setup traefik dashboard, add container watchtower
parent
79d8aec51e
commit
551e2aa5f1
|
@ -4,7 +4,7 @@ services:
|
|||
# Traefik reverse proxy
|
||||
# https://doc.traefik.io/traefik/
|
||||
reverse-proxy:
|
||||
image: traefik:v2.6
|
||||
image: traefik:v2.6.3
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "80:80"
|
||||
|
@ -13,19 +13,15 @@ services:
|
|||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
# See traefik/traefik.toml for static config
|
||||
- ./traefik:/etc/traefik
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
# # Expose traefik dashboard at https://uat.traefik.retropilot.org
|
||||
# - "traefik.http.routers.dashboard.rule=Host(`uat.traefik.retropilot.org`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||
# - "traefik.http.routers.dashboard.entrypoints=websecure"
|
||||
# - "traefik.http.routers.dashboard.service=api@internal"
|
||||
# - "traefik.http.routers.dashboard.tls=true"
|
||||
# - "traefik.http.routers.dashboard.tls.certresolver=retropilot"
|
||||
# # Secure the dashboard with BasicAuth middleware
|
||||
# - "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker"
|
||||
# # BasicAuth: username=admin, password=password
|
||||
# # Generate new password: sudo apt install -y apache2-utils; echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
|
||||
# - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$2y$$05$$iT4z7pjcdNRYU9Y89VlUUe.13TdQ9H7rBtIO6PJruuK.RAW8lvmxW"
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
# Expose traefik dashboard at http://localhost:8080
|
||||
- "traefik.http.routers.dashboard.rule=Host(`localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||
- "traefik.http.routers.dashboard.entrypoints=dashboard"
|
||||
- "traefik.http.routers.dashboard.service=api@internal"
|
||||
# Secure the dashboard with IPWhiteList middleware
|
||||
- "traefik.http.routers.dashboard.middlewares=dashboard-allowlist@docker"
|
||||
- "traefik.http.middlewares.dashboard-allowlist.ipwhitelist.sourcerange=127.0.0.1/32"
|
||||
|
||||
# PostgreSQL database
|
||||
db:
|
||||
|
@ -55,19 +51,23 @@ services:
|
|||
# API service forwards requests to container port 8080
|
||||
- "traefik.http.services.api.loadbalancer.server.port=8080"
|
||||
# Expose api at https://uat.api.retropilot.org
|
||||
- "traefik.http.routers.api.rule=Host(`uat.api.retropilot.org`)"
|
||||
- "traefik.http.routers.api.rule=Host(`api.uat.retropilot.org`)"
|
||||
- "traefik.http.routers.api.entrypoints=websecure"
|
||||
- "traefik.http.routers.api.service=api@docker"
|
||||
- "traefik.http.routers.api.tls=true"
|
||||
- "traefik.http.routers.api.tls.certresolver=retropilot"
|
||||
# # Athena service forwards requests to container port 4040
|
||||
# - "traefik.http.services.athena.loadbalancer.server.port=4040"
|
||||
# # Expose athena at https://uat.athena.retropilot.org
|
||||
# - "traefik.http.routers.athena.rule=Host(`uat.athena.retropilot.org`)"
|
||||
# - "traefik.http.routers.athena.entrypoints=websecure"
|
||||
# - "traefik.http.routers.athena.service=athena@docker"
|
||||
# - "traefik.http.routers.athena.tls=true"
|
||||
# - "traefik.http.routers.athena.tls.certresolver=retropilot"
|
||||
|
||||
# Athena service forwards requests to container port 4040
|
||||
- "traefik.http.services.athena.loadbalancer.server.port=4040"
|
||||
# Expose athena at https://uat.athena.retropilot.org
|
||||
- "traefik.http.routers.athena.rule=Host(`athena.uat.retropilot.org`)"
|
||||
- "traefik.http.routers.athena.entrypoints=websecure"
|
||||
- "traefik.http.routers.athena.service=athena@docker"
|
||||
- "traefik.http.routers.athena.tls=true"
|
||||
- "traefik.http.routers.athena.tls.certresolver=retropilot"
|
||||
|
||||
# Monitor for image updates and restart automatically
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
|
||||
# API worker
|
||||
worker:
|
||||
|
@ -80,10 +80,13 @@ services:
|
|||
- ./realdata:/realdata
|
||||
env_file:
|
||||
- .env
|
||||
labels:
|
||||
# Monitor for image updates and restart automatically
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
|
||||
# watchtower:
|
||||
# # automatically update containers when new images are released
|
||||
# image: containrrr/watchtower
|
||||
# volumes:
|
||||
# - /var/run/docker.sock:/var/run/docker.sock
|
||||
# command: --interval 30
|
||||
watchtower:
|
||||
# automatically update containers when new images are released
|
||||
image: containrrr/watchtower
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
command: --interval 30 --label-enable
|
||||
|
|
|
@ -21,6 +21,8 @@
|
|||
to = "websecure"
|
||||
[entryPoints.websecure]
|
||||
address = ":443"
|
||||
[entryPoints.dashboard]
|
||||
address = ":8080"
|
||||
|
||||
[certificatesResolvers]
|
||||
[certificatesResolvers.retropilot]
|
||||
|
|
Loading…
Reference in New Issue