phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Replace nginx reverse proxy by traefik

Browse source
This commit is contained in:
Paul-Henri Froidmont 2018-04-25 15:26:28 +02:00
parent fd30d66ffb
commit cfaa48e02a
30 changed files with 271 additions and 161 deletions
Download patch file Download diff file Expand all files Collapse all files

1
playbook.yml
View file

@ -22,6 +22,7 @@
- { role: torrent-docker, tags: [ 'torrent', 'docker' ] }
- { role: monit, tags: [ 'monit' ] }
- { role: arch-mirror-docker, tags: [ 'mirror', 'docker' ] }
- { role: traefik-proxy-docker, tags: [ 'traefik', 'docker' ] }
# vars_prompt:
# - name: "ansible_sudo_pass"
# prompt: "Sudo password"

17
roles/arch-mirror-docker/files/arch-mirror/docker-compose.yml
View file

@ -1,21 +1,24 @@
version: '2.2'
networks:
proxy-tier:
web:
external:
name: nginx-proxy
name: web
services:
arch-mirror:
image: nginx:latest
expose:
- 80
environment:
- VIRTUAL_HOST=arch.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
labels:
- "traefik.backend=arch-mirror"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:arch.banditlair.com"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.default.protocol=http"
volumes:
- /srv/repo:/usr/share/nginx/html:ro
networks:
- proxy-tier
- web
restart: always

2
roles/arch-mirror-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker

16
roles/emby-docker/files/emby/docker-compose.yml
View file

@ -1,9 +1,9 @@
version: '2.2'
networks:
proxy-tier:
web:
external:
name: nginx-proxy
name: web
services:
emby:
@ -15,9 +15,13 @@ services:
environment:
- UID=33
- GID=33
- VIRTUAL_HOST=emby.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=8096
labels:
- "traefik.backend=emby"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:emby.banditlair.com"
- "traefik.enable=true"
- "traefik.port=8096"
- "traefik.default.protocol=http"
networks:
- proxy-tier
- web
restart: always

2
roles/emby-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker

17
roles/gitlab-docker/files/gitlab/docker-compose.yml
View file

@ -1,18 +1,21 @@
version: '2.2'
networks:
proxy-tier:
web:
external:
name: nginx-proxy
name: web
services:
gitlab:
image: 'gitlab/gitlab-ce:latest'
hostname: ${GITLAB_DOMAIN}
environment:
- VIRTUAL_HOST=${GITLAB_DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=9090
labels:
- "traefik.backend=gitlab"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:gitlab.banditlair.com"
- "traefik.enable=true"
- "traefik.port=9090"
- "traefik.default.protocol=http"
ports:
- "2224:22"
expose:
@ -24,7 +27,7 @@ services:
- /backups/gitlab:/var/opt/gitlab/backups
- /etc/localtime:/etc/localtime:ro
networks:
- proxy-tier
- web
restart: always
runner:

2
roles/gitlab-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker

34
roles/mailu-docker/files/mailu/docker-compose.yml
View file

@ -1,9 +1,9 @@
version: '2'
networks:
proxy-tier:
web:
external:
name: nginx-proxy
name: web
services:
front:
@ -19,8 +19,8 @@ services:
- "$BIND_ADDRESS4:465:465"
- "$BIND_ADDRESS4:587:587"
volumes:
- "../proxy/nginx/certs/${DOMAIN}.crt:/certs/cert.pem"
- "../proxy/nginx/certs/${DOMAIN}.key:/certs/key.pem"
- "../traefik/certs/ssl/banditlair.com.crt:/certs/cert.pem"
- "../traefik/certs/ssl/banditlair.com.key:/certs/key.pem"
redis:
image: redis:alpine
restart: always
@ -73,10 +73,13 @@ services:
env_file: .env
expose:
- 80
environment:
- VIRTUAL_HOST=mailu.banditlair.com,mail.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
labels:
- "traefik.backend=mailu-admin"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:mailu.banditlair.com"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.default.protocol=http"
volumes:
- "$ROOT/data:/data"
- "$ROOT/dkim:/dkim"
@ -84,7 +87,7 @@ services:
depends_on:
- redis
networks:
- proxy-tier
- web
- default
webmail:
@ -92,14 +95,17 @@ services:
restart: always
expose:
- 8888
environment:
- VIRTUAL_HOST=webmail.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=8888
labels:
- "traefik.backend=webmail"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:webmail.banditlair.com"
- "traefik.enable=true"
- "traefik.port=8888"
- "traefik.default.protocol=http"
volumes:
- "$ROOT/webmail:/rainloop/data"
networks:
- proxy-tier
- web
- default
fetchmail:

2
roles/mailu-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker

18
roles/matrix-docker/files/matrix/docker-compose.yml
View file

@ -3,7 +3,6 @@ services:
db:
image: postgres:9.6
restart: always
# Adding 127.0.0.1 ensures the port isn't exposed ON the host
ports:
- "127.0.0.1:5432:5432"
volumes:
@ -22,10 +21,13 @@ services:
- "127.0.0.1:8008:8008"
- "8448:8448"
- "3478:3478"
environment:
- VIRTUAL_HOST=matrix.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=8008
labels:
- "traefik.backend=synapse"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:matrix.banditlair.com"
- "traefik.enable=true"
- "traefik.port=8008"
- "traefik.default.protocol=http"
volumes:
- /var/lib/matrix/media_store:/data/media_store
- /var/log/synapse:/data/log
@ -33,13 +35,13 @@ services:
- /etc/localtime:/etc/localtime:ro
networks:
- matrix
- proxy-tier
- web
restart: always
networks:
matrix:
external:
name: matrix-network
proxy-tier:
web:
external:
name: nginx-proxy
name: web

2
roles/matrix-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker

32
roles/nextcloud-docker/files/nextcloud/docker-compose.yml
View file

@ -1,9 +1,9 @@
version: '3'
networks:
proxy-tier:
web:
external:
name: nginx-proxy
name: web
services:
web:
@ -11,15 +11,18 @@ services:
volumes:
- /var/lib/nextcloud:/var/www/html:ro
- /etc/localtime:/etc/localtime:ro
environment:
- VIRTUAL_HOST=${CLOUD_DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
labels:
- "traefik.backend=nextcloud"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:cloud.banditlair.com"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.default.protocol=http"
depends_on:
- app
# - collabora
networks:
- proxy-tier
- web
- default
restart: always
@ -65,17 +68,18 @@ services:
tty: true
expose:
- '80'
environment:
- VIRTUAL_HOST=office.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=office.banditlair.com
- LETSENCRYPT_EMAIL=letsencrypt.account@banditlair.com
labels:
- "traefik.backend=onlyoffice"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:office.banditlair.com"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.default.protocol=http"
volumes:
- /var/lib/onlyoffice:/var/www/onlyoffice/Data
- /var/log/onlyoffice:/var/log/onlyoffice
networks:
- proxy-tier
- web
- default
restart: always

2
roles/nextcloud-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker

1
roles/nginx-proxy-docker/files/proxy/.env
View file

@ -1 +0,0 @@
COMPOSE_PROJECT_NAME=proxy

34
roles/nginx-proxy-docker/files/proxy/docker-compose.yml
View file

@ -1,34 +0,0 @@
version: '2.2'
networks:
default:
external:
name: nginx-proxy
services:
nginx:
image: jwilder/nginx-proxy
ports:
- 80:80
- 443:443
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d
- ./nginx/vhost.d:/etc/nginx/vhost.d
- ./nginx/html:/usr/share/nginx/html
- ./nginx/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- /etc/localtime:/etc/localtime:ro
restart: always
letsencrypt-companion:
image: jrcs/letsencrypt-nginx-proxy-companion
# environment:
# - DEBUG=true
volumes_from:
- nginx
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./nginx/certs:/etc/nginx/certs:rw
restart: always

1
roles/nginx-proxy-docker/files/proxy/nginx/conf.d/custom.conf
View file

@ -1 +0,0 @@
client_max_body_size 10G;

2
roles/nginx-proxy-docker/meta/main.yml
View file

@ -1,2 +0,0 @@
dependencies:
- base-docker

10
roles/nginx-proxy-docker/tasks/main.yml
View file

@ -1,10 +0,0 @@
---
- name: Copy proxy config
copy: src=proxy dest={{docker_compose_files_folder}}
#- name: Copy certificates
# copy: src={{backup_folder}}/{{docker_compose_files_folder}}/proxy/nginx/certs dest={{docker_compose_files_folder}}/proxy/nginx
- name: Create nginx-proxy docker network
docker_network:
name: nginx-proxy
- name: Start proxy docker project
docker_service: project_src={{docker_compose_files_folder}}/proxy state=present

16
roles/plex-docker/files/plex/docker-compose.yml
View file

@ -1,9 +1,9 @@
version: '2.2'
networks:
proxy-tier:
web:
external:
name: nginx-proxy
name: web
services:
plex:
@ -16,10 +16,14 @@ services:
- /tmp:/tmp
- /etc/localtime:/etc/localtime:ro
environment:
- VIRTUAL_HOST=${PLEX_DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=32400
- ADVERTISE_IP=https://plex.banditlair.com/
labels:
- "traefik.backend=plex"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:plex.banditlair.com"
- "traefik.enable=true"
- "traefik.port=32400"
- "traefik.default.protocol=http"
networks:
- proxy-tier
- web
restart: always

2
roles/plex-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker

18
roles/searx-docker/files/searx/docker-compose.yml
View file

@ -1,9 +1,9 @@
version: '2.2'
networks:
proxy-tier:
web:
external:
name: nginx-proxy
name: web
services:
searx:
@ -11,11 +11,13 @@ services:
environment:
- BASE_URL="https://banditlair.com"
- IMAGE_PROXY=True
- VIRTUAL_HOST=banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=8888
- LETSENCRYPT_HOST=banditlair.com,mail.banditlair.com,mailu.banditlair.com,webmail.banditlair.com,gitlab.banditlair.com,cloud.banditlair.com,plex.banditlair.com,deluge.banditlair.com,rpg.banditlair.com,matrix.banditlair.com,emby.banditlair.com,arch.banditlair.com,sonarr.banditlair.com,radarr.banditlair.com,headphones.banditlair.com,jackett.banditlair.com,nzbget.banditlair.com
- LETSENCRYPT_EMAIL=letsencrypt.account@banditlair.com
labels:
- "traefik.backend=searx"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:banditlair.com"
- "traefik.enable=true"
- "traefik.port=8888"
- "traefik.default.protocol=http"
networks:
- proxy-tier
- web
restart: always

2
roles/searx-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker

76
roles/torrent-docker/files/torrent/docker-compose.yml
View file

@ -1,9 +1,9 @@
version: '2.2'
networks:
proxy-tier:
web:
external:
name: nginx-proxy
name: web
services:
deluge:
@ -31,12 +31,16 @@ services:
- DEBUG=false
- PUID=33
- PGID=33
- VIRTUAL_HOST=${DELUGE_DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=8112
labels:
- "traefik.backend=deluge"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:deluge.banditlair.com"
- "traefik.enable=true"
- "traefik.port=8112"
- "traefik.default.protocol=http"
restart: always
networks:
- proxy-tier
- web
sonarr:
image: linuxserver/sonarr
@ -45,9 +49,13 @@ services:
environment:
- PUID=33
- PGID=33
- VIRTUAL_HOST=sonarr.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=8989
labels:
- "traefik.backend=sonarr"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:sonarr.banditlair.com"
- "traefik.enable=true"
- "traefik.port=8989"
- "traefik.default.protocol=http"
volumes:
- /var/lib/deluge/completed:/downloads
- /var/lib/nzbget/downloads:/nzbget
@ -56,7 +64,7 @@ services:
- /etc/localtime:/etc/localtime:ro
restart: always
networks:
- proxy-tier
- web
radarr:
image: linuxserver/radarr
@ -65,9 +73,13 @@ services:
environment:
- PUID=33
- PGID=33
- VIRTUAL_HOST=radarr.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=7878
labels:
- "traefik.backend=radarr"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:radarr.banditlair.com"
- "traefik.enable=true"
- "traefik.port=7878"
- "traefik.default.protocol=http"
volumes:
- /var/lib/deluge/completed:/downloads
- /var/lib/nzbget/downloads:/nzbget
@ -76,7 +88,7 @@ services:
- /etc/localtime:/etc/localtime:ro
restart: always
networks:
- proxy-tier
- web
headphones:
image: linuxserver/headphones
@ -85,9 +97,13 @@ services:
environment:
- PUID=33
- PGID=33
- VIRTUAL_HOST=headphones.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=8181
labels:
- "traefik.backend=headphones"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:headphones.banditlair.com"
- "traefik.enable=true"
- "traefik.port=8181"
- "traefik.default.protocol=http"
volumes:
- /var/lib/deluge/completed:/downloads
- ./config/headphones:/config
@ -95,7 +111,7 @@ services:
- /etc/localtime:/etc/localtime:ro
restart: always
networks:
- proxy-tier
- web
nzbget:
image: linuxserver/nzbget
@ -104,16 +120,20 @@ services:
environment:
- PUID=33
- PGID=33
- VIRTUAL_HOST=nzbget.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=6789
labels:
- "traefik.backend=nzbget"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:nzbget.banditlair.com"
- "traefik.enable=true"
- "traefik.port=6789"
- "traefik.default.protocol=http"
volumes:
- /var/lib/nzbget/downloads:/downloads
- ./config/nzbget:/config
- /etc/localtime:/etc/localtime:ro
restart: always
networks:
- proxy-tier
- web
jackett:
image: linuxserver/jackett
@ -122,13 +142,17 @@ services:
environment:
- PUID=33
- PGID=33
- VIRTUAL_HOST=jackett.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=9117
labels:
- "traefik.backend=jackett"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:jackett.banditlair.com"
- "traefik.enable=true"
- "traefik.port=9117"
- "traefik.default.protocol=http"
volumes:
# - /var/lib/deluge/completed:/downloads
- ./config/jackett:/config
- /etc/localtime:/etc/localtime:ro
restart: always
networks:
- proxy-tier
- web

2
roles/torrent-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker

40
roles/traefik-proxy-docker/files/traefik/data/traefik.toml Normal file
View file

@ -0,0 +1,40 @@
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.traefik]
address = ":8080"
# Activate API and Dashboard
[api]
entryPoint = "traefik"
dashboard = true
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "banditlair.com"
watch = true
exposedbydefault = false
[acme]
email = "letsencrypt.account@banditlair.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "banditlair.com"
sans = ["mail.banditlair.com"]

49
roles/traefik-proxy-docker/files/traefik/docker-compose.yml Normal file
View file

@ -0,0 +1,49 @@
version: '3'
services:
traefik:
container_name: traefik
image: traefik:1.6.0-rc6-alpine
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/etc/traefik
- ./certs/acme.json:/acme.json
labels:
- "traefik.backend=traefik"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:traefik.banditlair.com"
- "traefik.enable=true"
- "traefik.port=8080"
- "traefik.default.protocol=http"
- "traefik.frontend.auth.basic=admin:${TRAEFIK_DASHBOARD_PASSWORD_HASH}"
networks:
- web
restart: always
# Watch acme.json and dump certificates to files
certdumper:
container_name: traefik_certdumper
image: alpine:latest
depends_on:
- traefik
restart: unless-stopped
volumes:
- ./certs:/traefik
command: >
ash -c " \
apk --no-cache add inotify-tools jq openssl util-linux bash && \
wget https://raw.githubusercontent.com/containous/traefik/master/contrib/scripts/dumpcerts.sh -O dumpcerts.sh && \
mkdir -p /traefik/ssl/ && \
while true; do \
inotifywait -e modify /traefik/acme.json && \
bash dumpcerts.sh /traefik/acme.json /traefik/ssl/ && \
ln -f /traefik/ssl/certs/* /traefik/ssl/ && \
ln -f /traefik/ssl/private/* /traefik/ssl/; \
done"
networks:
web:
external: true

12
roles/traefik-proxy-docker/tasks/main.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Copy traefik config
copy: src=traefik dest={{docker_compose_files_folder}}
- name: Create traefik .env
template:
src: traefik/.env
dest: "{{docker_compose_files_folder}}/traefik/.env"
- name: Create web docker network
docker_network:
name: web
- name: Start traefik docker project
docker_service: project_src={{docker_compose_files_folder}}/traefik state=present

1
roles/traefik-proxy-docker/templates/traefik/.env Normal file
View file

@ -0,0 +1 @@
TRAEFIK_DASHBOARD_PASSWORD_HASH={{traefik_dashboard_password_hash}}

17
roles/wiki-docker/files/wiki/docker-compose.yml
View file

@ -1,22 +1,25 @@
version: '2.2'
networks:
proxy-tier:
web:
external:
name: nginx-proxy
name: web
services:
rpg_wiki:
image: 'bitnami/dokuwiki:0.20170219.201708232029-r7'
expose:
- 80
environment:
- VIRTUAL_HOST=rpg.banditlair.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
volumes:
- '/var/lib/wiki/rpg:/bitnami'
- /etc/localtime:/etc/localtime:ro
labels:
- "traefik.backend=rpg_wiki"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:rpg.banditlair.com"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.default.protocol=http"
networks:
- proxy-tier
- web
restart: always

2
roles/wiki-docker/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- nginx-proxy-docker
- traefik-proxy-docker