diff --git a/docs/.vitepress/config.mts b/docs/.vitepress/config.mts index 0c27d190b..2ac45879a 100644 --- a/docs/.vitepress/config.mts +++ b/docs/.vitepress/config.mts @@ -10,6 +10,7 @@ import { tabsMarkdownPlugin } from 'vitepress-plugin-tabs' import { groupIconVitePlugin } from 'vitepress-plugin-group-icons' import tailwindcss from '@tailwindcss/vite' import { loadEnv } from 'vitepress' +import traefikGrammar from './languages/traefik-labels.tmLanguage.json' with { type: 'json' } const env = loadEnv('', process.cwd()) const sidebar = useSidebar({ spec }) @@ -650,6 +651,7 @@ export default defineConfig({ light: 'github-light', dark: 'github-dark', }, + languages: [{ ...traefikGrammar, id: 'traefik', name: 'traefik' }], // Configure Shiki with SSH language async shikiSetup(shiki) { await shiki.loadLanguage('ssh-config') diff --git a/docs/.vitepress/languages/traefik-labels.tmLanguage.json b/docs/.vitepress/languages/traefik-labels.tmLanguage.json new file mode 100644 index 000000000..23c34cecc --- /dev/null +++ b/docs/.vitepress/languages/traefik-labels.tmLanguage.json @@ -0,0 +1,42 @@ +{ + "name": "Traefik Labels", + "scopeName": "source.traefik-labels", + "fileTypes": [], + "patterns": [ + { "include": "#comment" }, + { "include": "#entry" } + ], + "repository": { + "comment": { + "name": "comment.line.number-sign.traefik-labels", + "match": "#.*$" + }, + "placeholder": { + "name": "variable.parameter.traefik-labels", + "match": "<[^>\n]+>" + }, + "backtick-string": { + "name": "entity.name.function.traefik-labels", + "match": "`[^`\n]*`" + }, + "entry": { + "begin": "^([^=\n]+)(=)", + "beginCaptures": { + "1": { + "patterns": [ + { "include": "#placeholder" }, + { "name": "keyword.other.definition.traefik-labels", "match": "[^<>\n]+" } + ] + }, + "2": { "name": "punctuation.separator.key-value.traefik-labels" } + }, + "end": "$", + "patterns": [ + { "include": "#comment" }, + { "include": "#placeholder" }, + { "include": "#backtick-string" }, + { "name": "string.unquoted.traefik-labels", "match": "[^#<>`\n]+" } + ] + } + } +} \ No newline at end of file diff --git a/docs/.vitepress/theme/custom.css b/docs/.vitepress/theme/custom.css index 02ce151ff..09927fe87 100644 --- a/docs/.vitepress/theme/custom.css +++ b/docs/.vitepress/theme/custom.css @@ -47,8 +47,6 @@ background-color: var(--coollabs-bg-zinc-300-5) !important; border: 0.5px solid rgba(0, 0, 0, 0.15) !important; border-radius: 10px !important; - padding: 0 0 0 0.850rem !important; - margin: 0 !important; line-height: 1.3 !important; } @@ -57,7 +55,6 @@ .vp-doc pre[class*='language-'] code { font-weight: 700 !important; line-height: 1.3 !important; - padding-left: 0 !important; } .dark .vp-doc div[class*='language-'], @@ -66,8 +63,6 @@ background-color: var(--coollabs-bg-zinc-300-5) !important; border: 0.5px solid rgba(255, 255, 255, 0.15) !important; border-radius: 10px !important; - padding: 0 0 0 0.850rem !important; - margin: 0 !important; line-height: 1.3 !important; } @@ -76,7 +71,6 @@ .dark .vp-doc pre[class*='language-'] code { font-weight: 600 !important; line-height: 1.5 !important; - padding-left: 0 !important; } /* Right-align copy button at the end of codeblocks */ diff --git a/docs/knowledge-base/proxy/traefik/wildcard-certs.md b/docs/knowledge-base/proxy/traefik/wildcard-certs.md index 4da8bd366..33908be91 100644 --- a/docs/knowledge-base/proxy/traefik/wildcard-certs.md +++ b/docs/knowledge-base/proxy/traefik/wildcard-certs.md @@ -22,8 +22,8 @@ If you need fine-grained token, like with [Cloudflare](https://go-acme.github.io 1. Setup your wildcard subdomain DNS records, `*.coolify.io`. 2. Go to your Proxy settings (Servers / Proxy menu) and add the following configuration based on your [providers](https://doc.traefik.io/traefik/https/acme/#providers). The example will use `Hetzner` as a provider. -```bash -version: '3.8' +```yaml +name: coolify-proxy networks: coolify: external: true @@ -32,8 +32,8 @@ services: container_name: coolify-proxy image: 'traefik:v3.6' restart: unless-stopped - environment: - - HETZNER_API_TOKEN= + environment: # [!code focus] + - HETZNER_API_TOKEN= # [!code focus] extra_hosts: - 'host.docker.internal:host-gateway' networks: @@ -41,6 +41,7 @@ services: ports: - '80:80' - '443:443' + - '443:443/udp' - '8080:8080' healthcheck: test: 'wget -qO- http://localhost:80/ping || exit 1' @@ -49,7 +50,7 @@ services: retries: 5 volumes: - '/var/run/docker.sock:/var/run/docker.sock:ro' - - '/data/coolify/proxy:/traefik' + - '/data/coolify/proxy/:/traefik' command: - '--ping=true' - '--ping.entrypoint=http' @@ -58,28 +59,29 @@ services: - '--entrypoints.http.address=:80' - '--entrypoints.https.address=:443' - '--entrypoints.http.http.encodequerysemicolons=true' + - '--entryPoints.http.http2.maxConcurrentStreams=250' - '--entrypoints.https.http.encodequerysemicolons=true' + - '--entryPoints.https.http2.maxConcurrentStreams=250' + - '--entrypoints.https.http3' - '--providers.docker.exposedbydefault=false' - '--providers.file.directory=/traefik/dynamic/' - '--providers.file.watch=true' - # use dnschallenge instead of httpchallenge - # - '--certificatesresolvers.letsencrypt.acme.httpchallenge=true' - # - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http' - - '--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=hetzner' - - '--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0' + - '--certificatesresolvers.letsencrypt.acme.httpchallenge=true' # [!code --][!code focus] + - '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http' # [!code --][!code focus] + - '--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=hetzner' # [!code ++][!code focus] + - '--certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0' # [!code ++][!code focus] - '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json' - '--providers.docker=true' labels: - traefik.enable=true - traefik.http.routers.traefik.entrypoints=http - - traefik.http.routers.traefik.middlewares=traefik-basic-auth@file - traefik.http.routers.traefik.service=api@internal - - traefik.http.routers.traefik.tls.certresolver=letsencrypt - - traefik.http.routers.traefik.tls.domains[0].main=coolify.io - - traefik.http.routers.traefik.tls.domains[0].sans=*.coolify.io + - traefik.http.routers.traefik.tls.certresolver=letsencrypt # [!code focus] + - traefik.http.routers.traefik.tls.domains[0].main=coolify.io # [!code focus] + - traefik.http.routers.traefik.tls.domains[0].sans=*.coolify.io # [!code focus] - traefik.http.services.traefik.loadbalancer.server.port=8080 - - traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https - - traefik.http.middlewares.gzip.compress=true + - coolify.managed=true + - coolify.proxy=true ``` > You can also set `env_file` instead of `environment` in the example above, but then you need to create a `.env` file with the `HETZNER_API_TOKEN` variable on the server. @@ -94,63 +96,48 @@ If you would like to use one (wildcard) certificate for all of your resources, y It is useful, because Traefik do not need to generate a new certificate for every resource, so new deployments will be available immediately without waiting for the certificate generation. -- In your application, set your FQDN to a subdomain you would like to use: `https://example.coolify.io`. +- In your application, set your Domain to a subdomain you would like to use and press save: `https://example.coolify.io`. -```bash -traefik.enable=true -traefik.http.routers..rule=Host(`example.coolify.io`) && PathPrefix(`/`) -traefik.http.routers..entryPoints=https -traefik.http.routers..middlewares=gzip -traefik.http.routers..service= -traefik.http.routers..tls=true -traefik.http.services..loadbalancer.server.port=80 -traefik.http.routers..tls.certresolver=letsencrypt + + + -traefik.http.routers..rule=Host(`example.coolify.io`) && PathPrefix(`/`) -traefik.http.routers..entryPoints=http -traefik.http.routers..middlewares=redirect-to-https -``` ### SaaS Redirect all subdomains to one application. You can use this option if you want to use Coolify as a SaaS provider. -- In your application, leave the FQDN configuration `empty`. +- In your application, leave the Domain field `empty`. - Add the following custom label configuration: -:::tabs key:saas -== Traefik v3 +:::code-group -```bash +```traefik [Traefik v3] traefik.enable=true -traefik.http.routers..rule=HostRegexp(`^.+\.coolify\.io$`) +traefik.http.routers..entryPoints=http +traefik.http.routers..middlewares=redirect-to-https +traefik.http.routers..rule=HostRegexp(`^.+\.coolify\.io$`) # [!code highlight] traefik.http.routers..entryPoints=https traefik.http.routers..middlewares=gzip +traefik.http.routers..rule=HostRegexp(`^.+\.coolify\.io$`) # [!code highlight] traefik.http.routers..service= traefik.http.routers..tls.certresolver=letsencrypt -traefik.http.services..loadbalancer.server.port=80 traefik.http.routers..tls=true - -traefik.http.routers..rule=HostRegexp(`^.+\.coolify\.io$`) -traefik.http.routers..entryPoints=http -traefik.http.routers..middlewares=redirect-to-https +traefik.http.services..loadbalancer.server.port=80 ``` -== Traefik v2 - -```bash +```traefik [Traefik v2] traefik.enable=true -traefik.http.routers..rule=HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.coolify.io`) +traefik.http.routers..entryPoints=http +traefik.http.routers..middlewares=redirect-to-https +traefik.http.routers..rule=HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.coolify.io`) # [!code highlight] traefik.http.routers..entryPoints=https traefik.http.routers..middlewares=gzip +traefik.http.routers..rule=HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.coolify.io`) # [!code highlight] traefik.http.routers..service= traefik.http.routers..tls.certresolver=letsencrypt -traefik.http.services..loadbalancer.server.port=80 traefik.http.routers..tls=true - -traefik.http.routers..rule=HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.coolify.io`) -traefik.http.routers..entryPoints=http -traefik.http.routers..middlewares=redirect-to-https +traefik.http.services..loadbalancer.server.port=80 ``` ::: @@ -159,7 +146,8 @@ traefik.http.routers..middlewares=redirect-to-https > `traefik.http.services..loadbalancer.server.port` should be the same as your application listens on. Port 80 if you use a static deployment. +Read more about [HostRegexp](https://doc.traefik.io/traefik/routing/routers/#hostregexp) rule in the official Traefik documentation. + ::: warning Caution -You cannot use both configurations (Normal & SaaS) at the same time on one -server. +Your Application / Service needs to restart for domain changes to take effect. ::: diff --git a/docs/public/images/applications/domain.webp b/docs/public/images/applications/domain.webp new file mode 100644 index 000000000..06ff7225b Binary files /dev/null and b/docs/public/images/applications/domain.webp differ diff --git a/docs/public/images/knowledge-base/compose/domain.webp b/docs/public/images/knowledge-base/compose/domain.webp new file mode 100644 index 000000000..52e317274 Binary files /dev/null and b/docs/public/images/knowledge-base/compose/domain.webp differ