diff --git a/tasks.md/stack.yml b/tasks.md/stack.yml index 38e0c73..1c5feba 100644 --- a/tasks.md/stack.yml +++ b/tasks.md/stack.yml @@ -1,6 +1,6 @@ # path:: mkdir -pv /data/volumes/tasks.md/{tasks,config} -# pull:: docker tasks.md -p memos --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml pull -# run:: docker tasks.md -p memos --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml up -d +# pull:: docker compose -p tasks.md --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml pull +# run:: docker compose -p tasks.md --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml up -d services: tasks.md: diff --git a/traefik/data/configurations/dynamic.yml b/traefik/data/configurations/dynamic.yml new file mode 100644 index 0000000..b9cd41e --- /dev/null +++ b/traefik/data/configurations/dynamic.yml @@ -0,0 +1,33 @@ +# Dynamic configuration +http: + middlewares: + nofloc: + headers: + customResponseHeaders: + Permissions-Policy: "interest-cohort=()" + secureHeaders: + headers: + sslRedirect: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 31536000 + + # UserName : admin + # Password : qwer1234 + user-auth: + basicAuth: + users: + - "admin:$apr1$tm53ra6x$FntXd6jcvxYM/YH0P2hcc1" + +tls: + options: + default: + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + minVersion: VersionTLS12 \ No newline at end of file diff --git a/traefik/data/traefik.yml b/traefik/data/traefik.yml new file mode 100644 index 0000000..7ff6d7f --- /dev/null +++ b/traefik/data/traefik.yml @@ -0,0 +1,47 @@ +api: + dashboard: true + +entryPoints: + web: + address: :80 + http: + redirections: + entryPoint: + to: websecure + + websecure: + address: :443 + http: + middlewares: + - secureHeaders@file + - nofloc@file + tls: + certResolver: letsencrypt + +pilot: + dashboard: false + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + file: + filename: /configurations/dynamic.yml + +certificatesResolvers: + letsencrypt: + acme: + email: admin@yourdomain + storage: acme.json + keyType: EC384 + httpChallenge: + entryPoint: web + + buypass: + acme: + email: admin@yourdomain + storage: acme.json + caServer: https://api.buypass.com/acme/directory + keyType: EC256 + httpChallenge: + entryPoint: web \ No newline at end of file diff --git a/traefik/env.cfg b/traefik/env.cfg new file mode 100644 index 0000000..859e568 --- /dev/null +++ b/traefik/env.cfg @@ -0,0 +1,3 @@ +IMAGE_TAG_V3=traefik:v3.5.1 +IMAGE_TAG_V2=traefik:v2.11.29 +IMAGE_TAG_LATEST=traefik:latest \ No newline at end of file diff --git a/traefik/stack.yml b/traefik/stack.yml new file mode 100644 index 0000000..576f6b1 --- /dev/null +++ b/traefik/stack.yml @@ -0,0 +1,38 @@ +# +# Traefik +# RUN: docker compose -p traefik --env-file ./traefik/env.cfg -f ./traefik/stack.yml up -d +# PULL: docker compose -p traefik --env-file ./traefik/env.cfg -f ./traefik/stack.yml pull + +services: + traefik: + image: ${IMAGE_TAG_LATEST} + container_name: traefik + restart: always + ports: + - "80:80" + - "443:443" + volumes: + - /etc/localtime:/etc/localtime:ro + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./data/traefik.yml:/traefik.yml:ro + - ./data/acme.json:/acme.json + # Add folder with dynamic configuration yml + - ./data/configurations:/configurations + networks: + - traefik-proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik.entrypoints=web" + - "traefik.http.routers.traefik.rule=Host(`traefik.6t7.com`)" + - "traefik.http.routers.traefik.tls=true" + - "traefik.http.routers.traefik.tls.certresolver=le" + logging: + driver: json-file + options: + max-size: "10m" + max-file: "3" + +networks: + + traefik-proxy: + external: true \ No newline at end of file