From 84ffae0ff15b9332830fe15e4fde5d678eca4db0 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sat, 17 Nov 2018 18:51:02 -0500 Subject: [PATCH 01/15] Added Traefik integration --- templates/Snipe-IT/0/docker-compose.yml | 22 ++++++++++++++++++++-- templates/Snipe-IT/0/rancher-compose.yml | 13 +++++++------ 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index f39a920..9811cb8 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -11,7 +11,7 @@ services: environment: APP_ENV: production APP_DEBUG: false - APP_URL: ${URL}:${WEB_PORT} + APP_URL: ${TRAEFIK_HOST}:${WEB_PORT} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql MYSQL_DATABASE: snipeit @@ -22,8 +22,22 @@ services: {{- if .Values.HOST_LABEL}} io.rancher.scheduler.affinity:host_label: ${HOST_LABEL} {{- end}} + {{- if .Values.TRAEFIK_HOST}} + traefik.enable: true + traefik.frontend.rule: Host:${TRAEFIK_HOST} + traefik.frontend.entryPoints: http,https + traefik.frontend.headers.forceSTSHeader: true + traefik.frontend.headers.SSLRedirect: true + traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.STSSeconds: 15552000 + traefik.port: "80" + {{- else}} + traefik.enable: false + {{- end}} links: - mysql + networks: + - public-proxy ports: - "${WEB_PORT}:80" restart: on-failure @@ -46,4 +60,8 @@ services: {{- end}} restart: on-failure volumes: - - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql \ No newline at end of file + - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql + +networks: + public-proxy: + external: true \ No newline at end of file diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index e4d0e0c..5e4be4f 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -1,6 +1,6 @@ version: '2' catalog: - name: SnipeIT + name: Snipe-IT version: latest # description: # minimum_rancher_version: @@ -16,12 +16,13 @@ catalog: required: false type: string - - variable: "URL" - label: "URL" + - variable: "TRAEFIK_HOST" + label: "Public Host Domain" description: | - The domain or hostname the service can be accessed at. - default: "http://localhost" - required: true + The host that Traefik will use to provide public access. + Leaving this empty will disable Traefik on this stack. + default: "subdomain.domain.tld" + required: false type: string - variable: "WEB_PORT" From 2c963613a68e406fe6e4cf93b0442207970ef408 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 15:52:00 -0500 Subject: [PATCH 02/15] WEB_PORT not used on Traefik --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 9811cb8..1745652 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -11,7 +11,7 @@ services: environment: APP_ENV: production APP_DEBUG: false - APP_URL: ${TRAEFIK_HOST}:${WEB_PORT} + APP_URL: ${TRAEFIK_HOST}:80 APP_KEY: ${APP_KEY} MYSQL_HOST: mysql MYSQL_DATABASE: snipeit From 9206795fd4fc86f6b136df4a37504e0010815d69 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:03:02 -0500 Subject: [PATCH 03/15] Testing without any port --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 1745652..6525bbb 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -11,7 +11,7 @@ services: environment: APP_ENV: production APP_DEBUG: false - APP_URL: ${TRAEFIK_HOST}:80 + APP_URL: ${TRAEFIK_HOST} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql MYSQL_DATABASE: snipeit From 457cabf0cf9c97e314dc2d12b4595943ab9cdde9 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:08:51 -0500 Subject: [PATCH 04/15] Port seemingly required. Added URL without traefik --- templates/Snipe-IT/0/docker-compose.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 6525bbb..a940553 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -11,7 +11,11 @@ services: environment: APP_ENV: production APP_DEBUG: false - APP_URL: ${TRAEFIK_HOST} + {{- if .Values.TRAEFIK_HOST}} + APP_URL: ${TRAEFIK_HOST}:80 + {{- else}} + APP_URL: localhost:${WEB_PORT} + {{- end}} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql MYSQL_DATABASE: snipeit From da029ccab7182a20da092c60b37e2c60800236ac Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:11:42 -0500 Subject: [PATCH 05/15] Added label to forward headers --- templates/Snipe-IT/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index a940553..87d7f25 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -28,6 +28,7 @@ services: {{- end}} {{- if .Values.TRAEFIK_HOST}} traefik.enable: true + traefik.frontend.auth.forward.trustForwardHeader: true traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true From 575284f3fc7ab23bb0595eb52b5b413a4d7867eb Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:17:47 -0500 Subject: [PATCH 06/15] Testing without --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 87d7f25..1264299 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -28,7 +28,7 @@ services: {{- end}} {{- if .Values.TRAEFIK_HOST}} traefik.enable: true - traefik.frontend.auth.forward.trustForwardHeader: true + # traefik.frontend.auth.forward.trustForwardHeader: true traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true From 9a74e12a81bb48f65ee34f5c712a25519948985d Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:45:24 -0500 Subject: [PATCH 07/15] Trying different header --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 1264299..5106026 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -28,12 +28,12 @@ services: {{- end}} {{- if .Values.TRAEFIK_HOST}} traefik.enable: true - # traefik.frontend.auth.forward.trustForwardHeader: true traefik.frontend.rule: Host:${TRAEFIK_HOST} traefik.frontend.entryPoints: http,https traefik.frontend.headers.forceSTSHeader: true traefik.frontend.headers.SSLRedirect: true traefik.frontend.headers.STSPreload: true + traefik.frontend.headers.SSLProxyHeaders: X-Forwarded-Proto:https traefik.frontend.headers.STSSeconds: 15552000 traefik.port: "80" {{- else}} From e2935e698fb5821f7e2d42ffe0ec0424d5bf3dbb Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 16:53:21 -0500 Subject: [PATCH 08/15] Added volume to directly access in-app backups --- templates/Snipe-IT/0/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 5106026..3647602 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -48,6 +48,7 @@ services: restart: on-failure volumes: - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit + - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups mysql: image: mysql:5 dns: From e4bb26a8d0235aa1810aac71479af3235a1e0921 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Sun, 18 Nov 2018 17:38:11 -0500 Subject: [PATCH 09/15] Allowed disabling of local access --- templates/Snipe-IT/0/docker-compose.yml | 5 +++++ templates/Snipe-IT/0/rancher-compose.yml | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 3647602..66cbb76 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -43,8 +43,13 @@ services: - mysql networks: - public-proxy + {{- if .Values.WEB_PORT}} ports: - "${WEB_PORT}:80" + {{- else}} + expose: + - "80" + {{- end}} restart: on-failure volumes: - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 5e4be4f..05a87e5 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -29,8 +29,9 @@ catalog: label: "Local Web Port" description: | The port to locally access the web interface on. + Leaving this empty will not expose a any port on the host system, disabling local access outside of it's Rancher network. default: "10300" - required: true + required: false type: string - variable: "DATA_DIR" From 4390817f89b93d22db37e327d41dcc5e57dd3f76 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Mon, 19 Nov 2018 17:26:49 -0500 Subject: [PATCH 10/15] Added option for service to use host's time --- templates/Snipe-IT/0/docker-compose.yml | 3 +++ templates/Snipe-IT/0/rancher-compose.yml | 10 +++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 66cbb76..b11284c 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -52,6 +52,9 @@ services: {{- end}} restart: on-failure volumes: + {{- if eq .Values.HOST_TIME "true"}} + - /etc/localtime:/etc/localtime:ro + {{- end}} - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups mysql: diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 05a87e5..72086d7 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -63,4 +63,12 @@ catalog: description: | A random 32-Character string which will be used for encryption. required: true - type: password \ No newline at end of file + type: password + + - variable: "HOST_TIME" + label: "Use Host's Date/Time" + description: | + Use the host's date and time for the container. + default: true + required: true + type: boolean \ No newline at end of file From f3515a843c982669cc92151f0db7192450962185 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:34:50 -0500 Subject: [PATCH 11/15] Sync host timezone --- templates/Snipe-IT/0/docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index b11284c..c0012db 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -53,7 +53,7 @@ services: restart: on-failure volumes: {{- if eq .Values.HOST_TIME "true"}} - - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system {{- end}} - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups @@ -74,6 +74,7 @@ services: {{- end}} restart: on-failure volumes: + - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql networks: From 9341fcc27ce15637530c73739013ad054fa64786 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Wed, 5 Dec 2018 22:40:33 -0500 Subject: [PATCH 12/15] Sync time and timezone with host --- templates/Snipe-IT/0/docker-compose.yml | 4 ++-- templates/Snipe-IT/0/rancher-compose.yml | 10 +--------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index c0012db..758e9bd 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -52,9 +52,8 @@ services: {{- end}} restart: on-failure volumes: - {{- if eq .Values.HOST_TIME "true"}} + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - {{- end}} - /RancherCattleData/${DATA_DIR}/Application:/var/lib/snipeit - /RancherCattleData/${DATA_DIR}/Backups:/var/www/html/storage/app/backups mysql: @@ -74,6 +73,7 @@ services: {{- end}} restart: on-failure volumes: + - /etc/localtime:/etc/localtime:ro # Syncronize time of container with the host system - /etc/timezone:/etc/timezone:ro # Syncronize timezone of container with the host system - /RancherCattleData/${DATA_DIR}/Database:/var/lib/mysql diff --git a/templates/Snipe-IT/0/rancher-compose.yml b/templates/Snipe-IT/0/rancher-compose.yml index 72086d7..05a87e5 100644 --- a/templates/Snipe-IT/0/rancher-compose.yml +++ b/templates/Snipe-IT/0/rancher-compose.yml @@ -63,12 +63,4 @@ catalog: description: | A random 32-Character string which will be used for encryption. required: true - type: password - - - variable: "HOST_TIME" - label: "Use Host's Date/Time" - description: | - Use the host's date and time for the container. - default: true - required: true - type: boolean \ No newline at end of file + type: password \ No newline at end of file From 50528b4f1f89557aed4d51725be9d5cdf2eceb20 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 19:32:13 -0500 Subject: [PATCH 13/15] Added protocol --- templates/Snipe-IT/0/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 758e9bd..2cdb2df 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -12,9 +12,9 @@ services: APP_ENV: production APP_DEBUG: false {{- if .Values.TRAEFIK_HOST}} - APP_URL: ${TRAEFIK_HOST}:80 + APP_URL: https://${TRAEFIK_HOST}:80 {{- else}} - APP_URL: localhost:${WEB_PORT} + APP_URL: http://localhost:${WEB_PORT} {{- end}} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql From 7bf444951c98cb7a0c9a7acf7dd85b6b3288b5ed Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 19:41:50 -0500 Subject: [PATCH 14/15] Testing without port --- templates/Snipe-IT/0/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index 2cdb2df..c663a30 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -12,7 +12,7 @@ services: APP_ENV: production APP_DEBUG: false {{- if .Values.TRAEFIK_HOST}} - APP_URL: https://${TRAEFIK_HOST}:80 + APP_URL: https://${TRAEFIK_HOST} {{- else}} APP_URL: http://localhost:${WEB_PORT} {{- end}} From 6dbeeee728ee488f5f4ddc05b856fa9d263aad89 Mon Sep 17 00:00:00 2001 From: WilliamMiceli Date: Fri, 7 Dec 2018 19:51:29 -0500 Subject: [PATCH 15/15] Fully functional --- templates/Snipe-IT/0/docker-compose.yml | 2 +- templates/Snipe-IT/config.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/Snipe-IT/0/docker-compose.yml b/templates/Snipe-IT/0/docker-compose.yml index c663a30..91a856b 100644 --- a/templates/Snipe-IT/0/docker-compose.yml +++ b/templates/Snipe-IT/0/docker-compose.yml @@ -14,7 +14,7 @@ services: {{- if .Values.TRAEFIK_HOST}} APP_URL: https://${TRAEFIK_HOST} {{- else}} - APP_URL: http://localhost:${WEB_PORT} + APP_URL: http://localhost {{- end}} APP_KEY: ${APP_KEY} MYSQL_HOST: mysql diff --git a/templates/Snipe-IT/config.yml b/templates/Snipe-IT/config.yml index dd7c4a0..9cfc723 100644 --- a/templates/Snipe-IT/config.yml +++ b/templates/Snipe-IT/config.yml @@ -1,6 +1,6 @@ name: Snipe-IT description: | - Status: NOT READY + Free, open source IT asset and license management system. version: latest category: Asset Management maintainer: WilliamMiceli