Marcelo Ochoa marcelo-ochoa

## docker-compose-portainer.yml
version: '3.6'

services:
  agent:
    image: portainer/agent
    environment:
      AGENT_CLUSTER_ADDR: tasks.portainer_agent
      # AGENT_PORT: 9001
      # LOG_LEVEL: debug
    volumes:

## docker-compose.yml
version: "3.6"

services:
    whoami:
        image: traefik/whoami:v1.6.0
        deploy:
            mode: replicated
            replicas: 1
            labels:
                - traefik.enable=true

## create-lb-certs.sh
#!/bin/bash
cd /etc/letsencrypt
cert_number=$(ls csr/|tail -1|sed s/_.*//)
cert_name=$RENEWED_DOMAINS-$cert_number
echo $cert_name
/root/bin/oci lb certificate create --load-balancer-id $OCID --certificate-name $cert_name --public-certificate-file /etc/letsencrypt/live/$RENEWED_DOMAINS/cert.pem --private-key-file /etc/letsencrypt/live/$RENEWED_DOMAINS/privkey.pem
sleep 30
/root/bin/oci lb listener update --force --listener-name lb_ssl --default-backend-set-name bs_default --port 443 --protocol HTTP --load-balancer-id $OCID --ssl-certificate-name $cert_name

## registry.conf
upstream docker-registry {
    server 10.0.1.20:5000;
    server 10.0.1.22:5000;
}

## Set a variable to help us decide if we need to add the
## 'Docker-Distribution-Api-Version' header.
## The registry always sets this header.
## In the case of nginx performing auth, the header is unset
## since nginx is auth-ing before proxying.

## nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;

## portainer.conf
upstream portainer {
    server 10.0.1.20:9000;
    server 10.0.1.22:9000;
}

server {
  listen 80;
  server_name portainer.mydomain.com;

  location / {

## docker-compose-nginx.yml
version: '3.6'

services:
  server:
    image: nginx
    hostname: www.mydomain.com
    networks:
      - lb_network
    ports:
      - "80:80"

## docker-compose-registry.yml
version: '3.6'

services:
  registry:
    image: registry:2
    ports:
      - "5000:5000"
    networks:
      - lb_network
    volumes:

## registry-ui.conf
upstream registry-ui {
    server 10.0.1.20:5008;
    server 10.0.1.22:5008;
}

server {
  listen 80;
  server_name registry-ui.mydomain.com;

  location / {

## whoami-tls.yaml
# whoami-tls.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: app-tls
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
	version: '3.6'

	services:
	agent:
	image: portainer/agent
	environment:
	AGENT_CLUSTER_ADDR: tasks.portainer_agent
	# AGENT_PORT: 9001
	# LOG_LEVEL: debug
	volumes:
	version: "3.6"

	services:
	whoami:
	image: traefik/whoami:v1.6.0
	deploy:
	mode: replicated
	replicas: 1
	labels:
	- traefik.enable=true
	#!/bin/bash
	cd /etc/letsencrypt
	cert_number=$(ls csr/\|tail -1\|sed s/_.*//)
	cert_name=$RENEWED_DOMAINS-$cert_number
	echo $cert_name
	/root/bin/oci lb certificate create --load-balancer-id $OCID --certificate-name $cert_name --public-certificate-file /etc/letsencrypt/live/$RENEWED_DOMAINS/cert.pem --private-key-file /etc/letsencrypt/live/$RENEWED_DOMAINS/privkey.pem
	sleep 30
	/root/bin/oci lb listener update --force --listener-name lb_ssl --default-backend-set-name bs_default --port 443 --protocol HTTP --load-balancer-id $OCID --ssl-certificate-name $cert_name
	upstream docker-registry {
	server 10.0.1.20:5000;
	server 10.0.1.22:5000;
	}

	## Set a variable to help us decide if we need to add the
	## 'Docker-Distribution-Api-Version' header.
	## The registry always sets this header.
	## In the case of nginx performing auth, the header is unset
	## since nginx is auth-ing before proxying.

	user nginx;
	worker_processes 1;

	error_log /var/log/nginx/error.log warn;
	pid /var/run/nginx.pid;


	events {
	worker_connections 1024;
	upstream portainer {
	server 10.0.1.20:9000;
	server 10.0.1.22:9000;
	}

	server {
	listen 80;
	server_name portainer.mydomain.com;

	location / {
	version: '3.6'

	services:
	server:
	image: nginx
	hostname: www.mydomain.com
	networks:
	- lb_network
	ports:
	- "80:80"
	version: '3.6'

	services:
	registry:
	image: registry:2
	ports:
	- "5000:5000"
	networks:
	- lb_network
	volumes:
	upstream registry-ui {
	server 10.0.1.20:5008;
	server 10.0.1.22:5008;
	}

	server {
	listen 80;
	server_name registry-ui.mydomain.com;

	location / {
	# whoami-tls.yaml
	apiVersion: traefik.containo.us/v1alpha1
	kind: IngressRoute
	metadata:
	name: app-tls
	spec:
	entryPoints:
	- websecure
	routes:
	- kind: Rule