Last active
September 15, 2023 09:01
-
-
Save falkheiland/1e94eeb12a8b603433caa6022088a16e to your computer and use it in GitHub Desktop.
configure traefik for use with scriptrunner in docker swarm mode
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.8" | |
| services: | |
| traefik: | |
| image: traefik:2.10.0 | |
| ports: | |
| - target: 80 | |
| published: 80 | |
| mode: host | |
| - target: 443 | |
| published: 443 | |
| mode: host | |
| deploy: | |
| mode: global | |
| placement: | |
| constraints: | |
| - node.role == manager | |
| update_config: | |
| parallelism: 1 | |
| delay: 10s | |
| failure_action: rollback | |
| restart_policy: | |
| condition: on-failure | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.constraint-label=proxy" | |
| volumes: | |
| - /etc/localtime:/etc/localtime:ro | |
| - /var/run/docker.sock:/var/run/docker.sock:ro | |
| networks: | |
| - proxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # dynamic configuration | |
| # dyn.yml | |
| tls: | |
| options: | |
| default: | |
| minVersion: VersionTLS12 | |
| cipherSuites: | |
| - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
| - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | |
| - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | |
| - TLS_AES_128_GCM_SHA256 | |
| - TLS_AES_256_GCM_SHA384 | |
| - TLS_CHACHA20_POLY1305_SHA256 | |
| curvePreferences: | |
| - CurveP521 | |
| - CurveP384 | |
| sniStrict: true | |
| certificates: | |
| - certFile: /etc/certs/domain.tld.crt | |
| keyFile: /etc/certs/domain.tld.key | |
| tcp: | |
| routers: | |
| # ScriptRunner | |
| scriptrunner: | |
| entryPoints: | |
| - "https" | |
| rule: "HostSNI(`host.domain.tld`)" | |
| tls: | |
| options: default | |
| passthrough: true | |
| service: scriptrunner | |
| services: | |
| # ScriptRunner | |
| scriptrunner: | |
| loadBalancer: | |
| servers: | |
| - address: "sr-server.domain.tld:443" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.8" | |
| services: | |
| traefik: | |
| volumes: | |
| - /mnt/gv0/stack-traefik/conf/swarmX/traefik/:/etc/traefik/ | |
| - /mnt/gv0/stack-traefik/data/swarmX/traefik/certs/:/etc/certs/ | |
| - /mnt/gv0/stack-traefik/data/swarmX/traefik/logs:/var/log/ | |
| deploy: | |
| labels: | |
| - "traefik.http.routers.traefik.entrypoints=http" | |
| - "traefik.http.routers.traefik.rule=HostRegexp(`{subdomain:swarm[A-Z]+}.domain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`) || PathPrefix(`/metrics`))" | |
| - "traefik.http.routers.traefik.middlewares=default-https-redirect@file" | |
| - "traefik.http.routers.traefik-secure.entrypoints=https" | |
| - "traefik.http.routers.traefik-secure.rule=HostRegexp(`{subdomain:swarm[A-Z]+}.domain.tld`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`) || PathPrefix(`/metrics`))" | |
| - "traefik.http.routers.traefik-secure.middlewares=default-auth@file" | |
| - "traefik.http.routers.traefik-secure.tls=true" | |
| - "traefik.http.routers.traefik-secure.tls.domains.main=`domain.tld`" | |
| - "traefik.http.routers.traefik-secure.tls.domains.sans=`*.domain.tld`" | |
| - "traefik.http.routers.traefik-secure.service=api@internal" | |
| - "traefik.http.services.traefik.loadbalancer.server.port=8080" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| api: | |
| dashboard: true | |
| insecure: true | |
| debug: true | |
| entryPoints: | |
| http: | |
| address: ":80" | |
| https: | |
| address: ":443" | |
| providers: | |
| docker: | |
| constraints: "Label(`traefik.constraint-label`, `proxy`)" | |
| swarmMode: true | |
| endpoint: "unix:///var/run/docker.sock" | |
| exposedByDefault: false | |
| network: "proxy" | |
| file: | |
| filename: "/etc/traefik/dyn.yml" | |
| watch: true | |
| log: | |
| filePath: "/var/log/traefik.log" | |
| format: json | |
| level: "ERROR" #DEBUG, PANIC, FATAL, ERROR, WARN, and INFO | |
| # Limiting the Logs to Specific Fields | |
| accessLog: | |
| filePath: "/var/log/access.log" | |
| format: json | |
| fields: | |
| defaultMode: keep | |
| names: | |
| ClientUsername: drop | |
| headers: | |
| defaultMode: keep | |
| names: | |
| User-Agent: keep #redact | |
| Authorization: keep #drop | |
| Content-Type: keep | |
| serversTransport: | |
| insecureSkipVerify: true |
update the files and description for the use with ScriptRunner Version 6.9 where no IIS is used anymore.
changed baseuri containing file to C:\Program Files\ScriptRunner\Service\uri.js + C:\Program Files\ScriptRunner\Service\ScriptRunnerService.config
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
added comment to repeat after update:
from https://host.domain.tld to sr-server.domain.tld
C:\Program Files\ScriptRunner\WebApps\AdminApp\uri.js
C:\Program Files\ScriptRunner\WebApps\Portal\app.json
and:
Set-AsrURI -SSLCertThumbprint THUMBPRINT -SSLReplaceExisting -SSLEnable -Restart