First push from proxy (docker host) to gitea
This commit is contained in:
commit
a69fa8cc56
25 changed files with 781 additions and 0 deletions
3
traefik/.env
Normal file
3
traefik/.env
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
EMAIL=signup@kh3group.com
|
||||
API_KEY=a392c6b70da6daeadb76879dad6d3ba1b4951
|
||||
|
||||
186
traefik/data/config.yml
Normal file
186
traefik/data/config.yml
Normal file
|
|
@ -0,0 +1,186 @@
|
|||
http:
|
||||
#region routers
|
||||
routers:
|
||||
pve01:
|
||||
entryPoints:
|
||||
- "http"
|
||||
- "https"
|
||||
rule: "Host(`pve01.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: pve01
|
||||
pve02:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`pve02.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: pve02
|
||||
pve03:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`pve03.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: pve03
|
||||
pihole:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`dns.office.kh3group.com`) || Host(`dns.kh3group.com`) "
|
||||
middlewares:
|
||||
- default-headers
|
||||
- addprefix-pihole
|
||||
tls: {}
|
||||
service: pihole
|
||||
pfsense:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`firewall.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: pfsense
|
||||
mysite:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`my.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: mysite
|
||||
portal:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`portal.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
tls: {}
|
||||
service: portal
|
||||
printer:
|
||||
entryPoints:
|
||||
- "https"
|
||||
rule: "Host(`printer.office.kh3group.com`)"
|
||||
middlewares:
|
||||
- default-headers
|
||||
# - prefix-printer
|
||||
tls: {}
|
||||
service: printer
|
||||
#endregion
|
||||
#region services
|
||||
services:
|
||||
pve01:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.2.3:8006"
|
||||
passHostHeader: true
|
||||
pve02:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.2.10:8006"
|
||||
passHostHeader: true
|
||||
pve03:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.100.60:8006"
|
||||
passHostHeader: true
|
||||
pihole:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://192.168.2.2:80"
|
||||
passHostHeader: true
|
||||
pfsense:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.100.1:443"
|
||||
passHostHeader: true
|
||||
mysite:
|
||||
loadBalancer:
|
||||
serversTransport: sptransport
|
||||
servers:
|
||||
- url: "http://192.168.2.34:80"
|
||||
passHostHeader: true
|
||||
portal:
|
||||
loadBalancer:
|
||||
serversTransport: sptransport
|
||||
servers:
|
||||
- url: "http://192.168.2.33:80"
|
||||
passHostHeader: true
|
||||
printer:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://192.168.100.100"
|
||||
passHostHeader: true
|
||||
#endregion
|
||||
serversTransports:
|
||||
sptransport:
|
||||
disableHTTP2: true
|
||||
|
||||
middlewares:
|
||||
addprefix-pihole:
|
||||
addPrefix:
|
||||
prefix: "/admin"
|
||||
https-redirect:
|
||||
redirectScheme:
|
||||
scheme: https
|
||||
prefix-printer:
|
||||
addPrefix:
|
||||
prefix: "/main"
|
||||
|
||||
default-headers:
|
||||
headers:
|
||||
frameDeny: true
|
||||
sslRedirect: true
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
forceSTSHeader: true
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
stsSeconds: 15552000
|
||||
customFrameOptionsValue: SAMEORIGIN
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
|
||||
idrac:
|
||||
headers:
|
||||
frameDeny: true
|
||||
sslRedirect: true
|
||||
browserXssFilter: true
|
||||
forceSTSHeader: true
|
||||
stsIncludeSubdomains: true
|
||||
stsSeconds: 15552000
|
||||
customFrameOptionsValue: SAMEORIGIN
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
|
||||
default-whitelist:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- "10.0.0.0/8"
|
||||
- "192.168.100.0/24"
|
||||
- "172.16.16.0/32"
|
||||
|
||||
secured:
|
||||
chain:
|
||||
middlewares:
|
||||
- default-whitelist
|
||||
- default-headers
|
||||
|
||||
crowdsec-bouncer:
|
||||
forwardauth:
|
||||
address: http://bouncer-traefik:8080/api/v1/forwardAuth
|
||||
trustForwardHeader: true
|
||||
|
||||
#tcp:
|
||||
# routers:
|
||||
# mysites:
|
||||
# rule: "HostSNI(`my.office.kh3group.com`)"
|
||||
# tls: {}
|
||||
# service: mysites
|
||||
# services:
|
||||
# mysites:
|
||||
# loadBalancer:
|
||||
# servers:
|
||||
# - address: "192.168.2.34:80"
|
||||
42
traefik/data/traefik.yml
Normal file
42
traefik/data/traefik.yml
Normal file
|
|
@ -0,0 +1,42 @@
|
|||
api:
|
||||
dashboard: true
|
||||
debug: true
|
||||
entryPoints:
|
||||
http:
|
||||
address: ":80"
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: https
|
||||
scheme: https
|
||||
permanent: true
|
||||
middlewares:
|
||||
- crowdsec-bouncer@file
|
||||
https:
|
||||
address: ":443"
|
||||
http:
|
||||
middlewares:
|
||||
- crowdsec-bouncer@file
|
||||
serversTransport:
|
||||
insecureSkipVerify: true
|
||||
providers:
|
||||
docker:
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
exposedByDefault: false
|
||||
file:
|
||||
filename: /config.yml
|
||||
certificatesResolvers:
|
||||
cloudflare:
|
||||
acme:
|
||||
email: signup@kh3group.com
|
||||
storage: acme.json
|
||||
dnsChallenge:
|
||||
provider: cloudflare
|
||||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "1.0.0.1:53"
|
||||
log:
|
||||
level: "INFO"
|
||||
filepath: "/var/log/traefik/traefik.log"
|
||||
accessLog:
|
||||
filepath: "/var/log/traefik/access.log"
|
||||
46
traefik/docker-compose.yml
Normal file
46
traefik/docker-compose.yml
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
version: '3'
|
||||
|
||||
services:
|
||||
rproxy:
|
||||
image: traefik:v2.9
|
||||
container_name: traefik
|
||||
hostname: rproxy
|
||||
restart: unless-stopped
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
networks:
|
||||
- proxy
|
||||
ports:
|
||||
- 80:80
|
||||
- 443:443
|
||||
environment:
|
||||
- CF_API_EMAIL=$EMAIL
|
||||
- CF_API_KEY=$API_KEY
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- /root/traefik/data/traefik.yml:/traefik.yml:ro
|
||||
- /root/traefik/data/acme.json:/acme.json
|
||||
- /root/traefik/data/config.yml:/config.yml:ro
|
||||
- traefik-logs:/var/log/traefik
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik.entrypoints=http"
|
||||
- "traefik.http.routers.traefik.rule=Host(`traefik.office.kh3group.com`)"
|
||||
- "traefik.http.middlewares.traefik-auth.basicauth.users=support:$$apr1$$/SnQnIjg$$kOB5lj/Au8brVdk.tsrFb/"
|
||||
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
|
||||
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
|
||||
- "traefik.http.routers.traefik-secure.entrypoints=https"
|
||||
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.office.kh3group.com`)||Host(`traefik.kh3group.com`)"
|
||||
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
|
||||
- "traefik.http.routers.traefik-secure.tls=true"
|
||||
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
|
||||
- "traefik.http.routers.traefik-secure.tls.domains[0].main=office.kh3group.com"
|
||||
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.office.kh3group.com"
|
||||
- "traefik.http.routers.traefik-secure.service=api@internal"
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
volumes:
|
||||
traefik-logs:
|
||||
Loading…
Add table
Add a link
Reference in a new issue