feat(traefik_lb): Add a Traefik LB configuration
This commit is contained in:
parent
9786534a2e
commit
abd1dd06fc
|
|
@ -0,0 +1 @@
|
|||
TRAEFIK_DOMAIN=localhost
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
# Traefik Load Balancer
|
||||
|
||||
Il s'agit d'une configuration dépendante du service [Traefik](../traefik) auquel une configuration de load balancer et de terminaison SSL/TLS a été ajoutée .
|
||||
|
|
@ -0,0 +1,82 @@
|
|||
version: "3.8"
|
||||
|
||||
networks:
|
||||
default:
|
||||
driver: bridge
|
||||
traefik:
|
||||
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
|
||||
services:
|
||||
# speedtest-exporter:
|
||||
# image: ghcr.io/miguelndecarvalho/speedtest-exporter:v3.2.2
|
||||
# container_name: speedtest-exporter
|
||||
# environment:
|
||||
# # - SPEEDTEST_PORT=<speedtest-port> #optional
|
||||
# - SPEEDTEST_SEVER=2023 #optional
|
||||
# ports:
|
||||
# - 9798:9798
|
||||
# restart: unless-stopped
|
||||
# labels:
|
||||
# traefik.enable: 'true'
|
||||
# traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
# traefik.http.routers.speedtest.rule: 'Host(`speedtest.violet.weko.io`)'
|
||||
# traefik.http.routers.speedtest.entrypoints: 'websecure'
|
||||
|
||||
traefik:
|
||||
ports:
|
||||
- target: 443
|
||||
published: 443
|
||||
protocol: tcp
|
||||
mode: host
|
||||
environment:
|
||||
OVH_APPLICATION_KEY: ${TRAEFIK_OVH_APPLICATION_KEY}
|
||||
OVH_APPLICATION_SECRET: ${TRAEFIK_OVH_APPLICATION_SECRET}
|
||||
OVH_CONSUMER_KEY: ${TRAEFIK_OVH_CONSUMER_KEY}
|
||||
OVH_ENDPOINT: ovh-eu
|
||||
OVH_POLLING_INTERVAL: 30
|
||||
OVH_PROPAGATION_TIMEOUT: 3600
|
||||
command:
|
||||
# - --accesslog=true
|
||||
- --api.insecure=true
|
||||
- --log.level=INFO
|
||||
- --global.sendanonymoususage=false
|
||||
- --global.checknewversion=false
|
||||
- --metrics.prometheus=true
|
||||
- --pilot.dashboard=false
|
||||
|
||||
- --providers.docker
|
||||
- --providers.docker.exposedbydefault=false
|
||||
- --providers.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||
- --providers.file.filename=/traefik/dynamic_conf.toml
|
||||
|
||||
# Redirection HTTP to HTTPS
|
||||
- --entrypoints.web.address=:80
|
||||
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
||||
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||
- --entrypoints.websecure.address=:443
|
||||
|
||||
# Redirection automatique https://www.* to https://*
|
||||
#- --entrypoints.websecure.http.middlewares=redirect-www
|
||||
|
||||
- --entryPoints.traefik.address=:8080
|
||||
|
||||
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
|
||||
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
|
||||
- --certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_EMAIL}
|
||||
- --certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json
|
||||
|
||||
- --certificatesResolvers.ovh.acme.dnsChallenge=true
|
||||
- --certificatesResolvers.ovh.acme.dnsChallenge.provider=ovh
|
||||
# - --certificatesResolvers.ovh.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
- --certificatesresolvers.ovh.acme.storage=/traefik/ovh.json
|
||||
- --certificatesresolvers.ovh.acme.email=${TRAEFIK_EMAIL}
|
||||
labels:
|
||||
traefik.http.middlewares.redirect-www.redirectregex.permanent: 'true'
|
||||
traefik.http.middlewares.redirect-www.redirectregex.regex: 'https://www\.(.*)'
|
||||
traefik.http.middlewares.redirect-www.redirectregex.replacement: 'https://$${1}'
|
||||
traefik.entrypoints.websecure.http.middlewares: '["redirect-www"]'
|
||||
|
||||
traefik.http.routers.traefik.entrypoints: 'websecure'
|
||||
traefik.http.routers.traefik.tls.certResolver: 'letsencrypt'
|
||||
traefik.http.routers.traefik.priority: '2000'
|
||||
|
||||
|
|
@ -0,0 +1,41 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
|
||||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
. $DIR/../help.sh
|
||||
|
||||
traefik_help() {
|
||||
echo "./run backup : Lancement de la sauvegarde de Traefik"
|
||||
echo "./run restore : Restauration de la sauvegarde de Traefik"
|
||||
}
|
||||
|
||||
traefik_backup() {
|
||||
script_env
|
||||
BACKUP_DATE_DEFAULT=`date +%Y%m%d_%H%M%S`
|
||||
BACKUP_DATE=${BACKUP_DATE:-$BACKUP_DATE_DEFAULT}
|
||||
backup_folder_create
|
||||
|
||||
docker run -it --rm -v $HOME/backups/${TRAEFIK_DOMAIN}:/backup --volumes-from traefik alpine:3.12.3 ash -c "cd /traefik && tar cvf /backup/${BACKUP_DATE}_${TRAEFIK_DOMAIN}_config.tar ."
|
||||
}
|
||||
|
||||
traefik_restore() {
|
||||
script_env
|
||||
docker run -it --rm -v $HOME/backups/${TRAEFIK_DOMAIN}:/backup --volumes-from traefik alpine:3.12.3 ash -c "cd /traefik && tar xvf /backup/${BACKUP_DATE}_${TRAEFIK_DOMAIN}_config.tar --strip 1"
|
||||
}
|
||||
|
||||
if [ $# -ge 1 ]; then
|
||||
if [ "${1}" == "backup" ]; then
|
||||
script_start
|
||||
traefik_backup
|
||||
script_end
|
||||
elif [ "${1}" == "restore" ]; then
|
||||
script_start
|
||||
traefik_restore
|
||||
script_end
|
||||
elif [ "${1}" != "--only-source" ]; then
|
||||
traefik_help
|
||||
fi
|
||||
else
|
||||
traefik_help
|
||||
fi
|
||||
Loading…
Reference in New Issue