heartshare

Description

This template runs my experimental traefik server for evaluating if i move to it from handcrafted nginx proxy.

State Considerations for SWARM

traefik requires a static configuration - you need to pick either file based on command line based you cannot mix these - for example if you put some settigs in the file doing additonal statci config via command line or env vars will be ignore i chose to put the static config in a traefik.yml file this seems to be considerd best practice in 2.6 by some i also configured a dynamic files folder - this is for aything that can't or shouldn't be configured in a docker file (middlewares, non-docker related routers etc)

Network Considerations

heartshare

Docker registry with basic auth and SSL certificate

Docker registry does not have authentication nor certificate mechanism so in case you have docker registry on the internet, you need something that support those in front of the registry. You can find examples using Nginx for it on the web and this is yet another one.

The architecture

Client talks to Nginx. Nginx proxies the request to the docker registry. The nginx is on the host OS - not as a container.

+-----------+     +--------------------------------------------------------+
|           |     |  Server                              Docker container  |

heartshare

# Download the legacy format for NGINX compatibility
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
# Unzip
gunzip Geo*.gz
# Copy to /usr/share/GeoIP/
cp Geo*.dat /usr/share/GeoIP/

heartshare

GeoIP Block NGINX Ubuntu 20.04

Block or filter IPs based on location in Nginx (tested on 1.18.0) on Ubuntu 20.04.

Install Nginx modules

To make use of the geographical filtering, we must first install the Nginx GeoIP module as well as the GeoIP database containing the mappings between visitors’ IP addresses and their respective countries. To do so, let’s execute:

$ sudo apt install libnginx-mod-http-geoip geoip-database

heartshare

$ ./configure --add-module=/home/svdgraaf/tmp/nginx/ngx_http_bytes_filter_module-57365655ee44 --with-http_geoip_module --add-module=/home/svdgraaf/tmp/nginx/ngx_secure_download

heartshare

# load dynamic modules
load_module /etc/nginx/modules/ngx_http_geoip_module.so;

user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log info;
pid        /var/run/nginx.pid;
events { worker_connections  1024; }

http {

heartshare

version: '3.4'

secrets:

  # Find your registration token at: "Your project" > "Settings" > "CI/CD" > "Runners settings" > "Specific Runners" (look for registration token)
  # Register it as `GITLAB_REGISTRATION_TOKEN`: `docker secret create GITLAB_REGISTRATION_TOKEN YOUR_REGISTRATION_TOKEN`
  GITLAB_REGISTRATION_TOKEN:
    external: true
  # Find your personal access token at: "Your user account" > "Settings" > "Access Tokens" > "Create personal access token" (for api)
  # Register it as `GITLAB_PERSONAL_ACCESS_TOKEN`: `docker secret create GITLAB_PERSONAL_ACCESS_TOKEN <YOUR ACCESS TOKEN>`

heartshare

image: docker:19.03

services:
  - name: docker:19.03-dind

variables:
  # ENABLE DOCKER BUILDKIT
  DOCKER_BUILDKIT: 1
  DOCKER_TLS_CERTDIR: "/certs"
  DOMAIN: futurofficevalencia.es

heartshare

Gitlab CI/CD

• Gitlab CI/CD
  • General
    • How to make my jobs execute in parallel?
    • How to execute a job only when some files were changed?
    • What about interactive jobs?
    • Extending/Templating jobs
    • Running locally
• Docker-in-Docker doesn't work in gitlab-runner exec docker

heartshare

variables:
  DOCKER_DRIVER: "overlay2"
  REPOSITORY_URL: "changeme:latest"

stages:
  - build
  - deploy

services:
  - docker:dind