feat(traefik_lb): Add a Traefik LB configuration
This commit is contained in:
parent
9786534a2e
commit
abd1dd06fc
|
@ -0,0 +1 @@
|
||||||
|
TRAEFIK_DOMAIN=localhost
|
|
@ -0,0 +1,3 @@
|
||||||
|
# Traefik Load Balancer
|
||||||
|
|
||||||
|
Il s'agit d'une configuration dépendante du service [Traefik](../traefik) auquel une configuration de load balancer et de terminaison SSL/TLS a été ajoutée .
|
|
@ -0,0 +1,82 @@
|
||||||
|
version: "3.8"
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
driver: bridge
|
||||||
|
traefik:
|
||||||
|
name: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||||
|
|
||||||
|
services:
|
||||||
|
# speedtest-exporter:
|
||||||
|
# image: ghcr.io/miguelndecarvalho/speedtest-exporter:v3.2.2
|
||||||
|
# container_name: speedtest-exporter
|
||||||
|
# environment:
|
||||||
|
# # - SPEEDTEST_PORT=<speedtest-port> #optional
|
||||||
|
# - SPEEDTEST_SEVER=2023 #optional
|
||||||
|
# ports:
|
||||||
|
# - 9798:9798
|
||||||
|
# restart: unless-stopped
|
||||||
|
# labels:
|
||||||
|
# traefik.enable: 'true'
|
||||||
|
# traefik.docker.network: ${TRAEFIK_NETWORK_NAME:-traefik}
|
||||||
|
# traefik.http.routers.speedtest.rule: 'Host(`speedtest.violet.weko.io`)'
|
||||||
|
# traefik.http.routers.speedtest.entrypoints: 'websecure'
|
||||||
|
|
||||||
|
traefik:
|
||||||
|
ports:
|
||||||
|
- target: 443
|
||||||
|
published: 443
|
||||||
|
protocol: tcp
|
||||||
|
mode: host
|
||||||
|
environment:
|
||||||
|
OVH_APPLICATION_KEY: ${TRAEFIK_OVH_APPLICATION_KEY}
|
||||||
|
OVH_APPLICATION_SECRET: ${TRAEFIK_OVH_APPLICATION_SECRET}
|
||||||
|
OVH_CONSUMER_KEY: ${TRAEFIK_OVH_CONSUMER_KEY}
|
||||||
|
OVH_ENDPOINT: ovh-eu
|
||||||
|
OVH_POLLING_INTERVAL: 30
|
||||||
|
OVH_PROPAGATION_TIMEOUT: 3600
|
||||||
|
command:
|
||||||
|
# - --accesslog=true
|
||||||
|
- --api.insecure=true
|
||||||
|
- --log.level=INFO
|
||||||
|
- --global.sendanonymoususage=false
|
||||||
|
- --global.checknewversion=false
|
||||||
|
- --metrics.prometheus=true
|
||||||
|
- --pilot.dashboard=false
|
||||||
|
|
||||||
|
- --providers.docker
|
||||||
|
- --providers.docker.exposedbydefault=false
|
||||||
|
- --providers.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
|
||||||
|
- --providers.file.filename=/traefik/dynamic_conf.toml
|
||||||
|
|
||||||
|
# Redirection HTTP to HTTPS
|
||||||
|
- --entrypoints.web.address=:80
|
||||||
|
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
||||||
|
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||||
|
- --entrypoints.websecure.address=:443
|
||||||
|
|
||||||
|
# Redirection automatique https://www.* to https://*
|
||||||
|
#- --entrypoints.websecure.http.middlewares=redirect-www
|
||||||
|
|
||||||
|
- --entryPoints.traefik.address=:8080
|
||||||
|
|
||||||
|
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
|
||||||
|
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
|
||||||
|
- --certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_EMAIL}
|
||||||
|
- --certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json
|
||||||
|
|
||||||
|
- --certificatesResolvers.ovh.acme.dnsChallenge=true
|
||||||
|
- --certificatesResolvers.ovh.acme.dnsChallenge.provider=ovh
|
||||||
|
# - --certificatesResolvers.ovh.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
|
||||||
|
- --certificatesresolvers.ovh.acme.storage=/traefik/ovh.json
|
||||||
|
- --certificatesresolvers.ovh.acme.email=${TRAEFIK_EMAIL}
|
||||||
|
labels:
|
||||||
|
traefik.http.middlewares.redirect-www.redirectregex.permanent: 'true'
|
||||||
|
traefik.http.middlewares.redirect-www.redirectregex.regex: 'https://www\.(.*)'
|
||||||
|
traefik.http.middlewares.redirect-www.redirectregex.replacement: 'https://$${1}'
|
||||||
|
traefik.entrypoints.websecure.http.middlewares: '["redirect-www"]'
|
||||||
|
|
||||||
|
traefik.http.routers.traefik.entrypoints: 'websecure'
|
||||||
|
traefik.http.routers.traefik.tls.certResolver: 'letsencrypt'
|
||||||
|
traefik.http.routers.traefik.priority: '2000'
|
||||||
|
|
|
@ -0,0 +1,41 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||||
|
. $DIR/../help.sh
|
||||||
|
|
||||||
|
traefik_help() {
|
||||||
|
echo "./run backup : Lancement de la sauvegarde de Traefik"
|
||||||
|
echo "./run restore : Restauration de la sauvegarde de Traefik"
|
||||||
|
}
|
||||||
|
|
||||||
|
traefik_backup() {
|
||||||
|
script_env
|
||||||
|
BACKUP_DATE_DEFAULT=`date +%Y%m%d_%H%M%S`
|
||||||
|
BACKUP_DATE=${BACKUP_DATE:-$BACKUP_DATE_DEFAULT}
|
||||||
|
backup_folder_create
|
||||||
|
|
||||||
|
docker run -it --rm -v $HOME/backups/${TRAEFIK_DOMAIN}:/backup --volumes-from traefik alpine:3.12.3 ash -c "cd /traefik && tar cvf /backup/${BACKUP_DATE}_${TRAEFIK_DOMAIN}_config.tar ."
|
||||||
|
}
|
||||||
|
|
||||||
|
traefik_restore() {
|
||||||
|
script_env
|
||||||
|
docker run -it --rm -v $HOME/backups/${TRAEFIK_DOMAIN}:/backup --volumes-from traefik alpine:3.12.3 ash -c "cd /traefik && tar xvf /backup/${BACKUP_DATE}_${TRAEFIK_DOMAIN}_config.tar --strip 1"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ $# -ge 1 ]; then
|
||||||
|
if [ "${1}" == "backup" ]; then
|
||||||
|
script_start
|
||||||
|
traefik_backup
|
||||||
|
script_end
|
||||||
|
elif [ "${1}" == "restore" ]; then
|
||||||
|
script_start
|
||||||
|
traefik_restore
|
||||||
|
script_end
|
||||||
|
elif [ "${1}" != "--only-source" ]; then
|
||||||
|
traefik_help
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
traefik_help
|
||||||
|
fi
|
Loading…
Reference in New Issue