Compare commits
30 Commits
dddd076150
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| ddf912a4e9 | |||
| 15f47d5554 | |||
| 6992333c6f | |||
| 2af1f4c5d9 | |||
| e74476439d | |||
| c51f5a6d0d | |||
| 3f22dc885c | |||
| 456416b04d | |||
| 9a01d992ad | |||
| 154165ab18 | |||
| 445b638f55 | |||
| afe037ffad | |||
| 54bcc89c7f | |||
| d0e3149200 | |||
| c5a3763239 | |||
| 6287e7b6cd | |||
| f8857d8097 | |||
| 74a1e0b0f7 | |||
| 9afb7ff397 | |||
| adc4358152 | |||
| 139fe18e76 | |||
| 152ad30a5a | |||
| 632a19e9cc | |||
| ad916b67bb | |||
| 5c3cc4ae60 | |||
| 31cad6e3cb | |||
| 039354993e | |||
| f0521563b5 | |||
| 286ccd6cc8 | |||
| 97fcc660fb |
12
.gitignore
vendored
Normal file
12
.gitignore
vendored
Normal file
@@ -0,0 +1,12 @@
|
||||
# Ignore these files
|
||||
**/services/.env
|
||||
|
||||
# Ignore these folders
|
||||
letsencrypt/
|
||||
certs/
|
||||
log-dashboard/
|
||||
lib/
|
||||
**/headscale/config/
|
||||
**/headscale/run/
|
||||
**/crowdsec/config/
|
||||
**/crowdsec/data/
|
||||
@@ -2,3 +2,9 @@
|
||||
|
||||
This configuration includes a reverse proxy using caddy, headscale (VPN) and watchtower (automatic updates).
|
||||
It is particularly useful if you do not own an IPV4 address, as this could be deployed on a server. In this case it was deployed on an oracle server and automated using an ansible playbook found on this [repository](https://gitea.crescentec.ch/chriswin/vps-ansible)
|
||||
|
||||
For Crowdsec, if an enrollment to your console is wanted, run the following command:
|
||||
```
|
||||
docker compose -it exec cscli console enroll $ENROLLMENT_KEY
|
||||
```
|
||||
where the the enrollment can be found in your console under the engine page.
|
||||
|
||||
@@ -6,7 +6,6 @@
|
||||
# Whenever I need to remove some service then I can comment out the lines here.
|
||||
include:
|
||||
- path:
|
||||
- ${SERVICE_PATH}/caddy/caddy.yml
|
||||
- ${SERVICE_PATH}/crowdsec/crowdsec.yml
|
||||
- ${SERVICE_PATH}/headscale/headscale.yml
|
||||
- ${SERVICE_PATH}/traefik/traefik.yml
|
||||
|
||||
48
renovate.json
Normal file
48
renovate.json
Normal file
@@ -0,0 +1,48 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"schedule:automergeDaily"
|
||||
],
|
||||
"dependencyDashboard": true,
|
||||
"dependencyDashboardTitle": "Renovate Dashboard",
|
||||
"assignees": [
|
||||
"chriswin"
|
||||
],
|
||||
"labels": [
|
||||
"renovate"
|
||||
],
|
||||
"configMigration": true,
|
||||
"prHourlyLimit": 0,
|
||||
"packageRules": [
|
||||
{
|
||||
"matchCategories": [
|
||||
"docker"
|
||||
],
|
||||
"enabled": true,
|
||||
"managerFilePatterns": [
|
||||
"/(^|/)services/*\\Dockerfile$/"
|
||||
]
|
||||
},
|
||||
{
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
],
|
||||
"automerge": true,
|
||||
"automergeType": "pr"
|
||||
},
|
||||
{
|
||||
"matchUpdateTypes": [
|
||||
"major"
|
||||
],
|
||||
"automerge": false
|
||||
}
|
||||
],
|
||||
"docker-compose": {
|
||||
"enabled": true,
|
||||
"managerFilePatterns": [
|
||||
"/(^|/)docker-compose\\.yml$/",
|
||||
"/(^|/)services/.*\\.yml$/"
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -1 +0,0 @@
|
||||
CROWDSEC_API_KEY=8lbUZjrGQp9JZln2pa5G1SCj0Fc8f9SaZUwqLm+6ZJQ
|
||||
@@ -1,189 +0,0 @@
|
||||
(forward_headers) {
|
||||
header {
|
||||
Permissions-Policy interest-cohort=()
|
||||
Strict-Transport-Security "max-age=31536000; includeSubdomains"
|
||||
X-XSS-Protection "1; mode=block"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-Robots-Tag noindex, nofollow
|
||||
Referrer-Policy "same-origin"
|
||||
Content-Security-Policy "frame-ancestors {$public_domain }} *.{$public_domain}"
|
||||
-Server
|
||||
Permissions-Policy "geolocation=(self {$public_domain }} *.{$public_domain}), microphone=()"
|
||||
}
|
||||
}
|
||||
|
||||
auth.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
audiobookshelf.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
gitea.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
headscale.{$public_domain} {
|
||||
reverse_proxy headscale:8080
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
immich.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
ldap.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
linkwarden.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
mealie.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
navidrome.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
ntfy.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
paperless.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
radicale.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
rss.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
pdf.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
superset.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
vaultwarden.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
vikunja.{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
|
||||
{$public_domain} {
|
||||
reverse_proxy {$main_server_ip} {
|
||||
transport http {
|
||||
tls_insecure_skip_verify
|
||||
}
|
||||
}
|
||||
tls {$email}
|
||||
import forward_headers
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
services:
|
||||
caddy:
|
||||
extends:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
image: caddy
|
||||
container_name: caddy
|
||||
volumes:
|
||||
- ${SERVICE_PATH}/caddy/config:/etc/headscale
|
||||
- ${SERVICE_PATH}/caddy/Caddyfile:/etc/caddy/Caddyfile
|
||||
- ${SERVICE_PATH}/caddy/site:/srv
|
||||
- ${SERVICE_PATH}/caddy/data:/data
|
||||
- ${SERVICE_PATH}/caddy/config:/config
|
||||
- ${SERVICE_PATH}/caddy/certs:/certs
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
- "443:443/udp"
|
||||
environment:
|
||||
email: ${EMAIL}
|
||||
public_domain: ${PUBLIC_DOMAIN}
|
||||
private_domain: ${LOCAL_DOMAIN}
|
||||
main_server_ip: ${MAIN_SERVER_NODE_IP:-10.10.10.2}
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
networks:
|
||||
- ip4net
|
||||
labels:
|
||||
# Watchtower
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
@@ -4,7 +4,7 @@ services:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
container_name: crowdsec
|
||||
image: crowdsecurity/crowdsec:v1.7.4
|
||||
image: crowdsecurity/crowdsec:v1.7.6
|
||||
environment:
|
||||
COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve
|
||||
CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY}
|
||||
|
||||
@@ -3,19 +3,24 @@ services:
|
||||
extends:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
image: docker.io/headscale/headscale
|
||||
container_name: headscale
|
||||
image: docker.io/headscale/headscale
|
||||
container_name: headscale
|
||||
volumes:
|
||||
- ${SERVICE_PATH}/headscale/config:/etc/headscale
|
||||
- ${SERVICE_PATH}/headscale/lib:/var/lib/headscale
|
||||
- ${SERVICE_PATH}/headscale/run:/var/run/headscale
|
||||
ports:
|
||||
- 127.0.0.1:8080:8080 # api
|
||||
- 127.0.0.1:8080:8080 # api
|
||||
- 127.0.0.1:9090:9090 # metrics
|
||||
command: serve
|
||||
environment:
|
||||
networks:
|
||||
- ip4net
|
||||
labels:
|
||||
# Watchtower
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
# Traefik
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)"
|
||||
- "traefik.http.routers.headscale.entrypoints=https"
|
||||
- "traefik.http.routers.headscale.tls.certresolver=myresolver"
|
||||
- "traefik.http.routers.headscale.tls=true"
|
||||
- "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file"
|
||||
|
||||
@@ -5,32 +5,34 @@ http:
|
||||
crowdsec-bouncer:
|
||||
plugin:
|
||||
crowdsec-bouncer-traefik-plugin:
|
||||
enabled: true
|
||||
enabled: true
|
||||
logLevel: INFO
|
||||
updateIntervalSeconds: 60
|
||||
crowdsecMode: stream
|
||||
crowdsecMode: live
|
||||
crowdsecAppsecEnabled: true
|
||||
crowdsecAppsecFailureBlock: true
|
||||
crowdsecAppsecUnreachableBlock: true
|
||||
crowdsecAppsecHost: crowdsec:7422
|
||||
crowdsecLapiScheme: http
|
||||
crowdsecLapiHost: crowdsec:8080
|
||||
# generated using "docker exec crowdsec cscli bouncers add crowdsecBouncer"
|
||||
crowdseclapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
|
||||
crowdsecLapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
|
||||
forwardedHeadersTrustedIPs:
|
||||
- 10.0.0.0/8
|
||||
clientTrustedIPs:
|
||||
- 192.168.178.0/24
|
||||
captchaProvider: hcaptcha
|
||||
captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
|
||||
captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }}
|
||||
captchaGracePeriodSeconds: 1800
|
||||
captchaHTMLFilePath: /captcha.html
|
||||
banHTMLFilePath: /ban.html
|
||||
# captchaProvider: hcaptcha
|
||||
# captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
|
||||
# captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }}
|
||||
# captchaGracePeriodSeconds: 1800
|
||||
# captchaHTMLFilePath: /captcha.html
|
||||
# banHTMLFilePath: /ban.html
|
||||
|
||||
routers:
|
||||
authelia:
|
||||
rule: "Host(`auth.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -38,7 +40,7 @@ http:
|
||||
audiobookshelf:
|
||||
rule: "Host(`audiobookshelf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -46,15 +48,7 @@ http:
|
||||
gitea:
|
||||
rule: "Host(`gitea.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
|
||||
headscale:
|
||||
rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -62,7 +56,7 @@ http:
|
||||
immich:
|
||||
rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -70,7 +64,7 @@ http:
|
||||
lldap:
|
||||
rule: "Host(`ldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -78,7 +72,7 @@ http:
|
||||
linkwarden:
|
||||
rule: "Host(`linkwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -86,7 +80,7 @@ http:
|
||||
mealie:
|
||||
rule: "Host(`mealie.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -94,7 +88,7 @@ http:
|
||||
navidrome:
|
||||
rule: "Host(`navidrome.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -102,7 +96,7 @@ http:
|
||||
ntfy:
|
||||
rule: "Host(`ntfy.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -110,7 +104,7 @@ http:
|
||||
paperless:
|
||||
rule: "Host(`paperless.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -118,7 +112,7 @@ http:
|
||||
pdf:
|
||||
rule: "Host(`pdf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -126,7 +120,7 @@ http:
|
||||
radicale:
|
||||
rule: "Host(`radicale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -134,16 +128,15 @@ http:
|
||||
rss:
|
||||
rule: "Host(`rss.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
|
||||
<<<<<<< HEAD
|
||||
# superset:
|
||||
# rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
# service: node
|
||||
# entryPoints: https
|
||||
# entrypoints: https,http
|
||||
# tls:
|
||||
# certresolver: myresolver
|
||||
# middlewares: crowdsec-bouncer@file
|
||||
@@ -151,7 +144,7 @@ http:
|
||||
vaultwarden:
|
||||
rule: "Host(`vaultwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -159,7 +152,7 @@ http:
|
||||
vikunja:
|
||||
rule: "Host(`vikunja.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entrypoints: https,http
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -170,3 +163,12 @@ http:
|
||||
servers:
|
||||
- url: https://{{ env "TRAEFIK_MAIN_SERVER_NODE_IP" }}
|
||||
|
||||
tls:
|
||||
stores:
|
||||
default:
|
||||
defaultCertificate:
|
||||
certFile: /etc/certs/server-vps-lan.crt
|
||||
keyFile: /etc/certs/server-vps-lan.key
|
||||
certificates:
|
||||
- certFile: /etc/certs/server-vps-lan.crt
|
||||
keyFile: /etc/certs/server-vps-lan.key
|
||||
|
||||
@@ -3,7 +3,7 @@ services:
|
||||
extends:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
image: traefik:v3.6.6
|
||||
image: traefik:v3.6.10
|
||||
container_name: traefik
|
||||
ports:
|
||||
- "80:80"
|
||||
@@ -16,7 +16,11 @@ services:
|
||||
TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
|
||||
TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP}
|
||||
TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
|
||||
# INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN}
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: "0.3"
|
||||
memory: 150M
|
||||
volumes:
|
||||
- "/var/log/traefik/:/var/log/traefik/"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
@@ -33,64 +37,73 @@ services:
|
||||
- "traefik.http.routers.traefik.entrypoints=https"
|
||||
- "traefik.http.routers.traefik.tls=true"
|
||||
|
||||
# traefik-agent:
|
||||
# extends:
|
||||
# file: ${TEMPLATES_PATH}
|
||||
# service: default
|
||||
# image: hhftechnology/traefik-log-dashboard-agent:2.4.0
|
||||
# container_name: traefik-log-dashboard-agent
|
||||
# networks:
|
||||
# - ip4net
|
||||
# ports:
|
||||
# - "8078:5000"
|
||||
# volumes:
|
||||
# - "/var/log/crowdsec/:/logs:ro"
|
||||
# - "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
|
||||
# environment:
|
||||
# TRAEFIK_LOG_DASHBOARD_ACCESS_PATH: /logs/traefik.log
|
||||
# TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
|
||||
# TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true
|
||||
# TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json
|
||||
# healthcheck:
|
||||
# test:
|
||||
# [
|
||||
# "CMD",
|
||||
# "wget",
|
||||
# "--no-verbose",
|
||||
# "--tries=1",
|
||||
# "--spider",
|
||||
# "http://localhost:5000/api/logs/status",
|
||||
# ]
|
||||
# interval: 2m
|
||||
# timeout: 10s
|
||||
# retries: 3
|
||||
# start_period: 30s
|
||||
#
|
||||
# traefik-dashboard:
|
||||
# extends:
|
||||
# file: ${TEMPLATES_PATH}
|
||||
# service: default
|
||||
# image: hhftechnology/traefik-log-dashboard:2.4.0
|
||||
# container_name: traefik-log-dashboard
|
||||
# networks:
|
||||
# - ip4net
|
||||
# ports:
|
||||
# - "8077:3000"
|
||||
# volumes:
|
||||
# - ./data/dashboard:/app/data
|
||||
# - "${SERVICE_PATH}/traefik/log-dashboard/dashboard:/app/data"
|
||||
# - "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
|
||||
# environment:
|
||||
# AGENT_API_URL: http://192.168.178.35:8078
|
||||
# AGENT_API_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
|
||||
# # Display Configuration
|
||||
# NEXT_PUBLIC_SHOW_DEMO_PAGE: false
|
||||
# depends_on:
|
||||
# traefik-agent:
|
||||
# condition: service_healthy
|
||||
# labels:
|
||||
# # traefik
|
||||
# - "traefik.enable=true"
|
||||
# - "traefik.http.routers.traefik-log-dashboard.rule=Host(`traefik-dashboard.${LOCAL_DOMAIN}`)"
|
||||
# - "traefik.http.routers.traefik-log-dashboard.entrypoints=https"
|
||||
# - "traefik.http.routers.traefik-log-dashboard.tls=true"
|
||||
traefik-agent:
|
||||
extends:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
image: hhftechnology/traefik-log-dashboard-agent:2.5.0
|
||||
container_name: traefik-log-dashboard-agent
|
||||
networks:
|
||||
- ip4net
|
||||
ports:
|
||||
- "8078:5000"
|
||||
volumes:
|
||||
- "/var/log/traefik/:/logs:ro"
|
||||
- "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
|
||||
environment:
|
||||
TRAEFIK_LOG_DASHBOARD_ACCESS_PATH: /logs/access.log
|
||||
TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
|
||||
TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true
|
||||
TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: "0.10"
|
||||
memory: 50M
|
||||
healthcheck:
|
||||
test:
|
||||
[
|
||||
"CMD",
|
||||
"wget",
|
||||
"--no-verbose",
|
||||
"--tries=1",
|
||||
"--spider",
|
||||
"http://localhost:5000/api/logs/status",
|
||||
]
|
||||
interval: 2m
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 30s
|
||||
|
||||
traefik-dashboard:
|
||||
extends:
|
||||
file: ${TEMPLATES_PATH}
|
||||
service: default
|
||||
image: hhftechnology/traefik-log-dashboard:2.5.0
|
||||
container_name: traefik-log-dashboard
|
||||
networks:
|
||||
- ip4net
|
||||
ports:
|
||||
- "8077:3000"
|
||||
volumes:
|
||||
- "${SERVICE_PATH}/traefik/log-dashboard/dashboard:/app/data"
|
||||
- "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
|
||||
environment:
|
||||
AGENT_API_URL: http://traefik-agent:5000
|
||||
AGENT_API_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
|
||||
# Display Configuration
|
||||
NEXT_PUBLIC_SHOW_DEMO_PAGE: false
|
||||
depends_on:
|
||||
traefik-agent:
|
||||
condition: service_healthy
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: "0.1"
|
||||
memory: 50M
|
||||
labels:
|
||||
# traefik
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik-log-dashboard.rule=Host(`traefik-dashboard.${LOCAL_VPS_DOMAIN}`)"
|
||||
- "traefik.http.routers.traefik-log-dashboard.entrypoints=https"
|
||||
- "traefik.http.routers.traefik-log-dashboard.tls=true"
|
||||
|
||||
Reference in New Issue
Block a user