Skip to content
Snippets Groups Projects
Commit a221097c authored by Christian Elberfeld's avatar Christian Elberfeld
Browse files

Migration auf traefik

parent 83a36b6b
No related branches found
No related tags found
No related merge requests found
Showing
with 204 additions and 43 deletions
...@@ -26,6 +26,7 @@ ...@@ -26,6 +26,7 @@
with_items: with_items:
- docker-compose.yml - docker-compose.yml
- traefik.yml - traefik.yml
- dynamic/redirect-default.yml
- dynamic/tls.yml - dynamic/tls.yml
register: config register: config
......
http:
routers:
router-default:
entrypoints:
- websecure
rule: "Host(`{{ domain }}`)"
middlewares:
- redirect-default
service: service-default
services:
service-default:
loadBalancer:
servers:
- url: http://noop-dummy
middlewares:
redirect-default:
redirectRegex:
regex: "^https://{{ domain }}/(.*)"
replacement: "https://{{ domain_default }}/$1"
...@@ -48,19 +48,64 @@ ...@@ -48,19 +48,64 @@
roles: roles:
- { role: common/borgbackup, tags: borgbackup } - { role: common/borgbackup, tags: borgbackup }
- { role: common/docker, tags: docker } - { role: common/docker, tags: docker }
- { role: common/nginx, tags: nginx }
- { role: common/openvpn, tags: openvpn } - { role: common/openvpn, tags: openvpn }
- { role: common/docker_ldap, tags: ldap } - {
- { role: webserver/docker_dokuwiki, tags: dokuwiki } role: common/docker_ldap, tags: ldap,
- { role: webserver/docker_gitlab, tags: gitlab } servicename: "ldap",
- { role: webserver/docker_hackmd, tags: hackmd } domain: "ldap.warpzone.ms"
- { role: webserver/docker_jabber, tags: jabber } }
- { role: webserver/docker_mail, tags: mail } - {
- { role: webserver/docker_matterbridge, tags: matterbridge } role: common/docker_traefik, tags: traefik,
- { role: webserver/docker_matrix, tags: matrix } servicename: traefik,
- { role: webserver/docker_warpapi, tags: warpapi } domain: "warpzone.ms",
- { role: webserver/docker_warpinfra, tags: warpinfra } domain_default: "www.warpzone.ms"
- { role: webserver/docker_wordpress, tags: wordpress } }
- {
role: webserver/docker_dokuwiki, tags: dokuwiki,
servicename: "dokuwiki",
domain: "wiki.warpzone.ms"
}
- {
role: webserver/docker_gitlab, tags: gitlab,
servicename: "gitlab",
domain: "gitlab.warpzone.ms"
}
- {
role: webserver/docker_hackmd, tags: hackmd,
servicename: "mackmd",
domain: "md.warpzone.ms"
}
- {
role: webserver/docker_jabber, tags: jabber,
servicename: "jabber",
domain: "jabber.warpzone.ms"
}
- {
role: webserver/docker_mail, tags: mail
}
- {
role: webserver/docker_matterbridge, tags: matterbridge
}
- {
role: webserver/docker_matrix, tags: matrix,
servicename: "matrix",
domain: "matrix.warpzone.ms"
}
- {
role: webserver/docker_warpapi, tags: warpapi,
servicename: "warpapi",
domain: "api.warpzone.ms"
}
- {
role: webserver/docker_warpinfra, tags: warpinfra,
servicename: "warpinfra",
domain: "infra.warpzone.ms"
}
- {
role: webserver/docker_wordpress, tags: wordpress,
servicename: "wordpress",
domain: "www.warpzone.ms"
}
# Entfällt durch testserver # Entfällt durch testserver
# - { role: docker_jabber_test, tags: jabber_test } # - { role: docker_jabber_test, tags: jabber_test }
...@@ -80,7 +125,9 @@ ...@@ -80,7 +125,9 @@
} }
- { - {
role: common/docker_traefik, tags: traefik, role: common/docker_traefik, tags: traefik,
servicename: traefik servicename: traefik,
domain: "warpzone.ms",
domain-default: "www.warpzone.ms"
} }
- { - {
role: verwaltung/docker_gitea, tags: gitea, role: verwaltung/docker_gitea, tags: gitea,
......
...@@ -6,8 +6,18 @@ services: ...@@ -6,8 +6,18 @@ services:
build: . build: .
image: "dokuwiki--{{ ansible_date_time.date }}--{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}-{{ ansible_date_time.second }}" image: "dokuwiki--{{ ansible_date_time.date }}--{{ ansible_date_time.hour }}-{{ ansible_date_time.minute }}-{{ ansible_date_time.second }}"
restart: always restart: always
ports:
- 127.0.0.1:42005:80
volumes: volumes:
- /srv/dokuwiki/data/:/var/www/html - /srv/dokuwiki/data/:/var/www/html
- /srv/dokuwiki/pdftemplate/:/var/www/html/lib/plugins/dw2pdf/tpl/warpzone/ - /srv/dokuwiki/pdftemplate/:/var/www/html/lib/plugins/dw2pdf/tpl/warpzone/
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
networks:
- default
- web
networks:
web:
external: true
...@@ -10,8 +10,19 @@ services: ...@@ -10,8 +10,19 @@ services:
mem_limit: 4gb mem_limit: 4gb
ports: ports:
- 0.0.0.0:444:22 - 0.0.0.0:444:22
- 127.0.0.1:42001:80
volumes: volumes:
- /srv/gitlab/conf:/etc/gitlab - /srv/gitlab/conf:/etc/gitlab
- /srv/gitlab/log:/var/log/gitlab - /srv/gitlab/log:/var/log/gitlab
- /srv/gitlab/data:/var/opt/gitlab - /srv/gitlab/data:/var/opt/gitlab
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
networks:
- default
- web
networks:
web:
external: true
...@@ -8,8 +8,6 @@ services: ...@@ -8,8 +8,6 @@ services:
restart: always restart: always
depends_on: depends_on:
- db - db
ports:
- 127.0.0.1:42007:3000
environment: environment:
CMD_DB_URL: "mysql://hackmd:{{ mysql_user_pass }}@db:3306/hackmd" CMD_DB_URL: "mysql://hackmd:{{ mysql_user_pass }}@db:3306/hackmd"
CMD_SESSION_SECRET: "{{ hackmd_session_secret }}" CMD_SESSION_SECRET: "{{ hackmd_session_secret }}"
...@@ -26,6 +24,14 @@ services: ...@@ -26,6 +24,14 @@ services:
CMD_LDAP_USERIDFIELD: "uid" CMD_LDAP_USERIDFIELD: "uid"
CMD_LDAP_USERNAMEFIELD: "uid" CMD_LDAP_USERNAMEFIELD: "uid"
CMD_EMAIL: "false" CMD_EMAIL: "false"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=3000
networks:
- default
- web
db: db:
...@@ -39,3 +45,9 @@ services: ...@@ -39,3 +45,9 @@ services:
MYSQL_PASSWORD: "{{ mysql_user_pass }}" MYSQL_PASSWORD: "{{ mysql_user_pass }}"
MYSQL_DATABASE: "hackmd" MYSQL_DATABASE: "hackmd"
MYSQL_USER: "hackmd" MYSQL_USER: "hackmd"
networks:
- default
networks:
web:
external: true
...@@ -18,6 +18,7 @@ ...@@ -18,6 +18,7 @@
- "/srv/jabber/logs" - "/srv/jabber/logs"
- "/srv/jabber/data" - "/srv/jabber/data"
- "/srv/jabber/etc" - "/srv/jabber/etc"
- "/srv/jabber/certs"
# create files # create files
- name: Docker Konfig-Datei erstellen - name: Docker Konfig-Datei erstellen
...@@ -42,17 +43,4 @@ ...@@ -42,17 +43,4 @@
project_src: /srv/jabber/ project_src: /srv/jabber/
state: present state: present
# Letsencrypt
- name: LetsEncrypt Renewal Hook erstellen
file:
path: "/etc/letsencrypt/renewal-hooks/deploy"
state: directory
recurse: yes
- name: LetsEncrypt Renewal Hook erstellen
template:
src: certbot-hook.sh
dest: /etc/letsencrypt/renewal-hooks/deploy/jabber.sh
mode: o+x
register: letsencryptsh
notify: restart nginx
#!/bin/bash
# Certbot Renewal Hook to reload jabber when a certificate is renewed
# TODO: command per docker exec im container ausführen
...@@ -15,9 +15,38 @@ services: ...@@ -15,9 +15,38 @@ services:
- /srv/jabber/logs:/var/log/prosody - /srv/jabber/logs:/var/log/prosody
- /srv/jabber/data:/var/lib/prosody - /srv/jabber/data:/var/lib/prosody
# mount the certificates created by lets encrypt # mount the certificates created by lets encrypt
- /etc/letsencrypt/live/jabber.warpzone.ms/privkey.pem:/etc/prosody/certs/jabber.warpzone.ms.key # Der Certdumper erzeugt ein Zertifikat mit san-Einträgen
- /etc/letsencrypt/live/jabber.warpzone.ms/fullchain.pem:/etc/prosody/certs/jabber.warpzone.ms.crt # In Jabber müssen diese jedoch als einzelne dateien vorliegen
- /etc/letsencrypt/live/muc.jabber.warpzone.ms/privkey.pem:/etc/prosody/certs/muc.jabber.warpzone.ms.key - /srv/jabber/certs/key.pem:/etc/prosody/certs/jabber.warpzone.ms.key
- /etc/letsencrypt/live/muc.jabber.warpzone.ms/fullchain.pem:/etc/prosody/certs/muc.jabber.warpzone.ms.crt - /srv/jabber/certs/cert.pem:/etc/prosody/certs/jabber.warpzone.ms.crt
- /etc/letsencrypt/live/proxy.jabber.warpzone.ms/privkey.pem:/etc/prosody/certs/proxy.jabber.warpzone.ms.key - /srv/jabber/certs/key.pem:/etc/prosody/certs/muc.jabber.warpzone.ms.key
- /etc/letsencrypt/live/proxy.jabber.warpzone.ms/fullchain.pem:/etc/prosody/certs/proxy.jabber.warpzone.ms.crt - /srv/jabber/certs/cert.pem:/etc/prosody/certs/muc.jabber.warpzone.ms.crt
- /srv/jabber/certs/key.pem:/etc/prosody/certs/proxy.jabber.warpzone.ms.key
- /srv/jabber/certs/cert.pem:/etc/prosody/certs/proxy.jabber.warpzone.ms.crt
networks:
- default
traefik-certdumper:
image: humenius/traefik-certs-dumper
command: --restart-containers jabber_app-1
volumes:
# mount the folder which contains Traefik's `acme.json' file
- /srv/traefik/acme.json:/traefik/acme.json:ro
# mount SSL folder
- /srv/jabber/certs:/output:rw
# Docker API for Container restart
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- DOMAIN=jabber.warpzone.ms
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=(Host(`{{ domain }}`) || Host(`muc.{{ domain }}`) || Host(`proxy.{{ domain }}`))
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=0
networks:
- default
- web
networks:
web:
external: true
\ No newline at end of file
...@@ -13,6 +13,8 @@ services: ...@@ -13,6 +13,8 @@ services:
POSTGRES_USER: synapse POSTGRES_USER: synapse
POSTGRES_PASSWORD: "{{ postgres_user_pass }}" POSTGRES_PASSWORD: "{{ postgres_user_pass }}"
POSTGRES_INITDB_ARGS: --encoding=UTF-8 --lc-collate=C --lc-ctype=C POSTGRES_INITDB_ARGS: --encoding=UTF-8 --lc-collate=C --lc-ctype=C
networks:
- default
synapse: synapse:
...@@ -32,6 +34,14 @@ services: ...@@ -32,6 +34,14 @@ services:
- /srv/matrix/rest_auth_provider.py:/usr/local/lib/python3.7/site-packages/rest_auth_provider.py - /srv/matrix/rest_auth_provider.py:/usr/local/lib/python3.7/site-packages/rest_auth_provider.py
environment: environment:
SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml" SYNAPSE_CONFIG_PATH: "/data/homeserver.yaml"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=8008
networks:
- default
- web
ma1sd: ma1sd:
...@@ -42,3 +52,15 @@ services: ...@@ -42,3 +52,15 @@ services:
volumes: volumes:
- /srv/matrix/ma1sd-config/:/etc/ma1sd - /srv/matrix/ma1sd-config/:/etc/ma1sd
- /srv/matrix/ma1sd-data/:/var/ma1sd - /srv/matrix/ma1sd-data/:/var/ma1sd
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}-ma1sd.rule=((Host(`{{ domain }}`) && PathPrefix(`/_matrix/client/r0/login`)) || (Host(`{{ domain }}`) && PathPrefix(`/_matrix/identity`)))
- traefik.http.routers.{{ servicename }}-login.entrypoints=websecure
- traefik.http.services.{{ servicename }}-login.loadbalancer.server.port=8090
networks:
- default
- web
networks:
web:
external: true
...@@ -11,3 +11,15 @@ services: ...@@ -11,3 +11,15 @@ services:
- 127.0.0.1:42010:5000 - 127.0.0.1:42010:5000
volumes: volumes:
- /srv/warpapi/warpapi/:/opt/warpapi - /srv/warpapi/warpapi/:/opt/warpapi
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=5000
networks:
- default
- web
networks:
web:
external: true
...@@ -14,6 +14,8 @@ services: ...@@ -14,6 +14,8 @@ services:
MYSQL_PASSWORD: "{{ mysql_user_pass }}" MYSQL_PASSWORD: "{{ mysql_user_pass }}"
MYSQL_DATABASE: wordpress MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress MYSQL_USER: wordpress
networks:
- default
app: app:
...@@ -22,9 +24,19 @@ services: ...@@ -22,9 +24,19 @@ services:
volumes: volumes:
- /srv/wordpress/config/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini - /srv/wordpress/config/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
- /srv/wordpress/data:/var/www/html - /srv/wordpress/data:/var/www/html
ports:
- 127.0.0.1:42006:80
environment: environment:
WORDPRESS_DB_HOST: db WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wordpress WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: "{{ mysql_user_pass }}" WORDPRESS_DB_PASSWORD: "{{ mysql_user_pass }}"
labels:
- traefik.enable=true
- traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
- traefik.http.routers.{{ servicename }}.entrypoints=websecure
- traefik.http.services.{{ servicename }}.loadbalancer.server.port=80
networks:
- default
- web
networks:
web:
external: true
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment