diff options
Diffstat (limited to 'services/traefik')
| -rw-r--r-- | services/traefik/compose.yaml | 32 | ||||
| -rw-r--r-- | services/traefik/config.yaml | 11 | ||||
| -rw-r--r-- | services/traefik/traefik.yaml | 38 |
3 files changed, 81 insertions, 0 deletions
diff --git a/services/traefik/compose.yaml b/services/traefik/compose.yaml new file mode 100644 index 0000000..504367c --- /dev/null +++ b/services/traefik/compose.yaml @@ -0,0 +1,32 @@ +networks: + proxy: + external: true + +volumes: + acme: + +services: + traefik: + image: traefik + container_name: traefik + restart: always + environment: + CF_DNS_API_TOKEN: + networks: + - proxy + ports: + - 80:80 + - 443:443 + labels: + traefik.enable: true + traefik.http.routers.dashboard.rule: Host(`traefik.4d6178.work`) + traefik.http.routers.dashboard.service: api@internal + traefik.http.routers.dashboard.entrypoints: websecure + traefik.http.routers.dashboard.tls: true + traefik.http.routers.dashboard.tls.certresolver: le + traefik.http.routers.dashboard.middlewares: oidc-auth@file + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - acme:/acme + - /opt/traefik/traefik.yaml:/etc/traefik/traefik.yaml + - /opt/traefik/config.yaml:/etc/traefik/config.yaml diff --git a/services/traefik/config.yaml b/services/traefik/config.yaml new file mode 100644 index 0000000..1e7f78f --- /dev/null +++ b/services/traefik/config.yaml @@ -0,0 +1,11 @@ +http: + middlewares: + oidc-auth: + plugin: + traefik-oidc-auth: + Secret: "" + Provider: + Url: "https://id.4d6178.work" + ClientId: + ClientSecret: + Scopes: ["openid", "email", "profile"] diff --git a/services/traefik/traefik.yaml b/services/traefik/traefik.yaml new file mode 100644 index 0000000..dd1bbe6 --- /dev/null +++ b/services/traefik/traefik.yaml @@ -0,0 +1,38 @@ +entrypoints: + web: + address: ":80" + http: + redirections: + entrypoint: + to: websecure + scheme: https + websecure: + address: ":443" + +providers: + docker: + exposedByDefault: false + network: proxy + file: + filename: /etc/traefik/config.yaml + +certificatesResolvers: + le: + acme: + dnschallenge: + provider: cloudflare + delaybeforecheck: 0 + email: max@bossi.ng + storage: /acme/acme.json + +api: + dashboard: true + +log: + level: DEBUG + +experimental: + plugins: + traefik-oidc-auth: + moduleName: "github.com/sevensolutions/traefik-oidc-auth" + version: "v0.13.0" |