variabilized more values, reorganized values in env.example file

added standard YAML three-dashes notation
renamed certificate file
2022-01-22 23:27:55 +01:00 · 2022-01-22 23:22:01 +01:00 · 2022-01-22 23:21:37 +01:00 · 2022-01-15 23:46:54 +01:00 · 2022-01-15 23:40:46 +01:00 · 2022-01-15 23:22:57 +01:00
5 changed files with 51 additions and 32 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-.env
+/.env
+/certs.json
--- a/README.md
+++ b/README.md
@@ -1,3 +1,3 @@
-# traefik.bjphoster.com
+# Træfik Deployment

 Træfik deployment for reverse proxying all the infrastructure
--- a/config/tls.yml
+++ b/config/tls.yml
@@ -0,0 +1,11 @@
+---
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+    mintls13:
+      minVersion: VersionTLS13
+    compatible:
+      minVersion: VersionTLS11
+    supercompatible:
+      minVersion: VersionTLS10
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,18 +1,22 @@
+---
 version: "3"

 services:
  traefik:
+    image: traefik:${TRAEFIK_VERSION}
+    container_name: ${TRAEFIK_CONTAINER_NAME}
+    restart: unless-stopped
    command:
      # when debugging is needed
      - --accesslog=${TRAEFIK_ACCESSLOG}
      # enable Træfik dashboard
      - --api.dashboard=true
      # configure Let's Encrypt automatic certificates
-      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
-      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=hetzner
-      - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
-      - --certificatesresolvers.letsencrypt.acme.keytype=RSA4096
-      - --certificatesresolvers.letsencrypt.acme.storage=/le-certs.json
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.dnschallenge=true
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.dnschallenge.provider=hetzner
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.email=${LETSENCRYPT_EMAIL}
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.keytype=RSA4096
+      - --certificatesresolvers.${TRAEFIK_CERTRESOLVER}.acme.storage=/certs.json
      # we listen on both HTTP and HTTPS
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
@@ -25,50 +29,48 @@ services:
      # and we want to manually specify exposed containers
      - --providers.docker.exposedbydefault=false
      - --providers.docker.watch=true
-      # should not need, but just in case, a dynamic config file is also configured
-      - --providers.file.directory=/dynamic-config
+      # should not need, but just in case, a folder for dynamic config files is also configured
+      - --providers.file.directory=/config
      - --providers.file.watch=true
-    container_name: ${TRAEFIK_CONTAINER_NAME}
    environment:
      - HETZNER_API_KEY=${HETZNER_API_KEY}
-    image: traefik:${TRAEFIK_VERSION}
    labels:
      # expose Træfik using Træfik (dashboard)
-      - traefik.enable=true
+      - traefik.enable=${TRAEFIK_ENABLED}
      # configure a global whitelist for my home
      - traefik.http.middlewares.dashboard-whitelist.ipwhitelist.sourcerange=${TRAEFIK_DASHBOARD_WHITELIST}
      # configure the global redirect middleware
      - traefik.http.middlewares.http-to-https.redirectscheme.scheme=https
      - traefik.http.middlewares.http-to-https.redirectscheme.permanent=true
      ### Section HTTP
-      - traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.entrypoints=http
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
      # only some people can access the dashboard, hence protect it with it's whitelist
-      - traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.middlewares=dashboard-whitelist
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
      # redirect Træfik dashboard to HTTPS only
-      - traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.middlewares=http-to-https
-      - traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.rule=Host(`${TRAEFIK_MATCHRULE}`)
-      - traefik.http.routers.http-${TRAEFIK_ROUTER_NAME}.service=api@internal
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.service=api@internal
      ### Section HTTPS
-      - traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.entrypoints=https
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
      # only some people can access the dashboard, hence protect it with it's whitelist
-      - traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.middlewares=dashboard-whitelist
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
      # configure Træfik dashboard to be the exposed service
-      - traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.rule=Host(`${TRAEFIK_MATCHRULE}`)
-      - traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.service=api@internal
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.service=api@internal
      # of course, enable TLS and it's certificate provider
-      - traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.tls=true
-      - traefik.http.routers.https-${TRAEFIK_ROUTER_NAME}.tls.certresolver=letsencrypt
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=${TRAEFIK_TLSENABLED}
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls.certresolver=${TRAEFIK_CERTRESOLVER}
    networks:
-      - traefik-proxy
+      - traefik
    ports:
      - 80:80
      - 443:443
-    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./config:/dynamic-config:ro
-      - ./le-certs.json:/le-certs.json
+      - ./config:/config:ro
+      - ./certs.json:/certs.json

 networks:
-  traefik-proxy:
+  traefik:
    external: true
+    name: ${TRAEFIK_NETWORK}
--- a/env.example
+++ b/env.example
@@ -1,10 +1,14 @@
+# General environment
 TRAEFIK_VERSION=2.4
+TRAEFIK_CERTRESOLVER=letsencrypt
 TRAEFIK_CONTAINER_NAME=traefik.mydomain.com
-TRAEFIK_MATCHRULE=traefik.mydomain.com
-TRAEFIK_ROUTER_NAME=traefik_mydomain_com
-TRAEFIK_LOGLEVEL=INFO
-TRAEFIK_PILOT_TOKEN=
 TRAEFIK_DASHBOARD_WHITELIST=1.2.3.4/24
+TRAEFIK_ENABLED=true
+TRAEFIK_NETWORK=traefik
+TRAEFIK_MATCHRULE=traefik.mydomain.com
+TRAEFIK_ROUTER=traefik_mydomain_com
+TRAEFIK_PILOT_TOKEN=
+TRAEFIK_TLSENABLED=true

 # Certificate provider
 HETZNER_API_KEY=
@@ -12,3 +16,4 @@ LETSENCRYPT_EMAIL=admin@mydomain.com

 # Debugging
 TRAEFIK_ACCESSLOG=false
+TRAEFIK_LOGLEVEL=INFO
Author	SHA1	Message	Date
Bryan Joshua Pedini	4d4a578b78	variabilized more values, reorganized values in env.example file	2022-01-22 23:27:55 +01:00
Bryan Joshua Pedini	39dbe048f5	added standard YAML three-dashes notation	2022-01-22 23:22:01 +01:00
Bryan Joshua Pedini	310c237add	renamed certificate file	2022-01-22 23:21:37 +01:00
Bryan Joshua Pedini	4f46fdcdea	removed config folder from .gitignore, added tls config file actually that was a stupid idea, configs need to be tracked and version controlled	2022-01-15 23:46:54 +01:00
Bryan Joshua Pedini	ccb8dee381	renamed repository in README.md	2022-01-15 23:40:46 +01:00
Bryan Joshua Pedini	6888d09442	added le-certs.json and config folder to .gitignore	2022-01-15 23:22:57 +01:00
Bryan Joshua Pedini	8111b7297b	moved log level in proper section in env.example	2022-01-15 23:11:35 +01:00
Bryan Joshua Pedini	026fc917e9	renamed Træfik network in compose file, added name variable for it	2022-01-15 23:09:46 +01:00
Bryan Joshua Pedini	5b9facf603	renamed directories and environment variables	2022-01-15 22:39:35 +01:00
Bryan Joshua Pedini	46a8794a7c	rearranged service instructions	2022-01-15 22:35:10 +01:00