From 88bf2015b64f82604bf451218eb6baef0d525681 Mon Sep 17 00:00:00 2001 From: William Miceli <1-WilliamMiceli@users.noreply.git.williammiceli.systems> Date: Fri, 8 Feb 2019 21:18:13 -0500 Subject: [PATCH] Modernization mainly, removed many host port options, added Traefik rule to passHostHeader --- templates/Ghost/0/docker-compose.yml | 26 +++++++------------- templates/Ghost/0/rancher-compose.yml | 9 ------- templates/Guacamole/0/docker-compose.yml | 27 +++++++++------------ templates/HTTPD/0/docker-compose.yml | 9 ++----- templates/InvoiceNinja/0/docker-compose.yml | 1 + templates/Nextcloud/0/docker-compose.yml | 5 +--- templates/Nextcloud/0/rancher-compose.yml | 11 +-------- templates/Nginx/0/docker-compose.yml | 9 ++----- templates/OpenProject/0/docker-compose.yml | 23 +++++------------- templates/OpenProject/0/rancher-compose.yml | 9 ------- templates/Snipe-IT/0/docker-compose.yml | 1 + templates/Traefik/0/docker-compose.yml | 2 -- templates/WordPress/0/docker-compose.yml | 1 + 13 files changed, 36 insertions(+), 97 deletions(-) diff --git a/templates/Ghost/0/docker-compose.yml b/templates/Ghost/0/docker-compose.yml index d357d31..8ec6127 100644 --- a/templates/Ghost/0/docker-compose.yml +++ b/templates/Ghost/0/docker-compose.yml @@ -16,28 +16,20 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true - traefik.frontend.rule: Host:${TRAEFIK_HOST} - traefik.port: "2368" + ### Start Web Segment traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true traefik.frontend.headers.STSSeconds: 15552000 - traefik.frontend.redirect.entryPoint: https - traefik.frontend.redirect.permanent: true - {{- else}} - traefik.enable: false - {{- end}} - networks: - - public-proxy - ports: - - "${WEB_PORT}:2368" + traefik.frontend.passHostHeader: true + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.port: "2368" + ### End Web Segment restart: on-failure volumes: - - /RancherCattleData/${DATA_DIR}/Content:/var/lib/ghost/content - -networks: - public-proxy: - external: true \ No newline at end of file + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Content:/var/lib/ghost/content \ No newline at end of file diff --git a/templates/Ghost/0/rancher-compose.yml b/templates/Ghost/0/rancher-compose.yml index a84102b..6880a38 100644 --- a/templates/Ghost/0/rancher-compose.yml +++ b/templates/Ghost/0/rancher-compose.yml @@ -21,16 +21,7 @@ catalog: label: "Public Host Domain" description: | The host that Traefik will use to provide public access. - Leaving this empty will disable Traefik on this stack. default: "subdomain.domain.tld" - required: false - type: string - - - variable: "WEB_PORT" - label: "Local Web Port" - description: | - The port to locally access the web interface on. - default: "10400" required: true type: string diff --git a/templates/Guacamole/0/docker-compose.yml b/templates/Guacamole/0/docker-compose.yml index e919025..4076114 100644 --- a/templates/Guacamole/0/docker-compose.yml +++ b/templates/Guacamole/0/docker-compose.yml @@ -18,21 +18,18 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: true - ### Start HTTP Segment (Each EntryPoint has it's own segment, that way on initial HTTP connection, the prefix isn't added twice) - traefik.http.frontend.entryPoints: http - traefik.http.frontend.headers.SSLRedirect: true - traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME} - traefik.http.port: "8080" - ### End HTTP Segment - ### Start HTTPS Segment - traefik.https.frontend.entryPoints: https - traefik.https.frontend.headers.forceSTSHeader: true - traefik.https.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) - traefik.https.frontend.headers.STSPreload: true - traefik.https.frontend.headers.STSSeconds: 15552000 - traefik.https.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" - traefik.https.port: "8080" - ### End HTTPS Segment + + ### Start Web Segment + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.passHostHeader: true + traefik.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole" + traefik.port: "8080" + ### End Web Segment links: - guacd - mysql diff --git a/templates/HTTPD/0/docker-compose.yml b/templates/HTTPD/0/docker-compose.yml index 104b1b4..811d88f 100644 --- a/templates/HTTPD/0/docker-compose.yml +++ b/templates/HTTPD/0/docker-compose.yml @@ -20,14 +20,13 @@ services: traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.passHostHeader: true traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.port: "80" ### End Web Segment {{- else}} traefik.enable: false {{- end}} - networks: - - public-proxy {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" @@ -37,8 +36,4 @@ services: {{- if eq .Values.PERSIST_CONF "true"}} - /RancherCattle/${DATA_DIR}/Configuration:/usr/local/apache2/conf {{- end}} - - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ - -networks: - public-proxy: - external: true \ No newline at end of file + - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/ \ No newline at end of file diff --git a/templates/InvoiceNinja/0/docker-compose.yml b/templates/InvoiceNinja/0/docker-compose.yml index 63b0ac1..7000d5f 100644 --- a/templates/InvoiceNinja/0/docker-compose.yml +++ b/templates/InvoiceNinja/0/docker-compose.yml @@ -86,6 +86,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.passHostHeader: true traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "80" ### End Web Segment diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index b3520d7..265794e 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -46,6 +46,7 @@ services: traefik.nextcloud.frontend.headers.SSLRedirect: true traefik.nextcloud.frontend.headers.STSPreload: true traefik.nextcloud.frontend.headers.STSSeconds: 15552000 + traefik.nextcloud.frontend.passHostHeader: true traefik.nextcloud.frontend.rule: Host:${TRAEFIK_HOST} traefik.nextcloud.port: "80" ### End Nextcloud Segment @@ -54,10 +55,6 @@ services: {{- if eq .Values.REDIS "true"}} - redis {{- end}} - {{- if .Values.WEB_PORT}} - ports: - - "${WEB_PORT}:80" - {{- end}} restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system diff --git a/templates/Nextcloud/0/rancher-compose.yml b/templates/Nextcloud/0/rancher-compose.yml index 17f9b7f..454187d 100644 --- a/templates/Nextcloud/0/rancher-compose.yml +++ b/templates/Nextcloud/0/rancher-compose.yml @@ -21,16 +21,7 @@ catalog: description: | The host that Traefik will use to provide public access. default: "subdomain.domain.tld" - required: false - type: string - - - variable: "WEB_PORT" - label: "Web Port" - description: | - The port to locally access the web interface on. - Leaving this empty will disable opening any port on the host system. - default: "10100" - required: false + required: true type: string - variable: "DB_ROOT_PASS" diff --git a/templates/Nginx/0/docker-compose.yml b/templates/Nginx/0/docker-compose.yml index 0ac72a2..22babfb 100644 --- a/templates/Nginx/0/docker-compose.yml +++ b/templates/Nginx/0/docker-compose.yml @@ -20,14 +20,13 @@ services: traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true traefik.frontend.headers.STSSeconds: 15552000 + traefik.frontend.passHostHeader: true traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.port: "80" ### End Web Segment {{- else}} traefik.enable: false {{- end}} - networks: - - public-proxy {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" @@ -37,8 +36,4 @@ services: {{- if eq .Values.PERSIST_CONF "true"}} - /RancherCattle/${DATA_DIR}/Configuration:/etc/nginx {{- end}} - - /RancherCattle/${DATA_DIR}/HTML:/usr/share/nginx/html - -networks: - public-proxy: - external: true \ No newline at end of file + - /RancherCattle/${DATA_DIR}/HTML:/usr/share/nginx/html \ No newline at end of file diff --git a/templates/OpenProject/0/docker-compose.yml b/templates/OpenProject/0/docker-compose.yml index 9a3a82c..1b56631 100644 --- a/templates/OpenProject/0/docker-compose.yml +++ b/templates/OpenProject/0/docker-compose.yml @@ -26,7 +26,6 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} - {{- if .Values.TRAEFIK_HOST}} traefik.enable: true ### Start Web Segment traefik.web.frontend.entryPoints: http,https @@ -34,26 +33,16 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.redirect.entryPoint: https - traefik.web.frontend.redirect.permanent: true + traefik.web.frontend.passHostHeader: true traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "80" ### End Web Segment - {{- else}} - traefik.enable: false - {{- end}} links: - memcached - networks: - - public-proxy # Used for the connection to the Traefik container for public access - ports: - - "${WEB_PORT}:80" restart: on-failure volumes: - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/postgresql/9.6/main - - /RancherCattleData/${DATA_DIR}/Logs:/var/log/supervisor - - /RancherCattleData/${DATA_DIR}/Static:/var/db/openproject - -networks: - public-proxy: - external: true \ No newline at end of file + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system + - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/9.6/main + - /RancherCattle/${DATA_DIR}/Logs:/var/log/supervisor + - /RancherCattle/${DATA_DIR}/Static:/var/db/openproject \ No newline at end of file diff --git a/templates/OpenProject/0/rancher-compose.yml b/templates/OpenProject/0/rancher-compose.yml index fe77504..5d7201e 100644 --- a/templates/OpenProject/0/rancher-compose.yml +++ b/templates/OpenProject/0/rancher-compose.yml @@ -21,16 +21,7 @@ catalog: label: "Public Host Domain" description: | The host that Traefik will use to provide public access. - Leaving this empty will disable Traefik on this stack. default: "subdomain.domain.tld" - required: false - type: string - - - variable: "WEB_PORT" - label: "Local Web Port" - description: | - The port to locally access the web interface on. - default: "10800" required: true type: string diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 4530a7c..2b168d0 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -28,6 +28,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.passHostHeader: true traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "80" ### End Web Segment diff --git a/templates/Traefik/0/docker-compose.yml b/templates/Traefik/0/docker-compose.yml index 6f3c013..adad710 100644 --- a/templates/Traefik/0/docker-compose.yml +++ b/templates/Traefik/0/docker-compose.yml @@ -18,8 +18,6 @@ services: - "${DASHBOARD_PORT}:8080" - "80:80" # HTTP - "443:443" # HTTPS - - "1022:22" # SSH - - "5050:5050" # Eclipse Che Multi-User Required restart: always volumes: - /var/run/docker.sock:/var/run/docker.sock diff --git a/templates/WordPress/0/docker-compose.yml b/templates/WordPress/0/docker-compose.yml index 84dd830..3663120 100644 --- a/templates/WordPress/0/docker-compose.yml +++ b/templates/WordPress/0/docker-compose.yml @@ -24,6 +24,7 @@ services: traefik.web.frontend.headers.SSLRedirect: true traefik.web.frontend.headers.STSPreload: true traefik.web.frontend.headers.STSSeconds: 15552000 + traefik.web.frontend.passHostHeader: true traefik.web.frontend.rule: Host:${TRAEFIK_HOST} traefik.web.port: "80" ### End Web Segment