Merge branch 'master'

This commit is contained in:
Siisi Nketsiah 2023-05-08 17:39:15 +00:00
commit 38e3c16de5
24 changed files with 752 additions and 0 deletions

35
.gitignore vendored Normal file
View file

@ -0,0 +1,35 @@
docker-compose.yml.save
docker-compose.yml.save.1
.bash_history
.bashrc
.docker/
/root/.env
.env-mysql
.local/
.profile
.python_history
.selected_editor
.ssh/
.wget-hsts
cert-export/
backup-yml-snippets/
snipeit/
pwm/
docker-setup.sh/
snipeit/
uptime-kuma/
vikunja/
drone/data/
elasticsearch/data/
gitea/data/
elasticsearch/data/
graylog/data/
mariadb/data/
mongodb/data/
nginx/data/
portainer/data/
portainer/portainer-backup/
traefik/data/acme.json
traefik/data/acme.json.bak
traefik/data/certs/
vaultwarden/data/

View file

@ -0,0 +1,28 @@
version: "3"
services:
dbgui:
image: adminer:4
container_name: adminer
hostname: dbgui
restart: always
networks:
- proxy
- backend
labels:
- "traefik.enable=true"
- "traefik.http.routers.adminer.entrypoints=http"
- "traefik.http.routers.adminer.rule=Host(`db.office.kh3group.com`)"
- "traefik.http.middlewares.adminer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.adminer.middlewares=adminer-https-redirect"
- "traefik.http.routers.adminer-secure.rule=Host(`db.office.kh3group.com`)"
- "traefik.http.routers.adminer-secure.tls=true"
- "traefik.http.routers.adminer-secure.service=adminer"
- "traefik.http.services.adminer.loadbalancer.server.port=8080"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true
backend:
external: true

2
crowdsec/Dockerfile Normal file
View file

@ -0,0 +1,2 @@
FROM metabase/metabase
RUN mkdir /data/ && wget https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/metabase_sqlite.zip && unzip metabase_sqlite.zip -d /data/

View file

@ -0,0 +1,4 @@
filenames:
- /var/log/traefik/*
labels:
type: traefik

View file

@ -0,0 +1,38 @@
version: '3.8'
services:
guard:
image: crowdsecurity/crowdsec:v1.4.3
container_name: crowdsec
hostname: guard
environment:
COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik"
volumes:
- /root/crowdsec/data/config/acquis.yaml:/etc/crowdsec/acquis.yaml
- crowdsec-db:/var/lib/crowdsec/data/
- crowdsec-config:/etc/crowdsec/
- traefik_traefik-logs:/var/log/traefik/:ro
networks:
- proxy
restart: unless-stopped
bouncer-traefik:
image: fbonalair/traefik-crowdsec-bouncer:latest
container_name: bouncer-traefik
hostname: bouncer-traefik
environment:
CROWDSEC_BOUNCER_API_KEY: 22bae1bfe5ec4d708efc9471a665a3c1
CROWDSEC_AGENT_HOST: guard:8080
networks:
- proxy
depends_on:
- guard
restart: unless-stopped
networks:
proxy:
external: true
volumes:
crowdsec-db:
crowdsec-config:
traefik_traefik-logs:
external: true

11
docker-setup.sh Executable file
View file

@ -0,0 +1,11 @@
#!/bin/bash
apt-get update
apt-get install -y ca-certificates curl gnupg lsb-release
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io
curl -SL https://github.com/docker/compose/releases/download/v2.12.0/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
chmod +x /usr/bin/docker-compose

3
drone/.env Normal file
View file

@ -0,0 +1,3 @@
DRONE_GITEA_CLIENT_ID=0e1dc5a7-e7c6-49a9-bfb6-0788b841cd80
DRONE_GITEA_CLIENT_SECRET=gto_zpobgtdlqcfeha7not3qezm2yccfpahvrxpmu2smsj5gzxyepcna
DRONE_RPC_SECRET=5d92181e9ce8ec5574a28b09d8f185d7

56
drone/docker-compose.yml Normal file
View file

@ -0,0 +1,56 @@
version: '3'
services:
ci:
image: drone/drone:latest
container_name: drone
hostname: ci
volumes:
- /root/drone/data:/data
environment:
- DRONE_GITEA_SERVER=https://git.office.kh3group.com
- DRONE_GIT_ALWAYS_AUTH=true
- DRONE_GITEA_CLIENT_ID=${DRONE_GITEA_CLIENT_ID}
- DRONE_GITEA_CLIENT_SECRET=${DRONE_GITEA_CLIENT_SECRET}
- DRONE_SERVER_HOST=drone.office.kh3group.com
- DRONE_SERVER_PROTO=https
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_USER_CREATE=username:support,admin:true
restart: unless-stopped
labels:
- "traefik.http.routers.drone.entrypoints=http"
- "traefik.http.routers.drone.rule=Host(`drone.office.kh3group.com`)"
- "traefik.http.middlewares.drone-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.drone.middlewares=drone-https-redirect"
- "traefik.enable=true"
- "traefik.http.routers.drone-secure.entrypoints=https"
- "traefik.http.routers.drone-secure.rule=Host(`drone.office.kh3group.com`) || Host(`drone.kh3group.com`)"
- "traefik.http.routers.drone-secure.tls=true"
- "traefik.http.routers.drone-secure.service=drone"
- "traefik.http.services.drone.loadbalancer.server.port=80"
- "traefik.docker.network=proxy"
networks:
- proxy
- backend
ci-agent:
image: drone/drone-runner-docker:1
container_name: drone-runner
hostname: ci-agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_PROTO=https
- DRONE_RPC_HOST=drone.office.kh3group.com
- DRONE_RPC_SECRET=${DRONE_RPC_SECRET}
- DRONE_RUNNER_CAPACITY=2
- DRONE_RUNNER_NAME=droner1
restart: unless-stopped
networks:
- backend
networks:
proxy:
external: true
backend:
external: true

View file

@ -0,0 +1,29 @@
services:
search:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
container_name: elasticsearch
hostname: search
restart: always
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
deploy:
resources:
limits:
memory: 512m
networks:
- backend
volumes:
- /root/elasticsearch/data/es_data:/var/lib/elasticsearch/data
healthcheck:
test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
networks:
backend:
external: true

4
gitea/Dockerfile Normal file
View file

@ -0,0 +1,4 @@
FROM alpine/git:latest
WORKDIR /git
VOLUME /git/notebook.git
CMD ["init", "--bare", "notebook.git"]

35
gitea/docker-compose.yml Normal file
View file

@ -0,0 +1,35 @@
version: "3"
services:
gitbox:
image: gitea/gitea:latest
container_name: gitea
hostname: gitbox
restart: unless-stopped
volumes:
- /root/gitea/data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
networks:
- backend
- proxy
ports:
- "2222:22"
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitbox.entrypoints=http"
- "traefik.http.routers.gitbox.rule=Host(`git.office.kh3group.com`)"
- "traefik.http.middlewares.gitbox-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.gitbox.middlewares=gitbox-https-redirect"
- "traefik.http.routers.gitbox-secure.entrypoints=https"
- "traefik.http.routers.gitbox-secure.rule=Host(`git.office.kh3group.com`)||Host(`git.kh3group.com`)"
- "traefik.http.routers.gitbox-secure.tls=true"
- "traefik.http.routers.gitbox-secure.service=gitbox"
- "traefik.http.services.gitbox.loadbalancer.server.port=3000"
- "traefik.docker.network=proxy"
networks:
backend:
external: true
proxy:
external: true

4
graylog/.env Normal file
View file

@ -0,0 +1,4 @@
GRAYLOG_PASSWORD_SECRET="9MpRZ75yyhNZkCycJj6tL4CcCej9yK8oP7o6KynnGxQhyEbAvYUM9Jv7BkSKYF7M"
GRAYLOG_ROOT_PASSWORD_SHA2="90ecc336d6200b1389eb49c4b557ee42892345c2f727453ae82c96e6de94098e"

View file

@ -0,0 +1,72 @@
version: '3'
services:
logs:
image: graylog/graylog:5.0
container_name: graylog
hostname: logs
entrypoint: "/usr/bin/tini -- wait-for-it search:9200 -- /docker-entrypoint.sh"
volumes:
- /root/graylog/data/graylog_data:/usr/share/graylog/data/data
- /root/graylog/data/graylog_journal:/usr/share/graylog/data/journal
networks:
- proxy
- backend
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.logs.entrypoints=http"
- "traefik.http.routers.logs.rule=Host(`logs.office.kh3group.com`)"
- "traefik.http.middlewares.logs-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.logs.middlewares=logs-https-redirect"
- "traefik.http.routers.logs-secure.entrypoints=https"
- "traefik.http.routers.logs-secure.rule=Host(`logs.office.kh3group.com`)||Host(`logs.kh3group.com`)"
- "traefik.http.routers.logs-secure.tls=true"
- "traefik.http.routers.logs-secure.service=logs"
- "traefik.http.services.logs.loadbalancer.server.port=9000"
- "traefik.docker.network=proxy"
environment:
- GRAYLOG_PASSWORD_SECRET=${GRAYLOG_PASSWORD_SECRET}
- GRAYLOG_ROOT_PASSWORD_SHA2=${GRAYLOG_ROOT_PASSWORD_SHA2}
- GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
- GRAYLOG_HTTP_EXTERNAL_URI=http://logs.office.kh3group.com/
- GRAYLOG_ELASTICSEARCH_HOSTS=http://search:9200
- GRAYLOG_MONGODB_URI=mongodb://nosqldb:27017/graylog
- GRAYLOG_ROOT_TIMEZONE=Africa/Accra
healthcheck:
test: [ "CMD", "curl", "-f", "http://127.0.0.1:9000" ]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
ports:
- "5044:5044/tcp" # Beats
- "5140:5140/udp" # Syslog
- "5140:5140/tcp" # Syslog
- "5141:5141/udp" # Syslog 2
- "5141:5141/tcp" # Syslog 2
- "5142:5142/udp" # Syslog 3
- "5142:5142/tcp" # Syslog 3
- "5143:5143/udp" # Syslog 4
- "5143:5143/tcp" # Syslog 4
- "5144:5144/udp" # Syslog 5
- "5144:5144/tcp" # Syslog 5
- "5145:5145/udp" # Syslog 6
- "5145:5145/tcp" # Syslog 6
- "5146:5146/udp" # Syslog 7
- "5146:5146/tcp" # Syslog 7
- "5555:5555/tcp" # RAW TCP
- "5555:5555/udp" # RAW TCP
- "9000:9000/tcp" # Server API
- "12201:12201/tcp" # GELF TCP
- "12201:12201/udp" # GELF UDP
#- "10000:10000/tcp" # Custom TCP port
#- "10000:10000/udp" # Custom UDP port
- "13301:13301/tcp" # Forwarder data
- "13302:13302/tcp" # Forwarder config
networks:
backend:
external: true
proxy:
external: true

5
mariadb/.env Normal file
View file

@ -0,0 +1,5 @@
# Mysql Parameters
MYSQL_ROOT_PASSWORD = pass@w0rd1
MYSQL_DATABASE = snipeit
MYSQL_USER = snipeit
MYSQL_PASSWORD = pass@w0rd1

View file

@ -0,0 +1,17 @@
version: "3"
services:
db:
image: mariadb:10.5
container_name: mariadb
hostname: ims
restart: always
volumes:
- /root/mariadb/data:/var/lib/mysql
env_file: .env
networks:
- backend
networks:
backend:
external: true

View file

@ -0,0 +1,22 @@
version: '3'
services:
nosqldb:
image: mongo:5
container_name: mongodb
hostname: nosqldb
restart: always
networks:
- backend
volumes:
- /root/mongodb/data/mongo_data:/data/db
healthcheck:
test: ["CMD-SHELL", "echo 'db.stats().ok' | mongo localhost:27017/test --quiet"]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
networks:
backend:
external: true

28
nginx/docker-compose.yml Normal file
View file

@ -0,0 +1,28 @@
version: '3'
services:
docs:
image: nginx:stable-alpine-slim
container_name: nginx
hostname: docs
restart: always
volumes:
- /root/nginx/data/mkdocs/site:/usr/share/nginx/html:ro
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.docs.entrypoints=http"
- "traefik.http.routers.docs.rule=Host(`docs.office.kh3group.com`)"
- "traefik.http.middlewares.docs-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.docs.middlewares=docs-https-redirect"
- "traefik.http.routers.docs-secure.entrypoints=https"
- "traefik.http.routers.docs-secure.rule=Host(`docs.office.kh3group.com`)||Host(`docs.kh3group.com`)"
- "traefik.http.routers.docs-secure.tls=true"
- "traefik.http.routers.docs-secure.service=docs"
- "traefik.http.services.docs.loadbalancer.server.port=80"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true

View file

@ -0,0 +1,31 @@
version: '3'
services:
mgmt:
image: portainer/portainer-ce:2.15.0-alpine
container_name: portainer
hostname: mgmt
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/portainer/data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.entrypoints=http"
- "traefik.http.routers.portainer.rule=Host(`mgmt.office.kh3group.com`)"
- "traefik.http.middlewares.portainer-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.portainer.middlewares=portainer-https-redirect"
- "traefik.http.routers.portainer-secure.rule=Host(`mgmt.office.kh3group.com`)||Host(`mgmt.kh3group.com`)"
- "traefik.http.routers.portainer-secure.tls=true"
- "traefik.http.routers.portainer-secure.service=portainer"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.docker.network=proxy"
- "com.github.SnowMB.traefik-certificate-extractor.restart_domain=office.kh3group.com"
networks:
proxy:
external: true

3
traefik/.env Normal file
View file

@ -0,0 +1,3 @@
EMAIL=signup@kh3group.com
API_KEY=a392c6b70da6daeadb76879dad6d3ba1b4951

186
traefik/data/config.yml Normal file
View file

@ -0,0 +1,186 @@
http:
#region routers
routers:
pve01:
entryPoints:
- "http"
- "https"
rule: "Host(`pve01.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: pve01
pve02:
entryPoints:
- "https"
rule: "Host(`pve02.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: pve02
pve03:
entryPoints:
- "https"
rule: "Host(`pve03.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: pve03
pihole:
entryPoints:
- "https"
rule: "Host(`dns.office.kh3group.com`) || Host(`dns.kh3group.com`) "
middlewares:
- default-headers
- addprefix-pihole
tls: {}
service: pihole
pfsense:
entryPoints:
- "https"
rule: "Host(`firewall.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: pfsense
mysite:
entryPoints:
- "https"
rule: "Host(`my.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: mysite
portal:
entryPoints:
- "https"
rule: "Host(`portal.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: portal
printer:
entryPoints:
- "https"
rule: "Host(`printer.office.kh3group.com`)"
middlewares:
- default-headers
# - prefix-printer
tls: {}
service: printer
#endregion
#region services
services:
pve01:
loadBalancer:
servers:
- url: "https://192.168.2.3:8006"
passHostHeader: true
pve02:
loadBalancer:
servers:
- url: "https://192.168.2.10:8006"
passHostHeader: true
pve03:
loadBalancer:
servers:
- url: "https://192.168.100.60:8006"
passHostHeader: true
pihole:
loadBalancer:
servers:
- url: "http://192.168.2.2:80"
passHostHeader: true
pfsense:
loadBalancer:
servers:
- url: "https://192.168.100.1:443"
passHostHeader: true
mysite:
loadBalancer:
serversTransport: sptransport
servers:
- url: "http://192.168.2.34:80"
passHostHeader: true
portal:
loadBalancer:
serversTransport: sptransport
servers:
- url: "http://192.168.2.33:80"
passHostHeader: true
printer:
loadBalancer:
servers:
- url: "https://192.168.100.100"
passHostHeader: true
#endregion
serversTransports:
sptransport:
disableHTTP2: true
middlewares:
addprefix-pihole:
addPrefix:
prefix: "/admin"
https-redirect:
redirectScheme:
scheme: https
prefix-printer:
addPrefix:
prefix: "/main"
default-headers:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
idrac:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipWhiteList:
sourceRange:
- "10.0.0.0/8"
- "192.168.100.0/24"
- "172.16.16.0/32"
secured:
chain:
middlewares:
- default-whitelist
- default-headers
crowdsec-bouncer:
forwardauth:
address: http://bouncer-traefik:8080/api/v1/forwardAuth
trustForwardHeader: true
#tcp:
# routers:
# mysites:
# rule: "HostSNI(`my.office.kh3group.com`)"
# tls: {}
# service: mysites
# services:
# mysites:
# loadBalancer:
# servers:
# - address: "192.168.2.34:80"

42
traefik/data/traefik.yml Normal file
View file

@ -0,0 +1,42 @@
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
permanent: true
middlewares:
- crowdsec-bouncer@file
https:
address: ":443"
http:
middlewares:
- crowdsec-bouncer@file
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: signup@kh3group.com
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
log:
level: "INFO"
filepath: "/var/log/traefik/traefik.log"
accessLog:
filepath: "/var/log/traefik/access.log"

View file

@ -0,0 +1,46 @@
version: '3'
services:
rproxy:
image: traefik:v2.9
container_name: traefik
hostname: rproxy
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=$EMAIL
- CF_API_KEY=$API_KEY
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/traefik/data/traefik.yml:/traefik.yml:ro
- /root/traefik/data/acme.json:/acme.json
- /root/traefik/data/config.yml:/config.yml:ro
- traefik-logs:/var/log/traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.office.kh3group.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=support:$$apr1$$/SnQnIjg$$kOB5lj/Au8brVdk.tsrFb/"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.office.kh3group.com`)||Host(`traefik.kh3group.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=office.kh3group.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.office.kh3group.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: true
volumes:
traefik-logs:

1
vaultwarden/.env Normal file
View file

@ -0,0 +1 @@
ADMIN_TOKEN=AA3dZSkzngyxOpp1HPhJzbNFIEVgnZYROdbToHVXouUAlULSrkw7XEyUYHNVRYyY

View file

@ -0,0 +1,50 @@
version: "3"
services:
pass:
image: vaultwarden/server
container_name: vaultwarden
hostname: pass
restart: unless-stopped
volumes:
- /root/vaultwarden/data:/data
environment:
- WEBSOCKET_ENABLED=true
- WEB_VAULT_ENABLED=true
- DOMAIN=http://pass.office.kh3group.com
- SIGNUPS_ALLOWED=false
- SIGNUPS_DOMAINS_WHITELIST=kh3group.com,office.kh3group.com
# Comment admin token to disable admin interface
- ADMIN_TOKEN=${ADMIN_TOKEN}
- SMTP_HOST=smtp.gmail.com
- SMTP_FROM=alerts@kh3group.com
- SMTP_PORT=587
- SMTP_SSL=true
- SMTP_USERNAME=alerts@kh3group.com
- SMTP_PASSWORD=anruflwtglalnjto
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.entrypoints=http"
- "traefik.http.routers.vaultwarden.rule=Host(`pass.office.kh3group.com`)"
- "traefik.http.middlewares.vaultwarden-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.vaultwarden.middlewares=vaultwarden-https-redirect"
- "traefik.http.routers.vaultwarden-secure.entrypoints=https"
- "traefik.http.routers.vaultwarden-secure.rule=Host(`pass.office.kh3group.com`)||Host(`pass.kh3group.com`)"
- "traefik.http.routers.vaultwarden-secure.tls=true"
- "traefik.http.routers.vaultwarden-secure.service=vaultwarden"
- "traefik.http.services.vaultwarden.loadbalancer.server.port=80"
- "traefik.docker.network=proxy"
# Watchtower Update
- "com.centurylinklabs.watchtower.enable=true"
# Ip filtering
#- "traefik.http.routers.bitwarden.middlewares=whitelist@file"
logging:
driver: "syslog"
options:
tag: "Bitwarden"
networks:
proxy:
external: true