fear: add traefik

BulatRuslanovich · Aug 24, 2024 · 3f95010 · 3f95010
1 parent bb64763
commit 3f95010
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 2 deletions.
diff --git a/data/tls.yml b/data/tls.yml
@@ -0,0 +1,11 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /etc/traefik/certs/fullchain.pem
+        keyFile: /etc/traefik/certs/privkey.pem
+  certificates:
+    - certFile: /etc/traefik/certs/fullchain.pem
+      keyFile: /etc/traefik/certs/privkey.pem
+      stores:
+        - default
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -6,6 +6,8 @@ volumes:
     driver: local
   redis-data:
     driver: local
+  traefik-certs:
+    driver: local
 
 services:
   dispatcher:
@@ -14,8 +16,8 @@ services:
     build:
       context: ./
       dockerfile: ./dispatcher/Dockerfile
-    ports:
-      - ${DISPATCHER_PORT}:${DISPATCHER_PORT}
+#    ports:
+#      - ${DISPATCHER_PORT}:${DISPATCHER_PORT}
     environment:
       DISPATCHER_PORT: ${DISPATCHER_PORT}
       BOT_URI: ${BOT_URI}
@@ -26,6 +28,12 @@ services:
       EDIT_TOPIC: ${EDIT_TOPIC}
       TEXT_UPDATE_TOPIC: ${TEXT_UPDATE_TOPIC}
       CALLBACK_QUERY_UPDATE_TOPIC: ${CALLBACK_QUERY_UPDATE_TOPIC}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.services.dispatcher.loadbalancer.server.port=${DISPATCHER_PORT}"
+      - "traefik.http.routers.dispatcher.rule=Host(`${HOST_URL}`) && PathPrefix(`/callback`)"
+      - "traefik.http.routers.dispatcher.entrypoints=websecure8"
+      - "traefik.http.routers.dispatcher.tls=true"
     logging:
       driver: 'json-file'
       options:
@@ -144,3 +152,54 @@ services:
       start_period: 30s
       timeout: 10s
     restart: unless-stopped
+
+  traefik:
+    container_name: traefik
+    image: traefik:v2.9
+    ports:
+      - 80:80
+      - 8443:8443
+      - 9443:9443
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./data:/etc/traefik/data
+      - /home/bipbup/certs:/etc/traefik/certs
+    labels:
+      - "traefik.enable=true"
+
+      - "traefik.http.routers.traefik.rule=Host(`${HOST_URL}`)"
+      - "traefik.http.routers.traefik.entrypoints=websecure9"
+      - "traefik.http.routers.traefik.tls=true"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.services.traefik.loadbalancer.server.port=8088"
+
+      # Установка пароля для входа в админку
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_USER}:${TRAEFIK_PASSWORD}"
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+
+      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=false"
+    command:
+      - "--api.dashboard=true"
+      - "--ping=true"
+      - "--ping.entrypoint=ping"
+      - "--entryPoints.ping.address=:8888"
+      - "--entryPoints.web.address=:80"
+      - "--entrypoints.websecure8.address=:8443"
+      - "--entrypoints.websecure9.address=:9443"
+      - "--providers.docker=true"
+      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.filename=/etc/traefik/data/tls.yml"
+    healthcheck:
+      test: [ "CMD", "wget", "http://127.0.0.1:8888/ping","--spider" ]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 5s
+    restart: unless-stopped