feat(traefik): add dnsmasq and listen on deterministic host-gateway addr
This commit is contained in:
jon r
parent
4db7d99f82
commit
828db18bbe
|
|
@ -0,0 +1,41 @@
|
||||||
|
port=53
|
||||||
|
|
||||||
|
# Using dnsmasq only for DNS resolution, not its DHCP server.
|
||||||
|
no-dhcp-interface=eth0
|
||||||
|
|
||||||
|
# If you don't want dnsmasq to read /etc/hosts, uncomment the following line.
|
||||||
|
no-hosts
|
||||||
|
|
||||||
|
# Prevent dnsmasq to read /etc/resolv.conf or any other file, getting its
|
||||||
|
# servers from this file instead.
|
||||||
|
no-resolv
|
||||||
|
|
||||||
|
# Prevent dnsmasq to poll /etc/resolv.conf or other resolv files for changes and
|
||||||
|
# re-read them.
|
||||||
|
no-poll
|
||||||
|
|
||||||
|
# Uses the upstream nameserver in the order they are provided. If the first
|
||||||
|
# server doesn't reply, or can't answer, dnsmasq tries the next one and so on.
|
||||||
|
strict-order
|
||||||
|
|
||||||
|
# Prevent packets with malformed domain names from leaving the local network.
|
||||||
|
domain-needed
|
||||||
|
|
||||||
|
# Prevent packages with private IP addresses from leaving the local network.
|
||||||
|
bogus-priv
|
||||||
|
|
||||||
|
# Dnsmasq is not a DNSSEC validator, so it cannot perform the validation role of
|
||||||
|
# the recursive nameserver, but it can pass through the validation results from
|
||||||
|
# its own upstream nameservers. This option enables this behaviour.
|
||||||
|
proxy-dnssec
|
||||||
|
|
||||||
|
# If you want dnsmasq to change uid and gid to something other than the default,
|
||||||
|
# edit the following lines.
|
||||||
|
user=dnsmasq
|
||||||
|
group=nogroup
|
||||||
|
|
||||||
|
bind-interfaces
|
||||||
|
log-queries
|
||||||
|
|
||||||
|
# Include all files in a directory which end in .conf
|
||||||
|
conf-dir=/etc/dnsmasq.d/,*.conf
|
||||||
|
|
@ -0,0 +1,4 @@
|
||||||
|
local=/test/
|
||||||
|
address=/funkwhale.test/172.17.0.1
|
||||||
|
rebind-domain-ok=/.test/
|
||||||
|
domain=test
|
||||||
|
|
@ -7,11 +7,21 @@ services:
|
||||||
- ./ssl/test.key:/ssl/traefik.key
|
- ./ssl/test.key:/ssl/traefik.key
|
||||||
- ./ssl/test.crt:/ssl/traefik.crt
|
- ./ssl/test.crt:/ssl/traefik.crt
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "172.17.0.1:80:80"
|
||||||
- "443:443"
|
- "172.17.0.1:443:443"
|
||||||
- "8040:8040"
|
- "172.17.0.1:8040:8040"
|
||||||
networks:
|
networks:
|
||||||
federation:
|
- federation
|
||||||
|
|
||||||
|
dnsmasq:
|
||||||
|
image: jamesmorrison/dnsmasq
|
||||||
|
ports:
|
||||||
|
- "172.17.0.1:53:53/udp"
|
||||||
|
- "172.17.0.1:53:53/tcp"
|
||||||
|
volumes:
|
||||||
|
- ./dnsmasq.conf:/etc/dnsmasq.conf
|
||||||
|
- ./funkwhale.test.conf:/etc/dnsmasq.d/funkwhale.test.conf
|
||||||
|
network_mode: bridge
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
federation:
|
federation:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue