lfache
/ docker-compose.yaml
Created
July 15, 2020 12:46
Hardened Traefik sample with whoami + HTTPS everywhere/redirect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.8" | |
| services: | |
| dockerproxy: | |
| image: tecnativa/docker-socket-proxy | |
| environment: | |
| - CONTAINERS=1 | |
| networks: | |
| - socket_docker | |
| volumes: | |
| - "/var/run/docker.sock:/var/run/docker.sock" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| db: | |
| build: db | |
| read_only: true | |
| restart: unless-stopped | |
| volumes: | |
| - ./volumes/db/var/lib/postgresql/data:/var/lib/postgresql/data | |
| - /etc/localtime:/etc/localtime:ro | |
| environment: |
lfache
/ docker-compose-mattermost-web.yaml
Created
June 25, 2020 11:24
Remove this line on docker-compose.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| web: | |
| build: web | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| read_only: true | |
| restart: unless-stopped | |
| volumes: | |
| # This directory must have cert files if you want to enable SSL | |
| - ./volumes/web/cert:/cert:ro |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app: | |
| build: | |
| context: app | |
| # uncomment following lines for team edition or change UID/GID | |
| args: | |
| - edition=team | |
| - PUID=1000 | |
| - PGID=1000 | |
| restart: unless-stopped |
lfache
/ gist:dcb7cd368c27ecdea3b1158f71290a98
Last active
June 11, 2020 07:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| labels: | |
| traefik.enable: true | |
| traefik.docker.network: traefik_web | |
| traefik.http.routers.nextcloud.entrypoints: websecure | |
| traefik.http.routers.nextcloud.rule: 'Host(`${NEXTCLOUD_URL}`)' | |
| traefik.http.services.nextcloud.loadbalancer.server.port: 80 | |
| traefik.http.middlewares.nextcloud-headers.headers.referrerpolicy: "same-origin" | |
| traefik.http.routers.nextcloud.middlewares: 'nextcloud-headers' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| package_update: true | |
| packages: | |
| - btrfs-progs | |
| - conmon | |
| - git | |
| - golang-go | |
| - go-md2man | |
| - iptables |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| labels: | |
| traefik.enable: true | |
| traefik.docker.network: traefik_web | |
| traefik.http.services.matomo.loadbalancer.server.port: 80 | |
| traefik.http.routers.matomo.rule: Host(`${MATOMO_URL}`) | |
| traefik.http.routers.matomo.entrypoints: websecure |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.7" | |
| services: | |
| database: | |
| image: mariadb:10 | |
| command: --max-allowed-packet=64MB | |
| restart: unless-stopped | |
| volumes: | |
| - db:/var/lib/mysql | |
| environment: | |
| MYSQL_RANDOM_ROOT_PASSWORD: 'yes' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| az container create \ | |
| --resource-group myResourceGroup \ | |
| --name mycontainer \ | |
| --image mcr.microsoft.com/azuredocs/aci-helloworld \ | |
| --dns-name-label aci-demo \ | |
| --ports 80 |
lfache
/ gist:c57fb826e1fa236d5f99f3894969281a
Created
May 26, 2020 21:03
Modify Traefik container for HTTP to HTTPS redirect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| containers: | |
| - name: traefik | |
| image: traefik:v2.2 | |
| args: | |
| - --api.insecure | |
| - --accesslog | |
| - --entrypoints.web.Address=:80 | |
| - --entrypoints.websecure.Address=:443 | |
| - --providers.kubernetescrd | |
| - --entrypoints.web.http.redirections.entryPoint.to=:443 |
NewerOlder