Merge pull request 'feat(traefik_lb): Add a Traefik LB configuration' (#6) from traefik-lb into main

Reviewed-on: https://git.weko.io/resilien/services/pulls/6
This commit is contained in:
Simon 2021-11-15 10:07:31 +01:00
commit bed39a6286
4 changed files with 67 additions and 8 deletions

View File

@ -0,0 +1,17 @@
version: "3.8"
services:
traefik:
environment:
OVH_APPLICATION_KEY: ${TRAEFIK_OVH_APPLICATION_KEY}
OVH_APPLICATION_SECRET: ${TRAEFIK_OVH_APPLICATION_SECRET}
OVH_CONSUMER_KEY: ${TRAEFIK_OVH_CONSUMER_KEY}
OVH_ENDPOINT: ${OVH_ENDPOINT:-ovh-eu}
OVH_POLLING_INTERVAL: ${OVH_POLLING_INTERVAL:-30}
OVH_PROPAGATION_TIMEOUT: ${OVH_PROPAGATION_TIMEOUT:-3600}
command:
- --certificatesResolvers.ovh.acme.dnsChallenge=true
- --certificatesResolvers.ovh.acme.dnsChallenge.provider=ovh
# - --certificatesResolvers.ovh.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.ovh.acme.storage=/traefik/ovh.json
- --certificatesresolvers.ovh.acme.email=${TRAEFIK_EMAIL}

View File

@ -0,0 +1,14 @@
version: "3.8"
services:
traefik:
command:
# Redirection HTTP to HTTPS
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
labels:
# Redirection to remove www.
traefik.http.middlewares.redirect-www.redirectregex.permanent: 'true'
traefik.http.middlewares.redirect-www.redirectregex.regex: 'https://www\.(.*)'
traefik.http.middlewares.redirect-www.redirectregex.replacement: 'https://$${1}'
traefik.entrypoints.websecure.http.middlewares: '["redirect-www"]'

View File

@ -0,0 +1,25 @@
version: "3.8"
networks:
default:
driver: bridge
services:
ports:
- target: 443
published: 443
protocol: tcp
mode: host
command:
- --providers.file.filename=/traefik/dynamic_conf.toml
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_EMAIL}
- --certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json
labels:
traefik.http.routers.traefik.entrypoints: 'websecure'
traefik.http.routers.traefik.tls.certResolver: 'letsencrypt'
traefik.http.routers.traefik.priority: '2000'

View File

@ -15,7 +15,7 @@ services:
restart: always restart: always
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ${TRAEFIK_VOLUME_NAME:-traefik}:/traefik - traefik:/traefik
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
ports: ports:
@ -24,19 +24,22 @@ services:
protocol: tcp protocol: tcp
mode: host mode: host
networks: networks:
- ${TRAEFIK_NETWORK_NAME:-traefik} - traefik
command: command:
- --api.insecure=true - --api.insecure=${TRAEFIK_API_INSECURE:-true}
- --log.level=INFO - --log.level=${TRAEFIK_LOG_LEVEL:-INFO}
- --global.sendanonymoususage=false - --global.sendanonymoususage=${TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE:-false}
- --global.checknewversion=false - --global.checknewversion=${TRAEFIK_GLOBAL_CHECKNEWVERSION:-false}
- --pilot.dashboard=false - --pilot.dashboard=${TRAEFIK_PILOT_DASHBOARD:-false}
- --metrics.prometheus=true - --metrics.prometheus=${TRAEFIK_METRICS_PROMETHEUS:-true}
- --accesslog=${TRAEFIK_ACCESSLOG:-false}
- --providers.docker - --providers.docker
- --providers.docker.exposedbydefault=false - --providers.docker.exposedbydefault=false
- --providers.docker.network=${TRAEFIK_NETWORK_NAME:-traefik} - --providers.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
- --entryPoints.traefik.address=:8080
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --entryPoints.web.forwardedHeaders.insecure - --entryPoints.web.forwardedHeaders.insecure
labels: labels: