traefik dashboard and improvements in traefik, crowdsec

2026-01-13 00:53:28 +01:00
parent 53070e9667
commit 627d13df13
22 changed files with 69 additions and 18 deletions
--- a/project/db/lldap/lldap.yml
+++ b/project/db/lldap/lldap.yml
@@ -39,7 +39,6 @@ services:
      - "traefik.http.routers.lldap.rule=Host(`ldap.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.lldap.entrypoints=https"
      - "traefik.http.routers.lldap.tls=true"
-      - "traefik.http.routers.lldap.tls.certresolver=myresolver"
      - "traefik.http.routers.lldap.service=lldap-service"
      - "traefik.http.services.lldap-service.loadbalancer.server.port=17170"
      - "traefik.http.services.lldap-service.loadbalancer.server.scheme=http"
--- a/project/infrastructure/authelia/authelia.yml
+++ b/project/infrastructure/authelia/authelia.yml
@@ -36,7 +36,6 @@ services:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.authelia.rule=Host(`auth.${PUBLIC_DOMAIN}`)"
-      - "traefik.http.routers.authelia.tls.certresolver=myresolver"
      - "traefik.http.routers.authelia.entryPoints=https"
      - "traefik.http.routers.authelia.tls=true"
      - "traefik.http.routers.authelia.service=authelia-svc"
--- a/project/infrastructure/traefik/log-dashboard/dashboard/agents.db
+++ b/project/infrastructure/traefik/log-dashboard/dashboard/agents.db
--- a/project/infrastructure/traefik/log-dashboard/dashboard/agents.db-shm
+++ b/project/infrastructure/traefik/log-dashboard/dashboard/agents.db-shm
--- a/project/infrastructure/traefik/log-dashboard/dashboard/agents.db-wal
+++ b/project/infrastructure/traefik/log-dashboard/dashboard/agents.db-wal
--- a/project/infrastructure/traefik/log-dashboard/dashboard/historical.db
+++ b/project/infrastructure/traefik/log-dashboard/dashboard/historical.db
--- a/project/infrastructure/traefik/log-dashboard/dashboard/historical.db-shm
+++ b/project/infrastructure/traefik/log-dashboard/dashboard/historical.db-shm
--- a/project/infrastructure/traefik/log-dashboard/dashboard/historical.db-wal
+++ b/project/infrastructure/traefik/log-dashboard/dashboard/historical.db-wal
--- a/project/infrastructure/traefik/log-dashboard/positions/.position
+++ b/project/infrastructure/traefik/log-dashboard/positions/.position
@@ -0,0 +1,3 @@
+{
+  "/logs/traefik.log": 69278
+}
--- a/project/infrastructure/traefik/traefik.yml
+++ b/project/infrastructure/traefik/traefik.yml
@@ -35,6 +35,68 @@ services:
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.tls=true"

+  traefik-agent:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: hhftechnology/traefik-log-dashboard-agent:2.4.0
+    container_name: traefik-log-dashboard-agent
+    networks:
+      - ip4net
+    ports:
+      - "8078:5000"
+    volumes:
+      - "/var/log/crowdsec/:/logs:ro"
+      - "${INFRA_PATH}/traefik/log-dashboard/positions:/data"
+    environment:
+      TRAEFIK_LOG_DASHBOARD_ACCESS_PATH: /logs/traefik.log
+      TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
+      TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true
+      TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "wget",
+          "--no-verbose",
+          "--tries=1",
+          "--spider",
+          "http://localhost:5000/api/logs/status",
+        ]
+      interval: 2m
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+  traefik-dashboard:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: hhftechnology/traefik-log-dashboard:2.4.0
+    container_name: traefik-log-dashboard
+    networks:
+      - ip4net
+    ports:
+      - "8077:3000"
+    volumes:
+      - ./data/dashboard:/app/data
+      - "${INFRA_PATH}/traefik/log-dashboard/dashboard:/app/data"
+      - "${INFRA_PATH}/traefik/log-dashboard/positions:/data"
+    environment:
+      AGENT_API_URL: http://192.168.178.35:8078
+      AGENT_API_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
+      # Display Configuration
+      NEXT_PUBLIC_SHOW_DEMO_PAGE: false
+    depends_on:
+      traefik-agent:
+        condition: service_healthy
+    labels:
+      # traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik-log-dashboard.rule=Host(`traefik-dashboard.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.traefik-log-dashboard.entrypoints=https"
+      - "traefik.http.routers.traefik-log-dashboard.tls=true"
+
  whoami:
    extends:
      file: ${TEMPLATES_PATH}
--- a/project/media/audiobookshelf/audiobookshelf.yml
+++ b/project/media/audiobookshelf/audiobookshelf.yml
@@ -18,7 +18,6 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.audiobookshelf.rule=Host(`audiobookshelf.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.audiobookshelf.entrypoints=https"
-      - "traefik.http.routers.audiobookshelf.tls.certresolver=myresolver"
      - "traefik.http.routers.audiobookshelf.tls=true"
      # Middlewares
      - "traefik.http.routers.audiobookshelf.middlewares=crowdsec-bouncer@file"
--- a/project/media/immich/immich.yml
+++ b/project/media/immich/immich.yml
@@ -25,7 +25,6 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.immich-server.rule=Host(`immich.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.immich-server.entrypoints=https"
-      - "traefik.http.routers.immich-server.tls.certresolver=myresolver"
      - "traefik.http.routers.immich-server.tls=true"
      # Middlewares
      - "traefik.http.routers.immich-server.middlewares=crowdsec-bouncer@file"
@@ -43,7 +42,7 @@ services:

  # https://github.com/Salvoxia/immich-folder-album-creator
  # one time run:
-  # docker run -e -e API_URL="https://immich.crescentec.xyz/api/" -e API_KEY="qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA" -e ROOT_PATH="/usr/src/app/external" -e LOG_LEVEL="DEBUG" salvoxia/immich-folder-album-creator:latest /script/immich_auto_album.sh
+  # docker run -e -e API_URL="https://immich.${PUBLIC_DOMAIN}/api/" -e API_KEY="qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA" -e ROOT_PATH="/usr/src/app/external" -e LOG_LEVEL="DEBUG" salvoxia/immich-folder-album-creator:latest /script/immich_auto_album.sh
  immich-folder-album-creator:
    extends:
      file: ${TEMPLATES_PATH}
@@ -51,7 +50,7 @@ services:
    container_name: immich_folder_album_creator
    image: salvoxia/immich-folder-album-creator:0.24.0
    environment:
-      API_URL: https://immich.crescentec.xyz/api
+      API_URL: https://immich.${PUBLIC_DOMAIN}/api
      API_KEY: qTaebdVMtph9yD0pSJRJDQJkDEpexiXNMJ5V5HBEnA
      ROOT_PATH: /usr/src/app/external
      CRON_EXPRESSION: "0 * * * *"
--- a/project/service/freshrss/freshrss.yml
+++ b/project/service/freshrss/freshrss.yml
@@ -21,6 +21,5 @@ services:
      - "traefik.http.routers.freshrss.rule=Host(`rss.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.freshrss.entrypoints=https"
      - "traefik.http.routers.freshrss.tls=true"
-      - "traefik.http.routers.freshrss.tls.certresolver=myresolver"
      # Middlewares
      - "traefik.http.routers.freshrss.middlewares=crowdsec-bouncer@file"
--- a/project/service/gitea/gitea.yml
+++ b/project/service/gitea/gitea.yml
@@ -41,7 +41,6 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.rule=Host(`gitea.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.gitea.entrypoints=https"
-      - "traefik.http.routers.gitea.tls.certresolver=myresolver"
      - "traefik.http.routers.gitea.tls=true"
      - "traefik.http.routers.gitea.service=gitea-service"
      - "traefik.http.services.gitea-service.loadbalancer.server.port=4002"
--- a/project/service/mealie/mealie.yml
+++ b/project/service/mealie/mealie.yml
@@ -33,7 +33,6 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.mealie.rule=Host(`mealie.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.mealie.entrypoints=https"
-      - "traefik.http.routers.mealie.tls.certresolver=myresolver"
      - "traefik.http.routers.mealie.tls=true"
      # Middlewares
      - "traefik.http.routers.mealie.middlewares=crowdsec-bouncer@file"
--- a/project/service/n8n/n8n.yml
+++ b/project/service/n8n/n8n.yml
@@ -36,6 +36,5 @@ services:
      - "traefik.http.routers.n8n.rule=Host(`n8n.${LOCAL_DOMAIN}`)"
      - "traefik.http.routers.n8n.entrypoints=https"
      - "traefik.http.routers.n8n.tls=true"
-      - "traefik.http.routers.n8n.tls.certresolver=myresolver"
      # Middlewares
      - "traefik.http.routers.n8n.middlewares=crowdsec-bouncer@file"
--- a/project/service/ollama/ollama.yml
+++ b/project/service/ollama/ollama.yml
@@ -17,6 +17,5 @@ services:
      - "traefik.http.routers.ollama.rule=Host(`ollama.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.ollama.entrypoints=https"
      - "traefik.http.routers.ollama.tls=true"
-      - "traefik.http.routers.ollama.tls.certresolver=myresolver"
      # Middlewares
      - "traefik.http.routers.ollama.middlewares=crowdsec-bouncer@file"
--- a/project/service/paperless-ngx/paperless-ngx.yml
+++ b/project/service/paperless-ngx/paperless-ngx.yml
@@ -33,15 +33,14 @@ services:
      # PAPERLESS_DISABLE_REGULAR_LOGIN: true
      # PAPERLESS_ENABLE_HTTP_REMOTE_USER: true
      # PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME: HTTP_REMOTE_USER
-      # PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.crescentec.xyz/logout
+      # PAPERLESS_LOGOUT_REDIRECT_URL: https://auth.${PUBLIC_DOMAIN}/logout
      # PAPERLESS_APPS: "allauth.socialaccount.providers.openid_connect"
-      # PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"jzO0JYA35oOojGqxFJUaDXdgdXhuACyq4b3lvOx233wtoSyv19prQfCKah1mwyDv","settings":{"server_url":"https://auth.crescentec.xyz","token_auth_method":"client_secret_basic"}}]}}'
+      # PAPERLESS_SOCIALACCOUNT_PROVIDERS: '{"openid_connect":{"SCOPE":["openid","profile","email"],"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authelia","name":"Authelia","client_id":"paperless","secret":"jzO0JYA35oOojGqxFJUaDXdgdXhuACyq4b3lvOx233wtoSyv19prQfCKah1mwyDv","settings":{"server_url":"https://auth.${PUBLIC_DOMAIN}","token_auth_method":"client_secret_basic"}}]}}'
    labels:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.paperless.rule=Host(`paperless.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.paperless.entrypoints=https"
-      - "traefik.http.routers.paperless.tls.certresolver=myresolver"
      - "traefik.http.routers.paperless.tls=true"
      # Middlewares
      - "traefik.http.routers.paperless.middlewares=crowdsec-bouncer@file"
--- a/project/service/pdf/pdf.yml
+++ b/project/service/pdf/pdf.yml
@@ -14,7 +14,6 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.pdf.rule=Host(`pdf.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.pdf.entrypoints=https"
-      - "traefik.http.routers.pdf.tls.certresolver=myresolver"
      - "traefik.http.routers.pdf.tls=true"
      # Middlewares
      - "traefik.http.routers.pdf.middlewares=crowdsec-bouncer@file, authelia@file"
--- a/project/service/radicale/radicale.yml
+++ b/project/service/radicale/radicale.yml
@@ -30,7 +30,6 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.radicale.rule=Host(`radicale.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.radicale.entrypoints=https"
-      - "traefik.http.routers.radicale.tls.certresolver=myresolver"
      - "traefik.http.routers.radicale.tls=true"
      # Middlewares
      - "traefik.http.routers.radicale.middlewares=crowdsec-bouncer@file"
--- a/project/service/vaultwarden/vaultwarden.yml
+++ b/project/service/vaultwarden/vaultwarden.yml
@@ -27,6 +27,5 @@ services:
      - "traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.vaultwarden.entrypoints=https"
      - "traefik.http.routers.vaultwarden.tls=true"
-      - "traefik.http.routers.vaultwarden.tls.certresolver=myresolver"
      # Middlewares
      - "traefik.http.routers.vaultwarden.middlewares=crowdsec-bouncer@file"
--- a/project/service/vikunja/vikunja.yml
+++ b/project/service/vikunja/vikunja.yml
@@ -27,7 +27,6 @@ services:
      - "traefik.enable=true"
      - "traefik.http.routers.vikunja.rule=Host(`vikunja.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.vikunja.entrypoints=https"
-      - "traefik.http.routers.vikunja.tls.certresolver=myresolver"
      - "traefik.http.routers.vikunja.tls=true"
      # Middlewares
      - "traefik.http.routers.vikunja.middlewares=crowdsec-bouncer@file"