun.host.origin.pem"
|
|
||||||
keyFile = "cert/grun.host.origin.key"
|
|
||||||
|
|
||||||
[web]
|
[log]
|
||||||
address = ":8080"
|
level = "DEBUG"
|
||||||
|
|
||||||
[docker]
|
[accessLog]
|
||||||
endpoint = "unix:///var/run/docker.sock"
|
format = "common"
|
||||||
domain = "docker.localhost"
|
filePath = "/dev/null"
|
||||||
watch = true
|
|
||||||
exposedbydefault = false
|
|
||||||
|
|
||||||
# new domains and subdomains can be configured here.
|
[api]
|
||||||
# note that domains and subdomains not defined in this file will still work,
|
dashboard = true
|
||||||
# when defined in a container Host-Rule. However, they will generate
|
|
||||||
# their own ACME request, and will count towards LetsEncrypt's rate limit.
|
|
||||||
[[acme.domains]]
|
|
||||||
main = "zom.bi"
|
|
||||||
sans = [
|
|
||||||
"conference.zom.bi",
|
|
||||||
"mumble.zom.bi",
|
|
||||||
"mx.zom.bi",
|
|
||||||
"user.zom.bi",
|
|
||||||
"xmpp.zom.bi",
|
|
||||||
"irc.zom.bi",
|
|
||||||
|
|
||||||
# web vhosts:
|
[ping]
|
||||||
"api.zom.bi",
|
|
||||||
"autoconfig.zom.bi",
|
|
||||||
"blog.zom.bi",
|
|
||||||
"cloud.zom.bi",
|
|
||||||
"docker.zom.bi",
|
|
||||||
"download.zom.bi",
|
|
||||||
"gdpr.zom.bi",
|
|
||||||
"git.zom.bi",
|
|
||||||
"kanban.zom.bi",
|
|
||||||
"mail.zom.bi",
|
|
||||||
"music.zom.bi",
|
|
||||||
"org.zom.bi",
|
|
||||||
"ovpn.zom.bi",
|
|
||||||
"pad.zom.bi",
|
|
||||||
"push.zom.bi",
|
|
||||||
"static.zom.bi",
|
|
||||||
"stream.zom.bi",
|
|
||||||
"tube.zom.bi",
|
|
||||||
"upload.zom.bi",
|
|
||||||
"wiki.zom.bi",
|
|
||||||
"www.zom.bi",
|
|
||||||
|
|
||||||
# test subdomain
|
[providers.docker]
|
||||||
"test.zom.bi",
|
network = "proxy_web"
|
||||||
]
|
exposedByDefault = false
|
||||||
|
defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
|
||||||
|
|
||||||
[[acme.domains]]
|
[certificatesResolvers.default.acme]
|
||||||
main = "suprememachines.de"
|
email = "hostmaster@zom.bi"
|
||||||
sans = [
|
storage = "/cert/acme.json"
|
||||||
"www.suprememachines.de",
|
[certificatesResolvers.default.acme.httpChallenge]
|
||||||
"git.suprememachines.de",
|
entryPoint = "web"
|
||||||
"pad.suprememachines.de",
|
|
||||||
]
|
|
||||||
|
|
||||||
[[acme.domains]]
|
[[tls.certificates]]
|
||||||
main = "aloneonline.net"
|
certFile = "cert/snakeoil.pem"
|
||||||
sans = ["www.aloneonline.net"]
|
keyFile = "cert/snakeoil.key"
|
||||||
|
[[tls.certificates]]
|
||||||
[[acme.domains]]
|
certFile = "cert/bitmask.me.origin.pem"
|
||||||
main = "graphs.xhain.space"
|
keyFile = "cert/bitmask.me.origin.key"
|
||||||
|
[[tls.certificates]]
|
||||||
# You can define multiple of these blocks, each of which will result in one
|
certFile = "cert/grun.host.origin.pem"
|
||||||
# certificate.
|
keyFile = "cert/grun.host.origin.key"
|
||||||
#[[acme.domains]]
|
|
||||||
# main = "zombi.systems"
|
|
||||||
# sans = ["www.zombi.systems", "blog.zombi.systems"]
|
|
||||||
|
|
|
@ -2,8 +2,7 @@ version: '2'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
proxy:
|
proxy:
|
||||||
image: traefik:1.7
|
image: traefik:v2.1
|
||||||
command: --logLevel=ERROR
|
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
- "443:443"
|
- "443:443"
|
||||||
|
@ -13,9 +12,29 @@ services:
|
||||||
- "./cert/:/cert/"
|
- "./cert/:/cert/"
|
||||||
- "./config/:/etc/traefik/:ro"
|
- "./config/:/etc/traefik/:ro"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=false" # set to true to expose the Monitoring & API
|
- "traefik.enable=true" # set to true to expose the Monitoring & API
|
||||||
|
# middleware redirect
|
||||||
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||||
|
# global redirect to https
|
||||||
|
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
||||||
|
- "traefik.http.routers.http-catchall.entrypoints=web"
|
||||||
|
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
||||||
|
|
||||||
- "traefik.backend=proxy"
|
- "traefik.backend=proxy"
|
||||||
- "traefik.port=8080"
|
- "traefik.port=8080"
|
||||||
|
# Password middleware
|
||||||
|
#- "traefik.http.middlewares.auth.basicauth.users=zombi:zombibi0815"
|
||||||
|
# Dashboard
|
||||||
|
- "traefik.http.routers.dashboard.rule=host(`test.zom.bi`)"
|
||||||
|
- "traefik.http.routers.dashboard.entrypoints=websecure"
|
||||||
|
- "traefik.http.routers.dashboard.tls=true"
|
||||||
|
- "traefik.http.routers.dashboard.service=api@internal"
|
||||||
|
- "traefik.http.routers.dashboard.tls.certresolver=default"
|
||||||
|
- "traefik.http.routers.dashboard.tls.domains[0].main=zom.bi"
|
||||||
|
- "traefik.http.routers.dashboard.tls.domains[0].sans=conference.zom.bi,mumble.zom.bi,mx.zom.bi,user.zom.bi,xmpp.zom.bi,irc.zom.bi,api.zom.bi,autoconfig.zom.bi,blog.zom.bi,cloud.zom.bi,docker.zom.bi,download.zom.bi,gdpr.zom.bi,git.zom.bi,kanban.zom.bi,mail.zom.bi,music.zom.bi,org.zom.bi,ovpn.zom.bi,pad.zom.bi,push.zom.bi,static.zom.bi,stream.zom.bi,tube.zom.bi,upload.zom.bi,wiki.zom.bi,www.zom.bi,test.zom.bi"
|
||||||
|
#- "traefik.http.routers.dashboard.middlewares=auth"
|
||||||
|
|
||||||
|
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
|
||||||
networks:
|
networks:
|
||||||
- "web"
|
- "web"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue