Skip to content

Instantly share code, notes, and snippets.

@Taluu

Taluu/docker-compose.yaml Secret

Last active March 18, 2020 16:46
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Taluu/a49c0fa367cf6f7bc5986f0d738e55db to your computer and use it in GitHub Desktop.
Save Taluu/a49c0fa367cf6f7bc5986f0d738e55db to your computer and use it in GitHub Desktop.
Download ZIP
Raw
docker-compose.yaml
version: '3'
services:
reverse-proxy:
image: traefik:v2.1
ports:
- "80:80"
- "443:443"
- "8080:8080"
- "3000:3000"
volumes:
- ./.docker/nginx/config/certs:/etc/certs:ro
- ./.docker/traefik/dynamic.yaml:/etc/traefik/dynamic.yaml:ro
- ./.docker/traefik/static.yaml:/etc/traefik/traefik.yaml:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
lambda-sign:
image: 643090997553.dkr.ecr.eu-west-1.amazonaws.com/meero-com/meero-lambda-sign:1.0.0-master
environment:
AWS_SIGN_SECRET:
JWT_SIGN_SECRET:
labels:
- "traefik.enable=true"
# 80, redirect onto secured 3000
- "traefik.http.routers.lambda-sign-http.entrypoints=http"
- "traefik.http.routers.lambda-sign-http.middlewares=redirectNodeSecure@file"
- "traefik.http.routers.lambda-sign-http.rule=Host(`dev.meero`) && Path(`/upload/v4/sign`)"
# 443, redirect onto secured 3000
- "traefik.http.routers.lambda-sign-https.tls=true"
- "traefik.http.routers.lambda-sign-https.entrypoints=https"
- "traefik.http.routers.lambda-sign-https.middlewares=redirectNodeSecure@file"
- "traefik.http.routers.lambda-sign-https.rule=Host(`dev.meero`) && Path(`/upload/v4/sign`)"
# 3000 unsecured, redirect onto secured 3000
- "traefik.http.routers.lambda-sign.entrypoints=node"
- "traefik.http.routers.lambda-sign.middlewares=redirectNodeSecure@file"
- "traefik.http.routers.lambda-sign.rule=Host(`dev.meero`) && Path(`/upload/v4/sign`)"
# 3000 secured
- "traefik.http.routers.lambda-sign-secured.tls=true"
- "traefik.http.routers.lambda-sign-secured.entrypoints=node"
- "traefik.http.routers.lambda-sign-secured.rule=Host(`dev.meero`) && Path(`/upload/v4/sign`)"
socket-hub:
image: 643090997553.dkr.ecr.eu-west-1.amazonaws.com/meero-com/meero-realtime-notification:0.0.1-latest
labels:
- "traefik.enable=true"
# 80, redirect onto secured 443
- "traefik.http.routers.socket-hub-http.entrypoints=http"
- "traefik.http.routers.socket-hub-http.middlewares=redirectNodeSecure@file"
- "traefik.http.routers.socket-hub-http.rule=Host(`hub.dev.meero`) && PathPrefix(`/`)"
# 443
- "traefik.http.routers.socket-hub-https.tls=true"
- "traefik.http.routers.socket-hub-https.entrypoints=https"
- "traefik.http.routers.socket-hub-https.rule=Host(`hub.dev.meero`) && PathPrefix(`/`)"
Raw
dynamic.yaml
http:
middlewares:
redirectNodeSecure:
redirectScheme:
scheme: https
port: 3000
tls:
stores:
default: {}
certificates:
- certFile: /etc/certs/wildcard-meero.crt
keyFile: /etc/certs/wildcard-meero.key
stores:
- default
options:
default:
minVersion: "VersionTLS12"
cipherSuites:
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
Raw
static.yaml
global:
sendAnonymousUsage: false
log:
level: INFO
format: common
entrypoints:
http: &entrypoint
address: :80
forwardedHeaders:
insecure: true
proxyProtocol:
insecure: true
https:
<<: *entrypoint
address: :443
node:
<<: *entrypoint
address: :3000
api:
insecure: true
dashboard: true
providers:
docker:
watch: true
exposedByDefault: false
file:
watch: true
directory: /etc/traefik
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment