KeyArgo
/
seedbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to Traefik v2

This commit is contained in:
Jean Froment 2020-09-11 12:03:17 +02:00
parent 006b8aa327
commit 054d0c30e5
6 changed files with 128 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.env.sample
View File

@ -1,18 +1,21 @@
# General Traefik (reverse proxy) settings
TRAEFIK_DOMAIN=mydomain.com TRAEFIK_DOMAIN=mydomain.com
ACME_MAIL=my-email@my-provider.com ACME_MAIL=my-email@my-provider.com
# HTTP Auth
HTTP_USER=myuser HTTP_USER=myuser
HTTP_PASSWORD=mypassword_encoded HTTP_PASSWORD=mypassword_encoded
PORTAINER_ADMIN_PASSWORD=h4ckMePleAse
# Containers permissions mapping
PGID=1000 PGID=1000
PUID=1000 PUID=1000
# now these cloufdlare variables are useless
CLOUDFLARE_EMAIL=your@email.com
CLOUDFLARE_API_KEY=your_cloudflare_api_key
# Nextcloud # Nextcloud
NEXTCLOUD_ADMIN_USER=admin NEXTCLOUD_ADMIN_USER=admin
NEXTCLOUD_ADMIN_PASSWORD=nextcloud_admin_password NEXTCLOUD_ADMIN_PASSWORD=nextcloud_admin_password
NEXTCLOUD_DB_NAME=nextcloud_db_name NEXTCLOUD_DB_NAME=nextcloud_db_name
NEXTCLOUD_DB_USER=nextcloud NEXTCLOUD_DB_USER=nextcloud
NEXTCLOUD_DB_PASSWORD=nextcloud_db_password NEXTCLOUD_DB_PASSWORD=nextcloud_db_password
# Portainer
PORTAINER_ADMIN_PASSWORD=h4ckMePleAse

1
.gitignore vendored
View File

@ -3,4 +3,5 @@
/config /config
tunnel-options.sh tunnel-options.sh
.env .env
http_auth
backup/ backup/

187
docker-compose.yml
View File

@ -2,30 +2,37 @@ version: '3'
services: services:
traefik: traefik:
image: traefik:v1.7-alpine image: traefik:v2
container_name: traefik container_name: traefik
restart: always restart: always
networks: command: --certificatesresolvers.le.acme.email=${ACME_MAIL}
- webgateway
command: --acme.email=${ACME_MAIL} --docker.domain=${TRAEFIK_DOMAIN} #--acme.dnschallenge=true --acme.dnschallenge.provider="cloudflare" --acme.dnschallenge.delaybeforecheck=300
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
#- "8080:8080"
# environment:
# - CF_API_EMAIL=${CLOUDFLARE_EMAIL}
# - CF_API_KEY=${CLOUDFLARE_API_KEY}
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml - ./traefik.yml:/etc/traefik/traefik.yaml:ro
- /opt/traefik/acme.json:/acme.json - /opt/traefik/acme.json:/acme.json
- ./http_auth:/http_auth
labels:
- "traefik.enable=true"
# HTTP to HTTPS redirection
- "traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)"
- "traefik.http.routers.http_catchall.entrypoints=insecure"
- "traefik.http.routers.http_catchall.middlewares=https_redirect"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"
# Docker labels for enabling Traefik dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.${TRAEFIK_DOMAIN}`)"
- "traefik.http.routers.traefik.entrypoints=secure"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=le"
- "traefik.http.routers.traefik.middlewares=common-auth"
deluge: deluge:
image: linuxserver/deluge image: linuxserver/deluge
container_name: deluge container_name: deluge
restart: always restart: always
networks:
- web
volumes: volumes:
- torrents:/torrents - torrents:/torrents
- configdeluge:/config - configdeluge:/config
@ -35,18 +42,16 @@ services:
- PUID=${PUID} - PUID=${PUID}
- TZ=Europe/Paris - TZ=Europe/Paris
labels: labels:
- 'traefik.backend=deluge' - "traefik.enable=true"
- 'traefik.port=8112' - "traefik.http.routers.deluge.rule=Host(`deluge.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:deluge.${TRAEFIK_DOMAIN}' - "traefik.http.routers.deluge.entrypoints=secure"
- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.deluge.tls.certresolver=le"
- 'traefik.enable=true' - "traefik.http.routers.deluge.middlewares=common-auth"
plex: plex:
image: linuxserver/plex image: linuxserver/plex
container_name: plex container_name: plex
restart: always restart: always
networks:
- web
ports: ports:
- "32400:32400" - "32400:32400"
- "32400:32400/udp" - "32400:32400/udp"
@ -62,20 +67,16 @@ services:
- PUID=${PUID} - PUID=${PUID}
- TZ=Europe/Paris - TZ=Europe/Paris
- VERSION=latest - VERSION=latest
#- VERSION=1.14.0.5470-9d51fdfaa
labels: labels:
- 'traefik.backend=plex' - "traefik.enable=true"
- 'traefik.port=32400' - "traefik.http.routers.plex.rule=Host(`plex.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:plex.${TRAEFIK_DOMAIN}' - "traefik.http.routers.plex.entrypoints=secure"
#- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.plex.tls.certresolver=le"
- 'traefik.enable=true'
jackett: jackett:
image: linuxserver/jackett image: linuxserver/jackett
container_name: jackett container_name: jackett
restart: always restart: always
networks:
- web
volumes: volumes:
- config:/config - config:/config
- torrents:/downloads - torrents:/downloads
@ -85,18 +86,16 @@ services:
- PUID=${PUID} - PUID=${PUID}
- TZ=Europe/Paris - TZ=Europe/Paris
labels: labels:
- 'traefik.backend=jackett' - "traefik.enable=true"
- 'traefik.port=9117' - "traefik.http.routers.jackett.rule=Host(`jackett.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:jackett.${TRAEFIK_DOMAIN}' - "traefik.http.routers.jackett.entrypoints=secure"
- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.jackett.tls.certresolver=le"
- 'traefik.enable=true' - "traefik.http.routers.jackett.middlewares=common-auth"
sonarr: sonarr:
image: linuxserver/sonarr:preview image: linuxserver/sonarr:preview
container_name: sonarr container_name: sonarr
restart: always restart: always
networks:
- web
volumes: volumes:
- configsonarr:/config - configsonarr:/config
- torrents:/torrents - torrents:/torrents
@ -106,18 +105,16 @@ services:
- PUID=${PUID} - PUID=${PUID}
- TZ=Europe/Paris - TZ=Europe/Paris
labels: labels:
- 'traefik.backend=sonarr' - "traefik.enable=true"
- 'traefik.port=8989' - "traefik.http.routers.sonarr.rule=Host(`sonarr.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:sonarr.${TRAEFIK_DOMAIN}' - "traefik.http.routers.sonarr.entrypoints=secure"
- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.sonarr.tls.certresolver=le"
- 'traefik.enable=true' - "traefik.http.routers.sonarr.middlewares=common-auth"
radarr: radarr:
image: linuxserver/radarr image: linuxserver/radarr
container_name: radarr container_name: radarr
restart: always restart: always
networks:
- web
volumes: volumes:
- configradarr:/config - configradarr:/config
- torrents:/torrents - torrents:/torrents
@ -127,18 +124,16 @@ services:
- PUID=${PUID} - PUID=${PUID}
- TZ=Europe/Paris - TZ=Europe/Paris
labels: labels:
- 'traefik.backend=radarr' - "traefik.enable=true"
- 'traefik.port=7878' - "traefik.http.routers.radarr.rule=Host(`radarr.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:radarr.${TRAEFIK_DOMAIN}' - "traefik.http.routers.radarr.entrypoints=secure"
- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.radarr.tls.certresolver=le"
- 'traefik.enable=true' - "traefik.http.routers.radarr.middlewares=common-auth"
bazarr: bazarr:
image: linuxserver/bazarr image: linuxserver/bazarr
container_name: bazarr container_name: bazarr
restart: always restart: always
networks:
- web
volumes: volumes:
- torrents:/torrents - torrents:/torrents
- configbazarr:/config - configbazarr:/config
@ -147,18 +142,16 @@ services:
- PUID=${PUID} - PUID=${PUID}
- TZ=Europe/Paris - TZ=Europe/Paris
labels: labels:
- 'traefik.backend=bazarr' - "traefik.enable=true"
- 'traefik.port=6767' - "traefik.http.routers.bazarr.rule=Host(`bazarr.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:bazarr.${TRAEFIK_DOMAIN}' - "traefik.http.routers.bazarr.entrypoints=secure"
- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.bazarr.tls.certresolver=le"
- 'traefik.enable=true' - "traefik.http.routers.bazarr.middlewares=common-auth"
lidarr: lidarr:
image: linuxserver/lidarr:preview image: linuxserver/lidarr:preview
container_name: lidarr container_name: lidarr
restart: always restart: always
networks:
- web
volumes: volumes:
- configlidarr:/config - configlidarr:/config
- torrents:/torrents - torrents:/torrents
@ -167,18 +160,16 @@ services:
- PUID=${PUID} - PUID=${PUID}
- TZ=Europe/Paris - TZ=Europe/Paris
labels: labels:
- 'traefik.backend=lidarr' - "traefik.enable=true"
- 'traefik.port=8686' - "traefik.http.routers.lidarr.rule=Host(`lidarr.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:lidarr.${TRAEFIK_DOMAIN}' - "traefik.http.routers.lidarr.entrypoints=secure"
- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.lidarr.tls.certresolver=le"
- 'traefik.enable=true' - "traefik.http.routers.lidarr.middlewares=common-auth"
tautulli: tautulli:
image: linuxserver/tautulli image: linuxserver/tautulli
container_name: tautulli container_name: tautulli
restart: always restart: always
networks:
- web
volumes: volumes:
- configtautulli:/config - configtautulli:/config
- config:/logs:ro # Inside of tautulli, bind to logs via "/logs/Plex Media Server/Logs" - config:/logs:ro # Inside of tautulli, bind to logs via "/logs/Plex Media Server/Logs"
@ -187,16 +178,15 @@ services:
- PUID=${PUID} - PUID=${PUID}
- TZ=Europe/Paris - TZ=Europe/Paris
labels: labels:
- 'traefik.tautulli.backend=tautulli' - "traefik.enable=true"
- 'traefik.tautulli.port=8181' - "traefik.http.routers.tautulli.rule=Host(`tautulli.${TRAEFIK_DOMAIN}`)"
- 'traefik.tautulli.frontend.rule=Host:tautulli.${TRAEFIK_DOMAIN}' - "traefik.http.routers.tautulli.entrypoints=secure"
- 'traefik.enable=true' - "traefik.http.routers.tautulli.tls.certresolver=le"
jdownloader: jdownloader:
image: jlesage/jdownloader-2 image: jlesage/jdownloader-2
container_name: jdownloader container_name: jdownloader
networks: restart: unless-stopped
- web
volumes: volumes:
- configjdownloader:/config - configjdownloader:/config
- downloads:/output - downloads:/output
@ -205,18 +195,16 @@ services:
- GROUP_ID=${PGID} - GROUP_ID=${PGID}
- TZ=Europe/Paris - TZ=Europe/Paris
labels: labels:
- 'traefik.backend=jdownloader' - "traefik.enable=true"
- 'traefik.port=5800' - "traefik.http.routers.jdownloader.rule=Host(`jdownloader.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:jdownloader.${TRAEFIK_DOMAIN}' - "traefik.http.routers.jdownloader.entrypoints=secure"
- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.jdownloader.tls.certresolver=le"
- 'traefik.enable=true' - "traefik.http.routers.jdownloader.middlewares=common-auth"
nextcloud: nextcloud:
image: wonderfall/nextcloud image: wonderfall/nextcloud
container_name: nextcloud container_name: nextcloud
restart: always restart: always
networks:
- web
volumes: volumes:
- confignextcloud:/config - confignextcloud:/config
- nextclouddata:/data - nextclouddata:/data
@ -234,10 +222,10 @@ services:
- DB_USER=${NEXTCLOUD_DB_USER} - DB_USER=${NEXTCLOUD_DB_USER}
- DB_PASSWORD=${NEXTCLOUD_DB_PASSWORD} - DB_PASSWORD=${NEXTCLOUD_DB_PASSWORD}
labels: labels:
- 'traefik.backend=nextcloud' - "traefik.enable=true"
- 'traefik.port=8888' - "traefik.http.routers.nextcloud.rule=Host(`nextcloud.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:nextcloud.${TRAEFIK_DOMAIN}' - "traefik.http.routers.nextcloud.entrypoints=secure"
- 'traefik.enable=true' - "traefik.http.routers.nextcloud.tls.certresolver=le"
portainer: portainer:
image: portainer/portainer image: portainer/portainer
@ -245,22 +233,18 @@ services:
restart: always restart: always
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
networks:
- web
command: --admin-password ${PORTAINER_ADMIN_PASSWORD} --host=unix:///var/run/docker.sock command: --admin-password ${PORTAINER_ADMIN_PASSWORD} --host=unix:///var/run/docker.sock
labels: labels:
- 'traefik.backend=portainer' - "traefik.enable=true"
- 'traefik.port=9000' - "traefik.http.routers.portainer.rule=Host(`portainer.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:portainer.${TRAEFIK_DOMAIN}' - "traefik.http.routers.portainer.entrypoints=secure"
- 'traefik.enable=true' - "traefik.http.routers.portainer.tls.certresolver=le"
netdata: netdata:
image: netdata/netdata image: netdata/netdata
restart: always restart: always
container_name: netdata container_name: netdata
hostname: netdata.${TRAEFIK_DOMAIN} hostname: netdata.${TRAEFIK_DOMAIN}
networks:
- web
environment: environment:
PGID: 999 PGID: 999
cap_add: cap_add:
@ -272,18 +256,16 @@ services:
- /sys:/host/sys:ro - /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:rw - /var/run/docker.sock:/var/run/docker.sock:rw
labels: labels:
- 'traefik.backend=netdata' - "traefik.enable=true"
- 'traefik.port=19999' - "traefik.http.routers.netdata.rule=Host(`netdata.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:netdata.${TRAEFIK_DOMAIN}' - "traefik.http.routers.netdata.entrypoints=secure"
- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.netdata.tls.certresolver=le"
- 'traefik.enable=true' - "traefik.http.routers.netdata.middlewares=common-auth"
duplicati: duplicati:
image: linuxserver/duplicati image: linuxserver/duplicati
container_name: duplicati container_name: duplicati
restart: unless-stopped restart: unless-stopped
networks:
- web
environment: environment:
- PUID=${PUID} - PUID=${PUID}
- PGID=${PGID} - PGID=${PGID}
@ -293,18 +275,17 @@ services:
- backups:/backups - backups:/backups
- alldata:/source - alldata:/source
labels: labels:
- 'traefik.backend=duplicati' - "traefik.enable=true"
- 'traefik.port=8200' - "traefik.http.routers.duplicati.rule=Host(`duplicati.${TRAEFIK_DOMAIN}`)"
- 'traefik.frontend.rule=Host:duplicati.${TRAEFIK_DOMAIN}' - "traefik.http.routers.duplicati.entrypoints=secure"
- 'traefik.frontend.auth.basic.users=${HTTP_USER}:${HTTP_PASSWORD}' - "traefik.http.routers.duplicati.tls.certresolver=le"
- 'traefik.enable=true' - "traefik.http.routers.duplicati.middlewares=common-auth"
networks: networks:
webgateway: default:
driver: bridge external:
web: name: "traefik-network"
external:
name: seedbox_webgateway
volumes: volumes:
alldata: alldata:
driver: local-persist driver: local-persist

40
traefik.toml
View File

@ -1,40 +0,0 @@
#https://docs.traefik.io/toml/
#https://docs.traefik.io/user-guide/examples/
################################################################
# Global configuration
################################################################
logLevel = "WARNING"
defaultEntryPoints = ["http", "https"]
InsecureSkipVerify = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[acme]
email = "overriden@in-traefik.yml"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
acmeLogging = true
[acme.httpChallenge]
entryPoint = "http"
################################################################
# Docker configuration backend
################################################################
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "mydomain.com"
watch = true
exposedByDefault = false
[file]
watch = true

29
traefik.yml Normal file
View File

@ -0,0 +1,29 @@
api:
dashboard: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
network: "traefik-network"
exposedByDefault: false # Only expose explicitly enabled containers
entryPoints:
insecure:
address: ":80"
secure:
address: ":443"
certificatesResolvers:
le:
acme:
email: overriden@in-dockercompose.yml
storage: acme.json
httpChallenge:
# used during the challenge
entryPoint: insecure
http:
middlewares:
common-auth:
basicAuth:
usersFile: "/http_auth"

4
update-all.sh
View File

@ -1,5 +1,9 @@
#!/bin/bash #!/bin/bash
# Create/update http_auth file according to values in .env file
source .env
echo "${HTTP_USER}:${HTTP_PASSWORD}" > http_auth
echo "[$0] ***** Pulling all images... *****" echo "[$0] ***** Pulling all images... *****"
docker-compose pull docker-compose pull
echo "[$0] ***** Recreating containers if required... *****" echo "[$0] ***** Recreating containers if required... *****"