diff --git a/templates/GitLab/0/docker-compose.yml b/templates/GitLab/0/docker-compose.yml index f607df7..70fdf91 100644 --- a/templates/GitLab/0/docker-compose.yml +++ b/templates/GitLab/0/docker-compose.yml @@ -14,7 +14,7 @@ services: gitlab_rails['gitlab_shell_ssh_port'] = 22 nginx['real_ip_trusted_addresses'] = [ '10.42.0.0/16' ] # 10.42.0.0/16 is the default Rancher-managed subnet nginx['listen_port'] = 80 # Using HTTP between the Traefik container and GitLab - nginx['listen_https'] = false # Traefik is handling HTTPS on outside + nginx['listen_https'] = false # Traefik is handling HTTPS termination hostname: ${TRAEFIK_HOST} labels: io.rancher.container.pull_image: always @@ -22,23 +22,14 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} traefik.enable: true - ### Start Web Segment - traefik.web.frontend.entryPoints: http,https - traefik.web.frontend.headers.forceSTSHeader: true - traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) - traefik.web.frontend.headers.SSLRedirect: true - traefik.web.frontend.headers.STSPreload: true - traefik.web.frontend.headers.STSSeconds: 15552000 - traefik.web.frontend.passHostHeader: true - traefik.web.frontend.rule: HostRegexp:${TRAEFIK_HOST},{subdomain:.+}.${TRAEFIK_HOST} - traefik.web.port: "80" - ### End Web Segment - ### Start SSH Segment - # traefik.ssh.frontend.entryPoints: ssh - # traefik.ssh.frontend.rule: Host:${TRAEFIK_HOST} - # traefik.ssh.frontend.passHostHeader: true - # traefik.ssh.port: "22" - ### End SSH Segment + traefik.http.routers.gitlab-router.rule: Host(`${TRAEFIK_HOST}`) + traefik.http.routers.gitlab-router.entrypoints: https + traefik.http.routers.gitlab-router.service: gitlab-service + traefik.http.routers.gitlab-router.tls: true + traefik.http.routers.gitlab-router.tls.certresolver: letsencrypt + traefik.http.services.gitlab-service.loadbalancer.server.port: "80" + traefik.http.services.gitlab-service.loadbalancer.server.scheme: http + traefik.http.services.gitlab-service.loadbalancer.passhostheader: true restart: on-failure volumes: - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system diff --git a/templates/Nextcloud/0/docker-compose.yml b/templates/Nextcloud/0/docker-compose.yml index beb12b8..3601022 100644 --- a/templates/Nextcloud/0/docker-compose.yml +++ b/templates/Nextcloud/0/docker-compose.yml @@ -41,22 +41,31 @@ services: {{- end}} # io.rancher.sidekicks: cron traefik.enable: true - ### Start Web UI Segment - traefik.frontend.entryPoints: http,https - traefik.frontend.headers.forceSTSHeader: true - traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) - traefik.frontend.headers.SSLRedirect: true - traefik.frontend.headers.STSIncludeSubdomains: true - traefik.frontend.headers.STSPreload: true - traefik.frontend.headers.STSSeconds: 15552000 - traefik.frontend.passHostHeader: true - traefik.frontend.rule: Host:${TRAEFIK_HOST} - traefik.port: "80" - ### End Web UI Segment - ### Start CalDAV/CardDAV Redirect Segment - traefik.frontend.redirect.permanent: true - traefik.frontend.redirect.regex: https://(.*)/.well-known/(card|cal)dav - traefik.frontend.redirect.replacement: https://${TRAEFIK_HOST}/remote.php/dav/ + traefik.http.routers.nextcloud-router.rule: Host(`${TRAEFIK_HOST}`) + traefik.http.routers.nextcloud-router.entrypoints: https + traefik.http.routers.nextcloud-router.service: nextcloud-service + traefik.http.routers.nextcloud-router.tls: true + traefik.http.routers.nextcloud-router.tls.certresolver: letsencrypt + traefik.http.services.nextcloud-service.loadbalancer.server.port: "80" + traefik.http.services.nextcloud-service.loadbalancer.server.scheme: http + traefik.http.services.nextcloud-service.loadbalancer.passhostheader: true +# Will come back to finish the conversion to Traefik v2 later +# ### Start Web UI Segment +# traefik.frontend.entryPoints: http,https +# traefik.frontend.headers.forceSTSHeader: true +# traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information) +# traefik.frontend.headers.SSLRedirect: true +# traefik.frontend.headers.STSIncludeSubdomains: true +# traefik.frontend.headers.STSPreload: true +# traefik.frontend.headers.STSSeconds: 15552000 +# traefik.frontend.passHostHeader: true +# traefik.frontend.rule: Host:${TRAEFIK_HOST} +# traefik.port: "80" +# ### End Web UI Segment +# ### Start CalDAV/CardDAV Redirect Segment +# traefik.frontend.redirect.permanent: true +# traefik.frontend.redirect.regex: https://(.*)/.well-known/(card|cal)dav +# traefik.frontend.redirect.replacement: https://${TRAEFIK_HOST}/remote.php/dav/ ### End CalDAV/CardDAV Redirect Segment links: - mysql diff --git a/templates/Traefik/1/docker-compose.yml b/templates/Traefik/1/docker-compose.yml index 0588070..99aa04a 100644 --- a/templates/Traefik/1/docker-compose.yml +++ b/templates/Traefik/1/docker-compose.yml @@ -16,7 +16,7 @@ services: io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} ports: - - "1200:1200" # Traefik Dashboard (Might be temporary) + - "1200:8080" # Traefik Dashboard - "22:22" # SSH - "80:80" # HTTP - "443:443" # HTTPS diff --git a/templates/Traefik/1/rancher-compose.yml b/templates/Traefik/1/rancher-compose.yml index 8f8d5d9..f6a9f02 100644 --- a/templates/Traefik/1/rancher-compose.yml +++ b/templates/Traefik/1/rancher-compose.yml @@ -13,7 +13,7 @@ catalog: label: "Host Label Key/Value Pair" description: | The Key/Value pair of the host which the stack should be deployed. - default: "host.id=Proxy1" + default: "host.id=Proxy0" required: false type: string