From 28cf9edd62d41ede7c173317c99d4db8501f04fb Mon Sep 17 00:00:00 2001 From: colin Date: Sat, 16 Nov 2024 11:46:23 -0500 Subject: [PATCH] Update infra.yml --- infra.yml | 75 ++++++++----------------------------------------------- 1 file changed, 11 insertions(+), 64 deletions(-) diff --git a/infra.yml b/infra.yml index f470067..a74fa3d 100644 --- a/infra.yml +++ b/infra.yml @@ -1,37 +1,14 @@ - socketproxy: services: - networks: + socketproxy: image: tecnativa/docker-socket-proxy + networks: - socketproxy volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" environment: - NETWORKS: 1 - SERVICES: 1 - TASKS: 1 - # Non Default permissions - CONTAINERS: 1 - # BUILD: 1 - # COMMIT: 1 - # CONFIGS: 1 - # CONTAINERS: 1 - # DISTRIBUTION: 1 - # EXEC: 1 - # GRPC: 1 - # IMAGES: 1 - # INFO: 1 - # NETWORKS: 1 - # NODES: 1 - # PLUGINS: 1 - # SERVICES: 1 - # SESSION: 1 - # SWARM: 1 - # SYSTEM: 1 - # TASKS: 1 - # VOLUMES: 1 -{% for key, value in socketproxy_env.items() %} + {% for key, value in socketproxy_env.items() %} {{ key }}: {{ value }} -{% endfor %} + {% endfor %} deploy: endpoint_mode: dnsrr placement: @@ -45,32 +22,20 @@ services: restart_policy: condition: on-failure - - traefik-http: + traefik: image: traefik:v2 command: - "--providers.docker.endpoint=http://socketproxy_socketproxy:2375" - "--log.level=ERROR" - - "--global.checknewversion=false" - - "--global.sendanonymoususage=false" - "--providers.docker.swarmMode=true" - - "--providers.docker.exposedbydefault=false" - "--providers.docker.network=traefik" - - "--serverstransport.insecureskipverify=true" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entrypoints.web.http.redirections.entryPoint.permanent=true" # Permanent redirect - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true" - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web" - - "--certificatesresolvers.letsencryptresolver.acme.email=admin@nixc.us" + - "--certificatesresolvers.letsencryptresolver.acme.email=admin@lilsgym.ca" - "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json" - "--api.dashboard=true" - - "--entryPoints.websecure.forwardedHeaders.insecure=true" - - "--entryPoints.websecure.transport.respondingTimeouts.idleTimeout=600s" - - "--entryPoints.websecure.transport.respondingTimeouts.readTimeout=600s" - - "--entryPoints.websecure.transport.respondingTimeouts.writeTimeout=600s" ports: - target: 80 published: 80 @@ -81,39 +46,21 @@ services: protocol: tcp mode: host volumes: - - /mnt/tank/persist/nixc.us/traefik/production/config:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock:ro networks: - traefik - socketproxy deploy: - endpoint_mode: dnsrr placement: constraints: - - node.hostname == {{hostname}} + - node.hostname == {{ hostname }} labels: - homepage.group: Infrastructure - homepage.name: Ingress - homepage.href: https://{{url}}/ - homepage.description: - us.nixc.autodeploy: "true" traefik.enable: "true" - traefik.docker.network: traefik - traefik.http.routers.traefik_traefik-http.tls: "true" - traefik.http.routers.traefik_traefik-http.rule: "Host(`{{url}}`)" - traefik.http.routers.traefik_traefik-http.entrypoints: "websecure" - traefik.http.routers.traefik_traefik-http.tls.certresolver: "letsencryptresolver" - traefik.http.routers.traefik_traefik-http.service: "api@internal" - traefik.http.services.traefik_traefik-http.loadbalancer.server.port: "888" - update_config: - order: stop-first - failure_action: rollback - delay: 15s - parallelism: 1 - restart_policy: - condition: on-failure + traefik.http.routers.traefik.rule: "Host(`{{ url }}`)" + traefik.http.routers.traefik.entrypoints: "websecure" + traefik.http.routers.traefik.tls.certresolver: "letsencryptresolver" + traefik.http.services.traefik.loadbalancer.server.port: "8080" -# docker network create --driver=overlay socketproxy networks: socketproxy: external: true