Basic conversion to Traefik v2 just to get things running
This commit is contained in:
WilliamMiceli
@@ -14,7 +14,7 @@ services:
|
||||
gitlab_rails['gitlab_shell_ssh_port'] = 22
|
||||
nginx['real_ip_trusted_addresses'] = [ '10.42.0.0/16' ] # 10.42.0.0/16 is the default Rancher-managed subnet
|
||||
nginx['listen_port'] = 80 # Using HTTP between the Traefik container and GitLab
|
||||
nginx['listen_https'] = false # Traefik is handling HTTPS on outside
|
||||
nginx['listen_https'] = false # Traefik is handling HTTPS termination
|
||||
hostname: ${TRAEFIK_HOST}
|
||||
labels:
|
||||
io.rancher.container.pull_image: always
|
||||
@@ -22,23 +22,14 @@ services:
|
||||
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
|
||||
{{- end}}
|
||||
traefik.enable: true
|
||||
### Start Web Segment
|
||||
traefik.web.frontend.entryPoints: http,https
|
||||
traefik.web.frontend.headers.forceSTSHeader: true
|
||||
traefik.web.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
|
||||
traefik.web.frontend.headers.SSLRedirect: true
|
||||
traefik.web.frontend.headers.STSPreload: true
|
||||
traefik.web.frontend.headers.STSSeconds: 15552000
|
||||
traefik.web.frontend.passHostHeader: true
|
||||
traefik.web.frontend.rule: HostRegexp:${TRAEFIK_HOST},{subdomain:.+}.${TRAEFIK_HOST}
|
||||
traefik.web.port: "80"
|
||||
### End Web Segment
|
||||
### Start SSH Segment
|
||||
# traefik.ssh.frontend.entryPoints: ssh
|
||||
# traefik.ssh.frontend.rule: Host:${TRAEFIK_HOST}
|
||||
# traefik.ssh.frontend.passHostHeader: true
|
||||
# traefik.ssh.port: "22"
|
||||
### End SSH Segment
|
||||
traefik.http.routers.gitlab-router.rule: Host(`${TRAEFIK_HOST}`)
|
||||
traefik.http.routers.gitlab-router.entrypoints: https
|
||||
traefik.http.routers.gitlab-router.service: gitlab-service
|
||||
traefik.http.routers.gitlab-router.tls: true
|
||||
traefik.http.routers.gitlab-router.tls.certresolver: letsencrypt
|
||||
traefik.http.services.gitlab-service.loadbalancer.server.port: "80"
|
||||
traefik.http.services.gitlab-service.loadbalancer.server.scheme: http
|
||||
traefik.http.services.gitlab-service.loadbalancer.passhostheader: true
|
||||
restart: on-failure
|
||||
volumes:
|
||||
- /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system
|
||||
|
||||
@@ -41,22 +41,31 @@ services:
|
||||
{{- end}}
|
||||
# io.rancher.sidekicks: cron
|
||||
traefik.enable: true
|
||||
### Start Web UI Segment
|
||||
traefik.frontend.entryPoints: http,https
|
||||
traefik.frontend.headers.forceSTSHeader: true
|
||||
traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
|
||||
traefik.frontend.headers.SSLRedirect: true
|
||||
traefik.frontend.headers.STSIncludeSubdomains: true
|
||||
traefik.frontend.headers.STSPreload: true
|
||||
traefik.frontend.headers.STSSeconds: 15552000
|
||||
traefik.frontend.passHostHeader: true
|
||||
traefik.frontend.rule: Host:${TRAEFIK_HOST}
|
||||
traefik.port: "80"
|
||||
### End Web UI Segment
|
||||
### Start CalDAV/CardDAV Redirect Segment
|
||||
traefik.frontend.redirect.permanent: true
|
||||
traefik.frontend.redirect.regex: https://(.*)/.well-known/(card|cal)dav
|
||||
traefik.frontend.redirect.replacement: https://${TRAEFIK_HOST}/remote.php/dav/
|
||||
traefik.http.routers.nextcloud-router.rule: Host(`${TRAEFIK_HOST}`)
|
||||
traefik.http.routers.nextcloud-router.entrypoints: https
|
||||
traefik.http.routers.nextcloud-router.service: nextcloud-service
|
||||
traefik.http.routers.nextcloud-router.tls: true
|
||||
traefik.http.routers.nextcloud-router.tls.certresolver: letsencrypt
|
||||
traefik.http.services.nextcloud-service.loadbalancer.server.port: "80"
|
||||
traefik.http.services.nextcloud-service.loadbalancer.server.scheme: http
|
||||
traefik.http.services.nextcloud-service.loadbalancer.passhostheader: true
|
||||
# Will come back to finish the conversion to Traefik v2 later
|
||||
# ### Start Web UI Segment
|
||||
# traefik.frontend.entryPoints: http,https
|
||||
# traefik.frontend.headers.forceSTSHeader: true
|
||||
# traefik.frontend.headers.referrerPolicy: no-referrer # Security enhancement (Prevents leaking of referer information)
|
||||
# traefik.frontend.headers.SSLRedirect: true
|
||||
# traefik.frontend.headers.STSIncludeSubdomains: true
|
||||
# traefik.frontend.headers.STSPreload: true
|
||||
# traefik.frontend.headers.STSSeconds: 15552000
|
||||
# traefik.frontend.passHostHeader: true
|
||||
# traefik.frontend.rule: Host:${TRAEFIK_HOST}
|
||||
# traefik.port: "80"
|
||||
# ### End Web UI Segment
|
||||
# ### Start CalDAV/CardDAV Redirect Segment
|
||||
# traefik.frontend.redirect.permanent: true
|
||||
# traefik.frontend.redirect.regex: https://(.*)/.well-known/(card|cal)dav
|
||||
# traefik.frontend.redirect.replacement: https://${TRAEFIK_HOST}/remote.php/dav/
|
||||
### End CalDAV/CardDAV Redirect Segment
|
||||
links:
|
||||
- mysql
|
||||
|
||||
@@ -16,7 +16,7 @@ services:
|
||||
io.rancher.scheduler.affinity:host_label: ${HOST_LABEL}
|
||||
{{- end}}
|
||||
ports:
|
||||
- "1200:1200" # Traefik Dashboard (Might be temporary)
|
||||
- "1200:8080" # Traefik Dashboard
|
||||
- "22:22" # SSH
|
||||
- "80:80" # HTTP
|
||||
- "443:443" # HTTPS
|
||||
|
||||
@@ -13,7 +13,7 @@ catalog:
|
||||
label: "Host Label Key/Value Pair"
|
||||
description: |
|
||||
The Key/Value pair of the host which the stack should be deployed.
|
||||
default: "host.id=Proxy1"
|
||||
default: "host.id=Proxy0"
|
||||
required: false
|
||||
type: string
|
||||
|
||||
|
||||
Reference in New Issue
Block a user