From e51f84f6e14021c6e9e7d933dee92c2da52813d8 Mon Sep 17 00:00:00 2001
From: cnphpbb <moqiruyi@gmail.com>
Date: Thu, 28 Aug 2025 17:34:26 +0800
Subject: [PATCH] =?UTF-8?q?feat(traefik):=20=E6=B7=BB=E5=8A=A0traefik?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6=E5=92=8Cdocker-compose?=
 =?UTF-8?q?=E9=83=A8=E7=BD=B2=E6=96=87=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

添加traefik相关配置文件包括环境变量、主配置、动态配置和docker-compose部署文件
更新tasks.md中的docker compose命令语法
---
 tasks.md/stack.yml                      |  4 +--
 traefik/data/configurations/dynamic.yml | 33 +++++++++++++++++
 traefik/data/traefik.yml                | 47 +++++++++++++++++++++++++
 traefik/env.cfg                         |  3 ++
 traefik/stack.yml                       | 38 ++++++++++++++++++++
 5 files changed, 123 insertions(+), 2 deletions(-)
 create mode 100644 traefik/data/configurations/dynamic.yml
 create mode 100644 traefik/data/traefik.yml
 create mode 100644 traefik/env.cfg
 create mode 100644 traefik/stack.yml

diff --git a/tasks.md/stack.yml b/tasks.md/stack.yml
index 38e0c73..1c5feba 100644
--- a/tasks.md/stack.yml
+++ b/tasks.md/stack.yml
@@ -1,6 +1,6 @@
 # path:: mkdir -pv /data/volumes/tasks.md/{tasks,config}
-# pull:: docker tasks.md -p memos --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml pull
-# run:: docker tasks.md -p memos --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml up -d
+# pull:: docker compose -p tasks.md --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml pull
+# run:: docker compose -p tasks.md --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml up -d
 
 services:
   tasks.md:
diff --git a/traefik/data/configurations/dynamic.yml b/traefik/data/configurations/dynamic.yml
new file mode 100644
index 0000000..b9cd41e
--- /dev/null
+++ b/traefik/data/configurations/dynamic.yml
@@ -0,0 +1,33 @@
+# Dynamic configuration
+http:
+  middlewares:
+    nofloc:
+      headers:
+        customResponseHeaders:
+          Permissions-Policy: "interest-cohort=()"
+    secureHeaders:
+      headers:
+        sslRedirect: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+ 
+    # UserName : admin
+    # Password : qwer1234          
+    user-auth:
+      basicAuth:
+        users:
+          - "admin:$apr1$tm53ra6x$FntXd6jcvxYM/YH0P2hcc1"
+ 
+tls:
+  options:
+    default:
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+      minVersion: VersionTLS12
\ No newline at end of file
diff --git a/traefik/data/traefik.yml b/traefik/data/traefik.yml
new file mode 100644
index 0000000..7ff6d7f
--- /dev/null
+++ b/traefik/data/traefik.yml
@@ -0,0 +1,47 @@
+api:
+  dashboard: true
+ 
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+ 
+  websecure:
+    address: :443
+    http:
+      middlewares:
+        - secureHeaders@file
+        - nofloc@file
+      tls:
+        certResolver: letsencrypt
+ 
+pilot:
+  dashboard: false
+ 
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /configurations/dynamic.yml
+ 
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: admin@yourdomain
+      storage: acme.json
+      keyType: EC384
+      httpChallenge:
+        entryPoint: web
+ 
+  buypass:
+    acme:
+      email: admin@yourdomain
+      storage: acme.json
+      caServer: https://api.buypass.com/acme/directory
+      keyType: EC256
+      httpChallenge:
+        entryPoint: web
\ No newline at end of file
diff --git a/traefik/env.cfg b/traefik/env.cfg
new file mode 100644
index 0000000..859e568
--- /dev/null
+++ b/traefik/env.cfg
@@ -0,0 +1,3 @@
+IMAGE_TAG_V3=traefik:v3.5.1
+IMAGE_TAG_V2=traefik:v2.11.29
+IMAGE_TAG_LATEST=traefik:latest
\ No newline at end of file
diff --git a/traefik/stack.yml b/traefik/stack.yml
new file mode 100644
index 0000000..576f6b1
--- /dev/null
+++ b/traefik/stack.yml
@@ -0,0 +1,38 @@
+#
+# Traefik
+# RUN: docker compose -p traefik --env-file ./traefik/env.cfg -f ./traefik/stack.yml up -d
+# PULL: docker compose -p traefik --env-file ./traefik/env.cfg -f ./traefik/stack.yml pull
+
+services:
+  traefik:
+    image: ${IMAGE_TAG_LATEST}
+    container_name: traefik
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./data/traefik.yml:/traefik.yml:ro
+      - ./data/acme.json:/acme.json
+      # Add folder with dynamic configuration yml
+      - ./data/configurations:/configurations
+    networks:
+      - traefik-proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.entrypoints=web"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.6t7.com`)"
+      - "traefik.http.routers.traefik.tls=true"
+      - "traefik.http.routers.traefik.tls.certresolver=le"
+    logging:
+      driver: json-file
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+networks:
+
+  traefik-proxy:
+    external: true
\ No newline at end of file