41 lines
1.3 KiB
YAML
41 lines
1.3 KiB
YAML
services:
|
|
tunnel-server:
|
|
build:
|
|
context: .
|
|
target: server
|
|
container_name: tunnel-server
|
|
restart: unless-stopped
|
|
environment:
|
|
# SSH server config (for accepting tunnel clients)
|
|
SSH_PORT: "2222"
|
|
PORT_RANGE_START: "10000"
|
|
PORT_RANGE_END: "10100"
|
|
SSH_HOST_KEY: "/keys/host_key"
|
|
AUTHORIZED_KEYS: "/keys/authorized_keys"
|
|
# Remote Traefik host config (SSH into ingress to manage routes)
|
|
TRAEFIK_SSH_HOST: "ingress.nixc.us"
|
|
TRAEFIK_SSH_USER: "root"
|
|
TRAEFIK_SSH_KEY: "/keys/traefik_deploy_key"
|
|
TRAEFIK_CONFIG_DIR: "/root/traefik/dynamic"
|
|
TRAEFIK_ENTRYPOINT: "websecure"
|
|
TRAEFIK_CERT_RESOLVER: "letsencryptresolver"
|
|
volumes:
|
|
- ./keys:/keys:ro
|
|
ports:
|
|
- "2222:2222"
|
|
- "10000-10100:10000-10100"
|
|
labels:
|
|
# Traefik labels for the SSH endpoint itself.
|
|
# This lets Traefik TCP-route SSH traffic to the tunnel server.
|
|
traefik.enable: "true"
|
|
traefik.tcp.routers.tunnel-ssh-router.rule: "HostSNI(`*`)"
|
|
traefik.tcp.routers.tunnel-ssh-router.entrypoints: "ssh"
|
|
traefik.tcp.services.tunnel-ssh-service.loadbalancer.server.port: "2222"
|
|
traefik.docker.network: "traefik"
|
|
networks:
|
|
- traefik
|
|
|
|
networks:
|
|
traefik:
|
|
external: true
|