setup traefik dashboard, add container watchtower
Cameron Clough
parent
79d8aec51e
commit
551e2aa5f1
|
|
@ -4,7 +4,7 @@ services:
|
||||||
# Traefik reverse proxy
|
# Traefik reverse proxy
|
||||||
# https://doc.traefik.io/traefik/
|
# https://doc.traefik.io/traefik/
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
image: traefik:v2.6
|
image: traefik:v2.6.3
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
|
|
@ -13,19 +13,15 @@ services:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
# See traefik/traefik.toml for static config
|
# See traefik/traefik.toml for static config
|
||||||
- ./traefik:/etc/traefik
|
- ./traefik:/etc/traefik
|
||||||
# labels:
|
labels:
|
||||||
# - "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
# # Expose traefik dashboard at https://uat.traefik.retropilot.org
|
# Expose traefik dashboard at http://localhost:8080
|
||||||
# - "traefik.http.routers.dashboard.rule=Host(`uat.traefik.retropilot.org`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
- "traefik.http.routers.dashboard.rule=Host(`localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||||
# - "traefik.http.routers.dashboard.entrypoints=websecure"
|
- "traefik.http.routers.dashboard.entrypoints=dashboard"
|
||||||
# - "traefik.http.routers.dashboard.service=api@internal"
|
- "traefik.http.routers.dashboard.service=api@internal"
|
||||||
# - "traefik.http.routers.dashboard.tls=true"
|
# Secure the dashboard with IPWhiteList middleware
|
||||||
# - "traefik.http.routers.dashboard.tls.certresolver=retropilot"
|
- "traefik.http.routers.dashboard.middlewares=dashboard-allowlist@docker"
|
||||||
# # Secure the dashboard with BasicAuth middleware
|
- "traefik.http.middlewares.dashboard-allowlist.ipwhitelist.sourcerange=127.0.0.1/32"
|
||||||
# - "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker"
|
|
||||||
# # BasicAuth: username=admin, password=password
|
|
||||||
# # Generate new password: sudo apt install -y apache2-utils; echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
|
|
||||||
# - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$2y$$05$$iT4z7pjcdNRYU9Y89VlUUe.13TdQ9H7rBtIO6PJruuK.RAW8lvmxW"
|
|
||||||
|
|
||||||
# PostgreSQL database
|
# PostgreSQL database
|
||||||
db:
|
db:
|
||||||
|
|
@ -55,19 +51,23 @@ services:
|
||||||
# API service forwards requests to container port 8080
|
# API service forwards requests to container port 8080
|
||||||
- "traefik.http.services.api.loadbalancer.server.port=8080"
|
- "traefik.http.services.api.loadbalancer.server.port=8080"
|
||||||
# Expose api at https://uat.api.retropilot.org
|
# Expose api at https://uat.api.retropilot.org
|
||||||
- "traefik.http.routers.api.rule=Host(`uat.api.retropilot.org`)"
|
- "traefik.http.routers.api.rule=Host(`api.uat.retropilot.org`)"
|
||||||
- "traefik.http.routers.api.entrypoints=websecure"
|
- "traefik.http.routers.api.entrypoints=websecure"
|
||||||
- "traefik.http.routers.api.service=api@docker"
|
- "traefik.http.routers.api.service=api@docker"
|
||||||
- "traefik.http.routers.api.tls=true"
|
- "traefik.http.routers.api.tls=true"
|
||||||
- "traefik.http.routers.api.tls.certresolver=retropilot"
|
- "traefik.http.routers.api.tls.certresolver=retropilot"
|
||||||
# # Athena service forwards requests to container port 4040
|
|
||||||
# - "traefik.http.services.athena.loadbalancer.server.port=4040"
|
# Athena service forwards requests to container port 4040
|
||||||
# # Expose athena at https://uat.athena.retropilot.org
|
- "traefik.http.services.athena.loadbalancer.server.port=4040"
|
||||||
# - "traefik.http.routers.athena.rule=Host(`uat.athena.retropilot.org`)"
|
# Expose athena at https://uat.athena.retropilot.org
|
||||||
# - "traefik.http.routers.athena.entrypoints=websecure"
|
- "traefik.http.routers.athena.rule=Host(`athena.uat.retropilot.org`)"
|
||||||
# - "traefik.http.routers.athena.service=athena@docker"
|
- "traefik.http.routers.athena.entrypoints=websecure"
|
||||||
# - "traefik.http.routers.athena.tls=true"
|
- "traefik.http.routers.athena.service=athena@docker"
|
||||||
# - "traefik.http.routers.athena.tls.certresolver=retropilot"
|
- "traefik.http.routers.athena.tls=true"
|
||||||
|
- "traefik.http.routers.athena.tls.certresolver=retropilot"
|
||||||
|
|
||||||
|
# Monitor for image updates and restart automatically
|
||||||
|
- "com.centurylinklabs.watchtower.enable=true"
|
||||||
|
|
||||||
# API worker
|
# API worker
|
||||||
worker:
|
worker:
|
||||||
|
|
@ -80,10 +80,13 @@ services:
|
||||||
- ./realdata:/realdata
|
- ./realdata:/realdata
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
|
labels:
|
||||||
|
# Monitor for image updates and restart automatically
|
||||||
|
- "com.centurylinklabs.watchtower.enable=true"
|
||||||
|
|
||||||
# watchtower:
|
watchtower:
|
||||||
# # automatically update containers when new images are released
|
# automatically update containers when new images are released
|
||||||
# image: containrrr/watchtower
|
image: containrrr/watchtower
|
||||||
# volumes:
|
volumes:
|
||||||
# - /var/run/docker.sock:/var/run/docker.sock
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
# command: --interval 30
|
command: --interval 30 --label-enable
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,8 @@
|
||||||
to = "websecure"
|
to = "websecure"
|
||||||
[entryPoints.websecure]
|
[entryPoints.websecure]
|
||||||
address = ":443"
|
address = ":443"
|
||||||
|
[entryPoints.dashboard]
|
||||||
|
address = ":8080"
|
||||||
|
|
||||||
[certificatesResolvers]
|
[certificatesResolvers]
|
||||||
[certificatesResolvers.retropilot]
|
[certificatesResolvers.retropilot]
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue