feat(traefik): 添加traefik配置文件和docker-compose部署文件

添加traefik相关配置文件包括环境变量、主配置、动态配置和docker-compose部署文件
更新tasks.md中的docker compose命令语法

tasks.md/stack.yml

@@ -1,6 +1,6 @@
 # path:: mkdir -pv /data/volumes/tasks.md/{tasks,config}
-# pull:: docker tasks.md -p memos --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml pull
+# pull:: docker compose -p tasks.md --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml pull
-# run:: docker tasks.md -p memos --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml up -d
+# run:: docker compose -p tasks.md --env-file ./tasks.md/env.cfg -f ./tasks.md/stack.yml up -d
 
 services:
   tasks.md:

traefik/data/configurations/dynamic.yml

@@ -0,0 +1,33 @@
+# Dynamic configuration
+http:
+  middlewares:
+    nofloc:
+      headers:
+        customResponseHeaders:
+          Permissions-Policy: "interest-cohort=()"
+    secureHeaders:
+      headers:
+        sslRedirect: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+ 
+    # UserName : admin
+    # Password : qwer1234          
+    user-auth:
+      basicAuth:
+        users:
+          - "admin:$apr1$tm53ra6x$FntXd6jcvxYM/YH0P2hcc1"
+ 
+tls:
+  options:
+    default:
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+      minVersion: VersionTLS12

traefik/data/traefik.yml

@@ -0,0 +1,47 @@
+api:
+  dashboard: true
+ 
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+ 
+  websecure:
+    address: :443
+    http:
+      middlewares:
+        - secureHeaders@file
+        - nofloc@file
+      tls:
+        certResolver: letsencrypt
+ 
+pilot:
+  dashboard: false
+ 
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /configurations/dynamic.yml
+ 
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: admin@yourdomain
+      storage: acme.json
+      keyType: EC384
+      httpChallenge:
+        entryPoint: web
+ 
+  buypass:
+    acme:
+      email: admin@yourdomain
+      storage: acme.json
+      caServer: https://api.buypass.com/acme/directory
+      keyType: EC256
+      httpChallenge:
+        entryPoint: web

traefik/env.cfg

@@ -0,0 +1,3 @@
+IMAGE_TAG_V3=traefik:v3.5.1
+IMAGE_TAG_V2=traefik:v2.11.29
+IMAGE_TAG_LATEST=traefik:latest

traefik/stack.yml

@@ -0,0 +1,38 @@
+#
+# Traefik
+# RUN: docker compose -p traefik --env-file ./traefik/env.cfg -f ./traefik/stack.yml up -d
+# PULL: docker compose -p traefik --env-file ./traefik/env.cfg -f ./traefik/stack.yml pull
+
+services:
+  traefik:
+    image: ${IMAGE_TAG_LATEST}
+    container_name: traefik
+    restart: always
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./data/traefik.yml:/traefik.yml:ro
+      - ./data/acme.json:/acme.json
+      # Add folder with dynamic configuration yml
+      - ./data/configurations:/configurations
+    networks:
+      - traefik-proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.entrypoints=web"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.6t7.com`)"
+      - "traefik.http.routers.traefik.tls=true"
+      - "traefik.http.routers.traefik.tls.certresolver=le"
+    logging:
+      driver: json-file
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+networks:
+
+  traefik-proxy:
+    external: true