added traefik files and settings

This commit is contained in:
2022-05-28 08:28:55 -05:00
parent 76e2a61e2e
commit 9348aa760a
3 changed files with 184 additions and 38 deletions

View File

@@ -1,44 +1,6 @@
version: '3'
services:
cloudflareddns:
container_name: cloudflareddns
hostname: cloudflareddns
image: hotio/cloudflareddns:latest
environment:
- PGID=$PGID
- PUID=$PUID
- TZ=$TZ
- CF_APITOKEN=eSH_TXT95jL2NrHL8cT6kcrx4X-sdJswxGH1rbT6
- CF_HOSTS=aknlw.com
- CF_RECORDTYPES=A
- CF_USER=akanealw@gmail.com
- CF_ZONES=aknlw.com
- DETECTION_MODE=dig-whoami.cloudflare
- INTERVAL=300
- LOG_LEVEL=2
restart: always
volumes:
- ./appdata/cloudflareddns/config:/config
- /etc/localtime:/etc/localtime:ro
nginxproxymanager:
container_name: nginxproxymanager
hostname: nginxproxymanager
image: jc21/nginx-proxy-manager:latest
environment:
- X_FRAME_OPTIONS=sameorigin
- DB_SQLITE_FILE=/data/database.sqlite
ports:
- 8443:443/tcp
- 80:80/tcp
- 81:81/tcp
restart: always
volumes:
- ./appdata/nginxproxymanager/data:/data
- ./appdata/nginxproxymanager/letsencrypt:/etc/letsencrypt
- /etc/localtime:/etc/localtime:ro
openvpn:
container_name: openvpn
hostname: openvpn
@@ -72,6 +34,10 @@ services:
image: portainer/portainer-ce:latest
environment:
- AGENT_SECRET=$ADMIN
labels:
- traefik.enable=true
- traefik.http.routers.portainer.entryPoints=https
- traefik.http.services.portainer.loadbalancer.server.port=9000
ports:
- 9000:9000/tcp
restart: always
@@ -111,6 +77,10 @@ services:
- DEBUG=false
- LAN_NETWORK=192.168.1.0/24
- NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1
labels:
- traefik.enable=true
- traefik.http.routers.privoxyvpn.entryPoints=https
- traefik.http.services.privoxyvpn.loadbalancer.server.port=8118
privileged: true
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
@@ -120,3 +90,27 @@ services:
volumes:
- ./appdata/privoxyvpn/config:/config
- /etc/localtime:/etc/localtime:ro
traefik:
container_name: traefik
image: traefik:2.5
ports:
- 80:80
- 443:443
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./appdata/traefik/:/etc/traefik/
networks:
- default
labels:
traefik.http.routers.api.rule: Host(`traefik.aknlw.com`)
traefik.http.routers.api.entryPoints: https
traefik.http.routers.api.service: api@internal
traefik.enable: true
environment:
DO_AUTH_TOKEN: dop_v1_0c437a780149010ce186a09117fa6edec29bda0afecc8831cd8c025798990891
restart: unless-stopped
networks:
default:

81
fileConfig.yml Normal file
View File

@@ -0,0 +1,81 @@
http:
## EXTERNAL ROUTING EXAMPLE - Only use if you want to proxy something manually ##
routers:
# homeassistant:
# entryPoints:
# - https
# rule: 'Host(`homeassistant.domain.com`)'
# service: homeassistant
# middlewares:
# - "auth"
# ## SERVICES EXAMPLE ##
services:
# homeassistant:
# loadBalancer:
# servers:
# - url: http://192.168.60.5:8123/
# ## MIDDLEWARES ##
middlewares:
# Only Allow Local networks
# local-ipwhitelist:
# ipWhiteList:
# sourceRange:
# - 127.0.0.1/32 # localhost
# - 192.168.1.1/24 # LAN Subnet
# # Authelia guard
# authelia:
# forwardauth:
# address: http://authelia:9091/api/verify?rd=https://identity.aknlw.com/ # replace auth with your authelia container name
# trustForwardHeader: true
# authResponseHeaders:
# - Remote-User
# - Remote-Groups
# - Remote-Name
# - Remote-Email
# # Authelia basic auth guard
# authelia-basic:
# forwardauth:
# address: http://authelia:9091/api/verify?auth=basic # replace auth with your authelia container name
# trustForwardHeader: true
# authResponseHeaders:
# - Remote-User
# - Remote-Groups
# - Remote-Name
# - Remote-Email
# Security headers
securityHeaders:
headers:
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
server: ""
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: https
referrerPolicy: "strict-origin-when-cross-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
customRequestHeaders:
X-Forwarded-Proto: "https"
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true
# Only use secure ciphers - https://ssl-config.mozilla.org/#server=traefik&version=2.6.0&config=intermediate&guideline=5.6
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

71
traefik.yml Normal file
View File

@@ -0,0 +1,71 @@
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true
entryPoints:
# Not used in apps, but redirect everything from HTTP to HTTPS
http:
address: :80
http:
redirections:
entryPoint:
to: https
scheme: https
# HTTPS endpoint, with domain wildcard
https:
address: :443
http:
tls:
# Generate a wildcard domain certificate
certResolver: letsencrypt
domains:
- main: aknlw.com
sans:
- '*.aknlw.com'
middlewares:
- securityHeaders@file
providers:
providersThrottleDuration: 2
# File provider for connecting things that are outside of docker / defining middleware
file:
filename: /etc/traefik/fileConfig.yml
watch: true
# Docker provider for connecting all apps that are inside of the docker network
docker:
watch: true
network: docker_default # Add Your Docker Network Name Here
# Default host rule to containername.domain.example
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.aknlw.com`)"
swarmModeRefreshSeconds: 15
exposedByDefault: false
# Enable traefik ui
api:
dashboard: true
insecure: true
# Log level INFO|DEBUG|ERROR
log:
level: INFO
# Use letsencrypt to generate ssl serficiates
certificatesResolvers:
letsencrypt:
acme:
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
email: akanealw@gmail.com
storage: /etc/traefik/acme.json
dnsChallenge:
provider: digitalocean
delayBeforeCheck: 0
# Used to make sure the dns challenge is propagated to the rights dns servers
resolvers:
- "8.8.8.8:443"
- "8.8.4.4:443"