From 77ced38a9376751337795c64cdbc8adbd15814f0 Mon Sep 17 00:00:00 2001 From: Leopere Date: Fri, 4 Apr 2025 19:31:45 -0400 Subject: [PATCH] refactor: convert labels and environment to YAML mapping format --- stack.production.yml | 33 ++++++++++++++++++--------- stack.staging.yml | 54 +++++++++++++++++++++++++++++++------------- 2 files changed, 60 insertions(+), 27 deletions(-) diff --git a/stack.production.yml b/stack.production.yml index cedcf34..e609cf1 100644 --- a/stack.production.yml +++ b/stack.production.yml @@ -21,20 +21,31 @@ services: networks: - traefik environment: - - N8N_HOST=${N8N_HOST:-n8n.nixc.us} - - N8N_PORT=5678 - - N8N_PROTOCOL=${N8N_PROTOCOL:-https} - - NODE_ENV=production + N8N_HOST: ${N8N_HOST:-n8n.nixc.us} + N8N_PORT: 5678 + N8N_PROTOCOL: ${N8N_PROTOCOL:-https} + NODE_ENV: production volumes: - n8n_data:/home/node/.n8n labels: - - traefik.enable=true - - traefik.http.routers.production_n8n.rule=Host(n8n.nixc.us) - - traefik.http.routers.production_n8n.entrypoints=websecure - - traefik.http.routers.production_n8n.tls=true - - traefik.http.routers.production_n8n.tls.certresolver=letsencryptresolver - - traefik.http.services.production_n8n.loadbalancer.server.port=5678 - - traefik.http.routers.production_n8n.middlewares=secure-headers + traefik.enable: true + traefik.http.routers.production_n8n.rule: Host(`n8n.nixc.us`) + traefik.http.routers.production_n8n.entrypoints: websecure + traefik.http.routers.production_n8n.tls: true + traefik.http.routers.production_n8n.tls.certresolver: letsencryptresolver + traefik.http.services.production_n8n.loadbalancer.server.port: 5678 + traefik.http.routers.production_n8n.middlewares: secure-headers + traefik.docker.network: traefik + # Security headers middleware + traefik.http.middlewares.secure-headers.headers.stsSeconds: 63072000 + traefik.http.middlewares.secure-headers.headers.stsIncludeSubdomains: true + traefik.http.middlewares.secure-headers.headers.stsPreload: true + traefik.http.middlewares.secure-headers.headers.forceSTSHeader: true + traefik.http.middlewares.secure-headers.headers.frameDeny: true + traefik.http.middlewares.secure-headers.headers.contentTypeNosniff: true + traefik.http.middlewares.secure-headers.headers.browserXssFilter: true + traefik.http.middlewares.secure-headers.headers.referrerPolicy: no-referrer + traefik.http.middlewares.secure-headers.headers.featurePolicy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none' volumes: n8n_data: diff --git a/stack.staging.yml b/stack.staging.yml index 0573759..b611a48 100644 --- a/stack.staging.yml +++ b/stack.staging.yml @@ -22,15 +22,15 @@ services: networks: - traefik labels: - - traefik.enable=true - - traefik.http.routers.staging_template.rule=Host(`staging.template.nixc.us`) - - traefik.http.routers.staging_template.entrypoints=websecure - - traefik.http.routers.staging_template.tls=true - - traefik.http.routers.staging_template.tls.certresolver=letsencryptresolver - - traefik.http.services.staging_template.loadbalancer.server.port=3000 - # - traefik.http.services.staging_template.loadbalancer.healthcheck.path=/health - # - traefik.http.services.staging_template.loadbalancer.healthcheck.interval=30s - # - traefik.http.services.staging_template.loadbalancer.healthcheck.timeout=5s + traefik.enable: true + traefik.http.routers.staging_template.rule: Host(`staging.template.nixc.us`) + traefik.http.routers.staging_template.entrypoints: websecure + traefik.http.routers.staging_template.tls: true + traefik.http.routers.staging_template.tls.certresolver: letsencryptresolver + traefik.http.services.staging_template.loadbalancer.server.port: 3000 + # traefik.http.services.staging_template.loadbalancer.healthcheck.path: /health + # traefik.http.services.staging_template.loadbalancer.healthcheck.interval: 30s + # traefik.http.services.staging_template.loadbalancer.healthcheck.timeout: 5s n8n: image: git.nixc.us/colin/n8n:staging @@ -49,11 +49,33 @@ services: order: stop-first networks: - traefik + environment: + N8N_HOST: ${N8N_HOST:-staging-n8n.nixc.us} + N8N_PORT: 5678 + N8N_PROTOCOL: ${N8N_PROTOCOL:-https} + NODE_ENV: production + volumes: + - n8n_data:/home/node/.n8n labels: - - traefik.enable=true - - traefik.http.routers.staging_n8n.rule=Host(`staging-n8n.nixc.us`) - - traefik.http.routers.staging_n8n.entrypoints=websecure - - traefik.http.routers.staging_n8n.tls=true - - traefik.http.routers.staging_n8n.tls.certresolver=letsencryptresolver - - traefik.http.services.staging_n8n.loadbalancer.server.port=5678 - - traefik.http.routers.staging_n8n.middlewares=secure-headers + traefik.enable: true + traefik.http.routers.staging_n8n.rule: Host(`staging-n8n.nixc.us`) + traefik.http.routers.staging_n8n.entrypoints: websecure + traefik.http.routers.staging_n8n.tls: true + traefik.http.routers.staging_n8n.tls.certresolver: letsencryptresolver + traefik.http.services.staging_n8n.loadbalancer.server.port: 5678 + traefik.http.routers.staging_n8n.middlewares: secure-headers + traefik.docker.network: traefik + # Security headers middleware + traefik.http.middlewares.secure-headers.headers.stsSeconds: 63072000 + traefik.http.middlewares.secure-headers.headers.stsIncludeSubdomains: true + traefik.http.middlewares.secure-headers.headers.stsPreload: true + traefik.http.middlewares.secure-headers.headers.forceSTSHeader: true + traefik.http.middlewares.secure-headers.headers.frameDeny: true + traefik.http.middlewares.secure-headers.headers.contentTypeNosniff: true + traefik.http.middlewares.secure-headers.headers.browserXssFilter: true + traefik.http.middlewares.secure-headers.headers.referrerPolicy: no-referrer + traefik.http.middlewares.secure-headers.headers.featurePolicy: camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none' + +volumes: + n8n_data: + driver: local