Modernization mainly, removed many host port options, added Traefik rule to passHostHeader

templates/Ghost/0/docker-compose.yml

@@ -16,28 +16,20 @@ services:
       {{- if .Values.HOST_LABEL}}
       io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
       {{- end}}
-      {{- if .Values.TRAEFIK_HOST}}
       traefik.enable: true
-      traefik.frontend.rule: Host:${TRAEFIK_HOST}
+      ### Start Web Segment
-      traefik.port: "2368"
       traefik.frontend.entryPoints: http,https
       traefik.frontend.headers.forceSTSHeader: true
+      traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
       traefik.frontend.headers.SSLRedirect: true
       traefik.frontend.headers.STSPreload: true
       traefik.frontend.headers.STSSeconds: 15552000
-      traefik.frontend.redirect.entryPoint: https
+      traefik.frontend.passHostHeader: true
-      traefik.frontend.redirect.permanent: true
+      traefik.frontend.rule: Host:${TRAEFIK_HOST}
-      {{- else}}
+      traefik.port: "2368"
-      traefik.enable: false
+      ### End Web Segment
-      {{- end}}
-    networks:
-      - public-proxy
-    ports:
-      - "${WEB_PORT}:2368"
     restart: on-failure
     volumes:
-      - /RancherCattleData/${DATA_DIR}/Content:/var/lib/ghost/content
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
-
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
-networks:
+      - /RancherCattle/${DATA_DIR}/Content:/var/lib/ghost/content
-  public-proxy:
-    external: true

templates/Ghost/0/rancher-compose.yml

@@ -21,16 +21,7 @@ catalog:
       label: "Public Host Domain"
       description: |
         The host that Traefik will use to provide public access.
-        Leaving this empty will disable Traefik on this stack.
       default: "subdomain.domain.tld"
-      required: false
-      type: string
-
-    - variable: "WEB_PORT"
-      label: "Local Web Port"
-      description: |
-        The port to locally access the web interface on.
-      default: "10400"
       required: true
       type: string
 

templates/Guacamole/0/docker-compose.yml

@@ -18,21 +18,18 @@ services:
       io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
       {{- end}}
       traefik.enable: true
-      ### Start HTTP Segment (Each EntryPoint has it's own segment, that way on initial HTTP connection, the prefix isn't added twice)
+
-      traefik.http.frontend.entryPoints: http
+      ### Start Web Segment
-      traefik.http.frontend.headers.SSLRedirect: true
+      traefik.frontend.entryPoints: http,https
-      traefik.http.frontend.rule: Host:${TRAEFIK_HOSTNAME}
+      traefik.frontend.headers.forceSTSHeader: true
-      traefik.http.port: "8080"
+      traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
-      ### End HTTP Segment
+      traefik.frontend.headers.SSLRedirect: true
-      ### Start HTTPS Segment
+      traefik.frontend.headers.STSPreload: true
-      traefik.https.frontend.entryPoints: https
+      traefik.frontend.headers.STSSeconds: 15552000
-      traefik.https.frontend.headers.forceSTSHeader: true
+      traefik.frontend.passHostHeader: true
-      traefik.https.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
+      traefik.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole"
-      traefik.https.frontend.headers.STSPreload: true
+      traefik.port: "8080"
-      traefik.https.frontend.headers.STSSeconds: 15552000
+      ### End Web Segment
-      traefik.https.frontend.rule: "Host:${TRAEFIK_HOSTNAME}; AddPrefix:/guacamole"
-      traefik.https.port: "8080"
-      ### End HTTPS Segment
     links:
       - guacd
       - mysql

templates/HTTPD/0/docker-compose.yml

@@ -20,14 +20,13 @@ services:
       traefik.frontend.headers.SSLRedirect: true
       traefik.frontend.headers.STSPreload: true
       traefik.frontend.headers.STSSeconds: 15552000
+      traefik.frontend.passHostHeader: true
       traefik.frontend.rule: Host:${TRAEFIK_HOST}
       traefik.port: "80"
       ### End Web Segment
       {{- else}}
       traefik.enable: false
       {{- end}}
-    networks:
-      - public-proxy
     {{- if .Values.WEB_PORT}}
     ports:
       - "${WEB_PORT}:80"
@@ -37,8 +36,4 @@ services:
       {{- if eq .Values.PERSIST_CONF "true"}}
       - /RancherCattle/${DATA_DIR}/Configuration:/usr/local/apache2/conf
       {{- end}}
-      - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/
+      - /RancherCattle/${DATA_DIR}/Public-HTML:/usr/local/apache2/htdocs/
-
-networks:
-  public-proxy:
-    external: true

templates/InvoiceNinja/0/docker-compose.yml

@@ -86,6 +86,7 @@ services:
       traefik.web.frontend.headers.SSLRedirect: true
       traefik.web.frontend.headers.STSPreload: true
       traefik.web.frontend.headers.STSSeconds: 15552000
+      traefik.web.frontend.passHostHeader: true
       traefik.web.frontend.rule: Host:${TRAEFIK_HOST}
       traefik.web.port: "80"
       ### End Web Segment

templates/Nextcloud/0/docker-compose.yml

@@ -46,6 +46,7 @@ services:
       traefik.nextcloud.frontend.headers.SSLRedirect: true
       traefik.nextcloud.frontend.headers.STSPreload: true
       traefik.nextcloud.frontend.headers.STSSeconds: 15552000
+      traefik.nextcloud.frontend.passHostHeader: true
       traefik.nextcloud.frontend.rule: Host:${TRAEFIK_HOST}
       traefik.nextcloud.port: "80"
       ### End Nextcloud Segment
@@ -54,10 +55,6 @@ services:
       {{- if eq .Values.REDIS "true"}}
       - redis
       {{- end}}
-    {{- if .Values.WEB_PORT}}
-    ports:
-      - "${WEB_PORT}:80"
-    {{- end}}
     restart: on-failure
     volumes:
       - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system

templates/Nextcloud/0/rancher-compose.yml

@@ -21,16 +21,7 @@ catalog:
       description: |
         The host that Traefik will use to provide public access.
       default: "subdomain.domain.tld"
-      required: false
+      required: true
-      type: string
-
-    - variable: "WEB_PORT"
-      label: "Web Port"
-      description: |
-        The port to locally access the web interface on.
-        Leaving this empty will disable opening any port on the host system.
-      default: "10100"
-      required: false
       type: string
 
     - variable: "DB_ROOT_PASS"

templates/Nginx/0/docker-compose.yml

@@ -20,14 +20,13 @@ services:
       traefik.frontend.headers.SSLRedirect: true
       traefik.frontend.headers.STSPreload: true
       traefik.frontend.headers.STSSeconds: 15552000
+      traefik.frontend.passHostHeader: true
       traefik.frontend.rule: Host:${TRAEFIK_HOST}
       traefik.port: "80"
       ### End Web Segment
       {{- else}}
       traefik.enable: false
       {{- end}}
-    networks:
-      - public-proxy
     {{- if .Values.WEB_PORT}}
     ports:
       - "${WEB_PORT}:80"
@@ -37,8 +36,4 @@ services:
       {{- if eq .Values.PERSIST_CONF "true"}}
       - /RancherCattle/${DATA_DIR}/Configuration:/etc/nginx
       {{- end}}
-      - /RancherCattle/${DATA_DIR}/HTML:/usr/share/nginx/html
+      - /RancherCattle/${DATA_DIR}/HTML:/usr/share/nginx/html
-
-networks:
-  public-proxy:
-    external: true

templates/OpenProject/0/docker-compose.yml

@@ -26,7 +26,6 @@ services:
       {{- if .Values.HOST_LABEL}}
       io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
       {{- end}}
-      {{- if .Values.TRAEFIK_HOST}}
       traefik.enable: true
       ### Start Web Segment
       traefik.web.frontend.entryPoints: http,https
@@ -34,26 +33,16 @@ services:
       traefik.web.frontend.headers.SSLRedirect: true
       traefik.web.frontend.headers.STSPreload: true
       traefik.web.frontend.headers.STSSeconds: 15552000
-      traefik.web.frontend.redirect.entryPoint: https
+      traefik.web.frontend.passHostHeader: true
-      traefik.web.frontend.redirect.permanent: true
       traefik.web.frontend.rule: Host:${TRAEFIK_HOST}
       traefik.web.port: "80"
       ### End Web Segment
-      {{- else}}
-      traefik.enable: false
-      {{- end}}
     links:
       - memcached
-    networks:
-      - public-proxy # Used for the connection to the Traefik container for public access
-    ports:
-      - "${WEB_PORT}:80"
     restart: on-failure
     volumes:
-      - /RancherCattleData/${DATA_DIR}/Database:/var/lib/postgresql/9.6/main
+      - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
-      - /RancherCattleData/${DATA_DIR}/Logs:/var/log/supervisor
+      - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system
-      - /RancherCattleData/${DATA_DIR}/Static:/var/db/openproject
+      - /RancherCattle/${DATA_DIR}/Database:/var/lib/postgresql/9.6/main
-
+      - /RancherCattle/${DATA_DIR}/Logs:/var/log/supervisor
-networks:
+      - /RancherCattle/${DATA_DIR}/Static:/var/db/openproject
-  public-proxy:
-    external: true

templates/OpenProject/0/rancher-compose.yml

@@ -21,16 +21,7 @@ catalog:
       label: "Public Host Domain"
       description: |
         The host that Traefik will use to provide public access.
-        Leaving this empty will disable Traefik on this stack.
       default: "subdomain.domain.tld"
-      required: false
-      type: string
-
-    - variable: "WEB_PORT"
-      label: "Local Web Port"
-      description: |
-        The port to locally access the web interface on.
-      default: "10800"
       required: true
       type: string
 

templates/Snipe-IT/0/docker-compose.yml

@@ -28,6 +28,7 @@ services:
       traefik.web.frontend.headers.SSLRedirect: true
       traefik.web.frontend.headers.STSPreload: true
       traefik.web.frontend.headers.STSSeconds: 15552000
+      traefik.web.frontend.passHostHeader: true
       traefik.web.frontend.rule: Host:${TRAEFIK_HOST}
       traefik.web.port: "80"
       ### End Web Segment

templates/Traefik/0/docker-compose.yml

@@ -18,8 +18,6 @@ services:
       - "${DASHBOARD_PORT}:8080"
       - "80:80" # HTTP
       - "443:443" # HTTPS
-      - "1022:22" # SSH
-      - "5050:5050" # Eclipse Che Multi-User Required
     restart: always
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock

templates/WordPress/0/docker-compose.yml

@@ -24,6 +24,7 @@ services:
       traefik.web.frontend.headers.SSLRedirect: true
       traefik.web.frontend.headers.STSPreload: true
       traefik.web.frontend.headers.STSSeconds: 15552000
+      traefik.web.frontend.passHostHeader: true
       traefik.web.frontend.rule: Host:${TRAEFIK_HOST}
       traefik.web.port: "80"
       ### End Web Segment