-
-
Save kdes70/4b06d65c30dce5ab708c9f4edd101e2f to your computer and use it in GitHub Desktop.
Web app with HTTPS, based on proxy Traefik and Nuxt.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# my_frontend/docker-compose.yml | |
version: '3.7' | |
services: | |
my_frontend: | |
container_name: my_frontend | |
networks: | |
- my_network | |
restart: unless-stopped | |
security_opt: | |
- no-new-privileges:true | |
build: . | |
env_file: | |
- .env | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.frontend.entrypoints=https" | |
- "traefik.http.routers.frontend.rule=Host(`domain.com`) && (PathPrefix(`/frontend`) || PathPrefix(`/_nuxt`))" | |
- "traefik.http.routers.frontend.tls.certresolver=letsEncrypt" | |
- "traefik.http.services.frontend.loadbalancer.server.port=8090" | |
networks: | |
my_network: | |
external: true | |
name: "my_network" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# reverse-proxy/docker-compose.yml | |
version: '3.7' | |
services: | |
traefik: | |
image: traefik:v2.2 | |
container_name: traefik | |
command: | |
- "--log.level=DEBUG" | |
networks: | |
- my_network | |
restart: unless-stopped | |
security_opt: | |
- no-new-privileges:true | |
ports: | |
- 80:80 | |
- 443:443 | |
- 8090:8090 | |
volumes: | |
- /etc/localtime:/etc/localtime:ro | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- ./data/traefik.yml:/traefik.yml:ro | |
- ./data/custom/:/custom/:ro | |
- ./data/acme.json:/acme.json | |
labels: | |
- "traefik.enable=true" | |
- "traefik.http.routers.traefik.entrypoints=https" | |
- "traefik.http.routers.traefik.rule=Host(`domain.com`)" | |
- "traefik.http.routers.traefik.tls=true" | |
- "traefik.http.routers.traefik.tls.certresolver=letsEncrypt" | |
- "traefik.http.routers.traefik.service=api@internal" | |
- "traefik.http.services.traefik.loadbalancer.server.port=888" | |
# Auth Middleware | |
- "traefik.http.middlewares.traefik-auth.basicauth.users=your_username_here:your_password_here" | |
- "traefik.http.routers.traefik.middlewares=traefik-auth" | |
networks: | |
my_network: | |
external: true | |
name: "my_network" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# my_frontend/Dockerfile | |
### STAGE 1: Build ### | |
FROM node:latest as build | |
RUN mkdir /usr/src/app | |
WORKDIR /usr/src/app | |
ENV PATH /usr/src/app/node_modules/.bin:$PATH | |
COPY package.json /usr/src/app/package.json | |
RUN npm install --silent | |
COPY . /usr/src/app | |
RUN npm run generate | |
### STAGE 2: NGINX ### | |
FROM nginx:stable-alpine | |
COPY --from=build /usr/src/app/docker /usr/share/nginx/html/ | |
RUN rm /etc/nginx/conf.d/* | |
COPY nginx/main.conf /etc/nginx/conf.d/ | |
EXPOSE 8090 | |
CMD ["nginx", "-g", "daemon off;"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# reverse-proxy/data/custom/host.yml | |
http: | |
routers: | |
host: | |
entryPoints: | |
- https | |
service: service-host | |
rule: Host(`domain.com`) | |
tls: | |
certResolver: letsEncrypt | |
services: | |
service-host: | |
loadBalancer: | |
servers: | |
- url: "http://127.0.0.1:8080" | |
passHostHeader: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# my_frontend/nginx/main.conf | |
map $sent_http_content_type $expires { | |
"text/html" epoch; | |
"text/html; charset=utf-8" epoch; | |
default off; | |
} | |
server { | |
listen 8090; | |
server_name localhost; | |
charset utf-8; | |
client_max_body_size 10M; | |
gzip on; | |
gzip_types text/plain application/xml text/css application/javascript; | |
gzip_min_length 1000; | |
#charset koi8-r; | |
# access_log logs/host.access.log main; | |
location / { | |
absolute_redirect off; | |
root /usr/share/nginx/html/dist; | |
try_files $uri $uri/ /index.html; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# reverse-proxy/data/traefik.yml | |
api: | |
dashboard: true | |
entryPoints: | |
http: | |
address: ":80" | |
https: | |
address: ":443" | |
http: | |
routers: | |
http-catchall: | |
rule: hostregexp(`{any:.+}`) | |
entrypoints: | |
- http | |
middlewares: | |
- redirect-to-https | |
middlewares: | |
redirect-to-https: | |
redirectScheme: | |
scheme: https | |
permanent: true | |
port: "443" | |
providers: | |
docker: | |
endpoint: "unix:///var/run/docker.sock" | |
exposedByDefault: false | |
file: | |
directory: /custom | |
watch: true | |
certificatesResolvers: | |
letsEncrypt: | |
acme: | |
email: postmailer@mail.com | |
storage: acme.json | |
#caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" | |
httpChallenge: | |
entryPoint: http |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment