setup traefik dashboard, add container watchtower

2022-04-13 17:59:57 +01:00 · 2022-04-13 17:59:57 +01:00 · 551e2aa5f1
parent 79d8aec51e
commit 551e2aa5f1
2 changed files with 34 additions and 29 deletions
--- a/environment/uat/docker-compose.yml
+++ b/environment/uat/docker-compose.yml
@ -4,7 +4,7 @@ services:
  # Traefik reverse proxy
  # https://doc.traefik.io/traefik/
  reverse-proxy:
-    image: traefik:v2.6
+    image: traefik:v2.6.3
    restart: unless-stopped
    ports:
      - "80:80"
@ -13,19 +13,15 @@ services:
      - /var/run/docker.sock:/var/run/docker.sock
      # See traefik/traefik.toml for static config
      - ./traefik:/etc/traefik
-#    labels:
-#      - "traefik.enable=true"
-#      # Expose traefik dashboard at https://uat.traefik.retropilot.org
-#      - "traefik.http.routers.dashboard.rule=Host(`uat.traefik.retropilot.org`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
-#      - "traefik.http.routers.dashboard.entrypoints=websecure"
-#      - "traefik.http.routers.dashboard.service=api@internal"
-#      - "traefik.http.routers.dashboard.tls=true"
-#      - "traefik.http.routers.dashboard.tls.certresolver=retropilot"
-#      # Secure the dashboard with BasicAuth middleware
-#      - "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker"
-#      # BasicAuth: username=admin, password=password
-#      # Generate new password: sudo apt install -y apache2-utils; echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
-#      - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$2y$$05$$iT4z7pjcdNRYU9Y89VlUUe.13TdQ9H7rBtIO6PJruuK.RAW8lvmxW"
+    labels:
+      - "traefik.enable=true"
+      # Expose traefik dashboard at http://localhost:8080
+      - "traefik.http.routers.dashboard.rule=Host(`localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+      - "traefik.http.routers.dashboard.entrypoints=dashboard"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      # Secure the dashboard with IPWhiteList middleware
+      - "traefik.http.routers.dashboard.middlewares=dashboard-allowlist@docker"
+      - "traefik.http.middlewares.dashboard-allowlist.ipwhitelist.sourcerange=127.0.0.1/32"

  # PostgreSQL database
  db:
@ -55,19 +51,23 @@ services:
      # API service forwards requests to container port 8080
      - "traefik.http.services.api.loadbalancer.server.port=8080"
      # Expose api at https://uat.api.retropilot.org
-      - "traefik.http.routers.api.rule=Host(`uat.api.retropilot.org`)"
+      - "traefik.http.routers.api.rule=Host(`api.uat.retropilot.org`)"
      - "traefik.http.routers.api.entrypoints=websecure"
      - "traefik.http.routers.api.service=api@docker"
      - "traefik.http.routers.api.tls=true"
      - "traefik.http.routers.api.tls.certresolver=retropilot"
-#      # Athena service forwards requests to container port 4040
-#      - "traefik.http.services.athena.loadbalancer.server.port=4040"
-#      # Expose athena at https://uat.athena.retropilot.org
-#      - "traefik.http.routers.athena.rule=Host(`uat.athena.retropilot.org`)"
-#      - "traefik.http.routers.athena.entrypoints=websecure"
-#      - "traefik.http.routers.athena.service=athena@docker"
-#      - "traefik.http.routers.athena.tls=true"
-#      - "traefik.http.routers.athena.tls.certresolver=retropilot"
+
+      # Athena service forwards requests to container port 4040
+      - "traefik.http.services.athena.loadbalancer.server.port=4040"
+      # Expose athena at https://uat.athena.retropilot.org
+      - "traefik.http.routers.athena.rule=Host(`athena.uat.retropilot.org`)"
+      - "traefik.http.routers.athena.entrypoints=websecure"
+      - "traefik.http.routers.athena.service=athena@docker"
+      - "traefik.http.routers.athena.tls=true"
+      - "traefik.http.routers.athena.tls.certresolver=retropilot"
+
+      # Monitor for image updates and restart automatically
+      - "com.centurylinklabs.watchtower.enable=true"

  # API worker
  worker:
@ -80,10 +80,13 @@ services:
      - ./realdata:/realdata
    env_file:
      - .env
+    labels:
+      # Monitor for image updates and restart automatically
+      - "com.centurylinklabs.watchtower.enable=true"

-#  watchtower:
-#    # automatically update containers when new images are released
-#    image: containrrr/watchtower
-#    volumes:
-#      - /var/run/docker.sock:/var/run/docker.sock
-#    command: --interval 30
+  watchtower:
+    # automatically update containers when new images are released
+    image: containrrr/watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    command: --interval 30 --label-enable
--- a/environment/uat/traefik/traefik.toml
+++ b/environment/uat/traefik/traefik.toml
@ -21,6 +21,8 @@
          to = "websecure"
  [entryPoints.websecure]
    address = ":443"
+  [entryPoints.dashboard]
+    address = ":8080"

 [certificatesResolvers]
  [certificatesResolvers.retropilot]