From 88d269f7172ef9d24b70943a6e5d211e80f45487 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20Forc=C3=A9n=20Mu=C3=B1oz?= Date: Mon, 21 Oct 2024 12:03:19 +0200 Subject: [PATCH] First traefik configuration --- .gitignore | 2 + configs/http.yml | 72 ++++++++++++++++++++ configs/tcp.yml | 12 ++++ traefik.yml | 170 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 256 insertions(+) create mode 100644 .gitignore create mode 100644 configs/http.yml create mode 100644 configs/tcp.yml create mode 100755 traefik.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fd6760f --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +ssl +acme.json diff --git a/configs/http.yml b/configs/http.yml new file mode 100644 index 0000000..1103b40 --- /dev/null +++ b/configs/http.yml @@ -0,0 +1,72 @@ +http: + routers: + Router1: + rule: "Host(`afbserver.duckdns.org`)" + service: afbhassio + entryPoints: + - "websecure" + tls: + certResolver: acmeCertResolver + RouterHassio: + rule: "Host(`hassio.mforcen.dev`)" + service: hassio + entryPoints: + - "websecure" + tls: + certResolver: acmeCertResolver + RouterForgejo: + rule: "Host(`forgejo.mforcen.dev`)" + service: forgejo + entryPoints: + - "websecure" + tls: + certResolver: acmeCertResolver + RouterGrav: + rule: "Host(`mforcen.dev`) || Host(`www.mforcen.dev`)" + service: grav + entryPoints: + - "web" + RouterSGrav: + rule: "Host(`mforcen.dev`) || Host(`www.mforcen.dev`)" + service: grav + entryPoints: + - "websecure" + tls: + certResolver: acmeCertResolver + + services: + afbhassio: + loadBalancer: + servers: + - url: "http://192.168.100.200:8123" + hassio: + loadBalancer: + servers: + - url: "http://192.168.100.249:8123" + forgejo: + loadBalancer: + servers: + - url: "http://localhost:3001" + grav: + loadBalancer: + servers: + - url: "http://localhost:8080" + sgrav: + loadBalancer: + servers: + - url: "https://localhost:8443" + +tls: + certificates: + - certFile: /opt/traefik/ssl/afbserver.duckdns.org.fullchain.pem + keyFile: /opt/traefik/ssl/afbserver.duckdns.org.key + - certFile: /opt/traefik/ssl/hassio.mforcen.dev.fullchain.pem + keyFile: /opt/traefik/ssl/hassio.mforcen.dev.key + - certFile: /opt/traefik/ssl/forgejo.mforcen.dev.fullchain.pem + keyFile: /opt/traefik/ssl/forgejo.mforcen.dev.key + - certFile: /opt/traefik/ssl/ferniodoo.mforcen.dev.fullchain.pem + keyFile: /opt/traefik/ssl/ferniodoo.mforcen.dev.key + - certFile: /opt/traefik/ssl/photoprism.mforcen.dev.fullchain.pem + keyFile: /opt/traefik/ssl/photoprism.mforcen.dev.key + - certFile: /opt/traefik/ssl/troncoprism.mforcen.dev.fullchain.pem + keyFile: /opt/traefik/ssl/troncoprism.mforcen.dev.key diff --git a/configs/tcp.yml b/configs/tcp.yml new file mode 100644 index 0000000..f5fc4a0 --- /dev/null +++ b/configs/tcp.yml @@ -0,0 +1,12 @@ +tcp: + routers: + Inversor: + rule: "HostSNI(`*`)" + service: inversor + entryPoints: + - inversor + services: + inversor: + loadBalancer: + servers: + - address: "192.168.0.200:502" diff --git a/traefik.yml b/traefik.yml new file mode 100755 index 0000000..dbf8a73 --- /dev/null +++ b/traefik.yml @@ -0,0 +1,170 @@ +################################################################ +# +# Configuration sample for Traefik v2. +################################################################ + +################################################################ +# Global configuration +################################################################ +global: + checkNewVersion: true + sendAnonymousUsage: false + +################################################################ +# EntryPoints configuration +################################################################ +# EntryPoints definition +# Optional +entryPoints: + web: + address: :80 + + websecure: + address: :443 + http: + tls: + certResolver: acmeCertResolver + domains: + - main: mforcen.dev + sans: + - hassio.mforcen.dev + - forgejo.mforcen.dev + - ferniodoo.mforcen.dev + - photoprism.mforcen.dev + - troncoprism.mforcen.dev + - www.mforcen.dev + - sso.mforcen.dev + - grafana.mforcen.dev + traefik: + address: :8081 + inversor: + address: :8502 + +################################################################ +# Certificate resolver configuration +################################################################ +certificatesResolvers: + acmeCertResolver: + acme: + # Registration email + email: "me@mforcen.dev" + + # File or key used for certificates storage. + storage: "acme.json" + + # CA server to use. + # Default: "https://acme-v02.api.letsencrypt.org/directory" + # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" + + # The certificates' duration in hours. + # Default: 2160 # 90 days + # certificatesDuration: 2160 + + # Use a TLS-ALPN-01 ACME challenge. + # Optional (but recommended) + tlsChallenge: {} + + # Use a HTTP-01 ACME challenge. + # Optional + # httpChallenge: + # EntryPoint to use for the HTTP-01 challenges. + # Required + # entryPoint: web + +################################################################ +# Traefik logs configuration +################################################################ + +# Traefik logs +# Enabled by default and log to stdout +# Optional +log: + # Log level + # Optional + # Default: "ERROR" + # level: DEBUG + + # Sets the filepath for the traefik log. If not specified, stdout will be used. + # Intermediate directories are created if necessary. + # Optional + # Default: os.Stdout +# filePath: log/traefik.log + + # Format is either "json" or "common". + # Optional + # Default: "common" +# format: json + +################################################################ +# Access logs configuration +################################################################ + +# Enable access logs +# By default it will write to stdout and produce logs in the textual +# Common Log Format (CLF), extended with additional fields. +# Optional +# +#accessLog: + # Sets the file path for the access log. If not specified, stdout will be used. + # Intermediate directories are created if necessary. + # Optional + # Default: os.Stdout +# filePath: /path/to/log/log.txt + + # Format is either "json" or "common". + # Optional + # Default: "common" +# format: json + +################################################################ +# API and dashboard configuration +################################################################ +# Enable API and dashboard +# Optional +api: + # Enable the API in insecure mode + # Optional + # Default: false + insecure: true + + # Enabled Dashboard + # Optional + # Default: true +# dashboard: false + +################################################################ +# Ping configuration +################################################################ + +# Enable ping +#ping: + # Name of the related entry point + # Optional + # Default: "traefik" +# entryPoint: traefik + +################################################################ +# Docker configuration backend +################################################################ +providers: + # Enable Docker configuration backend + docker: + # Docker server endpoint. Can be a tcp or a unix socket endpoint. (Required) + # Default: "unix:///var/run/docker.sock" + # Alternative: "tcp://10.10.10.10:2375" + endpoint: "unix:///var/run/docker.sock" + + # Default host rule. + # Optional + # Default: "Host(`{{ normalize .Name }}`)" +# defaultRule: Host(`{{ normalize .Name }}.docker.localhost`) + + # Expose containers by default in traefik + # Optional + # Default: true + exposedByDefault: false + file: + directory: /opt/traefik/configs + watch: true + +