lilsgym
/
infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update infra.yml

This commit is contained in:
colin 2024-11-16 11:46:23 -05:00
parent 4c60dd77ab
commit 28cf9edd62
1 changed files with 11 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
infra.yml
View File

@ -1,37 +1,14 @@
socketproxy:
services: services:
networks: socketproxy:
image: tecnativa/docker-socket-proxy image: tecnativa/docker-socket-proxy
networks:
- socketproxy - socketproxy
volumes: volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro" - "/var/run/docker.sock:/var/run/docker.sock:ro"
environment: environment:
NETWORKS: 1 {% for key, value in socketproxy_env.items() %}
SERVICES: 1
TASKS: 1
# Non Default permissions
CONTAINERS: 1
# BUILD: 1
# COMMIT: 1
# CONFIGS: 1
# CONTAINERS: 1
# DISTRIBUTION: 1
# EXEC: 1
# GRPC: 1
# IMAGES: 1
# INFO: 1
# NETWORKS: 1
# NODES: 1
# PLUGINS: 1
# SERVICES: 1
# SESSION: 1
# SWARM: 1
# SYSTEM: 1
# TASKS: 1
# VOLUMES: 1
{% for key, value in socketproxy_env.items() %}
{{ key }}: {{ value }} {{ key }}: {{ value }}
{% endfor %} {% endfor %}
deploy: deploy:
endpoint_mode: dnsrr endpoint_mode: dnsrr
placement: placement:
@ -45,32 +22,20 @@ services:
restart_policy: restart_policy:
condition: on-failure condition: on-failure
traefik:
traefik-http:
image: traefik:v2 image: traefik:v2
command: command:
- "--providers.docker.endpoint=http://socketproxy_socketproxy:2375" - "--providers.docker.endpoint=http://socketproxy_socketproxy:2375"
- "--log.level=ERROR" - "--log.level=ERROR"
- "--global.checknewversion=false"
- "--global.sendanonymoususage=false"
- "--providers.docker.swarmMode=true" - "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik" - "--providers.docker.network=traefik"
- "--serverstransport.insecureskipverify=true"
- "--entrypoints.web.address=:80" - "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entryPoint.permanent=true" # Permanent redirect
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true" - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencryptresolver.acme.email=admin@nixc.us" - "--certificatesresolvers.letsencryptresolver.acme.email=admin@lilsgym.ca"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
- "--api.dashboard=true" - "--api.dashboard=true"
- "--entryPoints.websecure.forwardedHeaders.insecure=true"
- "--entryPoints.websecure.transport.respondingTimeouts.idleTimeout=600s"
- "--entryPoints.websecure.transport.respondingTimeouts.readTimeout=600s"
- "--entryPoints.websecure.transport.respondingTimeouts.writeTimeout=600s"
ports: ports:
- target: 80 - target: 80
published: 80 published: 80
@ -81,39 +46,21 @@ services:
protocol: tcp protocol: tcp
mode: host mode: host
volumes: volumes:
- /mnt/tank/persist/nixc.us/traefik/production/config:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
networks: networks:
- traefik - traefik
- socketproxy - socketproxy
deploy: deploy:
endpoint_mode: dnsrr
placement: placement:
constraints: constraints:
- node.hostname == {{hostname}} - node.hostname == {{ hostname }}
labels: labels:
homepage.group: Infrastructure
homepage.name: Ingress
homepage.href: https://{{url}}/
homepage.description:
us.nixc.autodeploy: "true"
traefik.enable: "true" traefik.enable: "true"
traefik.docker.network: traefik traefik.http.routers.traefik.rule: "Host(`{{ url }}`)"
traefik.http.routers.traefik_traefik-http.tls: "true" traefik.http.routers.traefik.entrypoints: "websecure"
traefik.http.routers.traefik_traefik-http.rule: "Host(`{{url}}`)" traefik.http.routers.traefik.tls.certresolver: "letsencryptresolver"
traefik.http.routers.traefik_traefik-http.entrypoints: "websecure" traefik.http.services.traefik.loadbalancer.server.port: "8080"
traefik.http.routers.traefik_traefik-http.tls.certresolver: "letsencryptresolver"
traefik.http.routers.traefik_traefik-http.service: "api@internal"
traefik.http.services.traefik_traefik-http.loadbalancer.server.port: "888"
update_config:
order: stop-first
failure_action: rollback
delay: 15s
parallelism: 1
restart_policy:
condition: on-failure
# docker network create --driver=overlay socketproxy
networks: networks:
socketproxy: socketproxy:
external: true external: true