Skip to content

Instantly share code, notes, and snippets.

@squizduos

squizduos/README.md

Created October 31, 2019 15:48
Show Gist options
  • Save squizduos/7f5b3c92956b60b43a11506a689124e7 to your computer and use it in GitHub Desktop.
Save squizduos/7f5b3c92956b60b43a11506a689124e7 to your computer and use it in GitHub Desktop.
Download ZIP
traefik with Docker Registry and VS Code
Raw
README.md

traefik

Env:

CONFIGS=/srv/config
EMAIL=squizduos@gmail.com
DOMAIN=sqds.me
RESTARTS=unless-stopped
Raw
code-server.yml
version: '3'
networks:
web:
external: true
volumes:
ide-config:
external: true
ide-data:
external: true
services:
ide:
image: codercom/code-server:v2
container_name: ide
command: --auth none --disable-telemetry
restart: ${RESTARTS:-no}
networks:
- web
volumes:
- ide-config:/home/coder/.local/share/code-server
- ide-data:/home/coder/projects
- ${VOLUMES_DIR:-/var/lib/docker/volumes}:/home/coder/volumes
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:ide.${DOMAIN:-localhost}
- "traefik.frontend.auth.basic=${CODE_SERVER_REPLACE}."
- traefik.port=8080
- traefik.tags=ide
- traefik.docker.network=web
Raw
registry.yml
version: '3'
networks:
web:
external: true
volumes:
registry:
external: true
services:
registry:
image: registry:2
container_name: registry
restart: ${RESTARTS:-no}
networks:
- web
volumes:
- ${CONFIGS:-/srv/config}/registry:/etc/docker/registry
- registry:/var/lib/registry
environment:
REGISTRY_AUTH: htpasswd
REGISTRY_AUTH_HTPASSWD_PATH: /etc/docker/registry/htpasswd
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:registry.${DOMAIN:-localhost}
- traefik.port=5000
- traefik.tags=registry
- traefik.docker.network=web
registry_ui:
image: joxit/docker-registry-ui:static
container_name: registry_ui
restart: ${RESTARTS:-no}
networks:
- web
environment:
- REGISTRY_URL=http://registry:5000
- REGISTRY_TITLE=Squizduos Container Registry
- DELETE_IMAGES=true
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:ui.registry.${DOMAIN:-localhost}
- traefik.port=80
- traefik.tags=credentials
- traefik.docker.network=web
Raw
registry_config.yml
version: 0.1
log:
fields:
service: registry
storage:
delete:
enabled: true
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
Access-Control-Allow-Origin: ['https://ui.registry.sqds.me']
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE']
Access-Control-Allow-Headers: ['Authorization']
Access-Control-Max-Age: [1728000]
Access-Control-Allow-Credentials: [true]
Access-Control-Expose-Headers: ['Docker-Content-Digest']
Raw
traefik.toml
# Traefik will listen for traffic on both HTTP and HTTPS.
defaultEntryPoints = ["http", "https"]
# Network traffic will be entering our Docker network on the usual web ports
# (ie, 80 and 443), where Traefik will be listening.
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
usersFile = "htpasswd"
[entryPoints.http]
address = ":80"
# Uncomment the following two lines to redirect HTTP to HTTPS.
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# These options are for Traefik's integration with Docker.
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
network = "web"
[api]
entryPoint = "dashboard"
[acme]
storage = "acme.json"
onHostRule = true
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
[log]
format = "json"
level = "DEBUG"
Raw
traefik.yml
version: '3'
networks:
web:
external: true
services:
# Traefik is a reverse proxy. It handles SSL and passes traffic to
# Docker containers via rules you define in docker-compose labels.
# Its dashboard is at http://example.com/traefik/ (behind a login).
traefik:
image: traefik:1.7.13-alpine
container_name: traefik
# env_file:
# - ${CONFIGS:-/srv/config}/traefik/app.env
command: >
--acme.email="${EMAIL:-root@localhost}"
--acme.onhostrule
--acme.acmelogging
--docker.domain=${DOMAIN:-localhost}
restart: ${RESTARTS:-no}
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Access to Docker
- ${CONFIGS:-/srv/config}/traefik/acme.json:/acme.json # Traefik configuration
- ${CONFIGS:-/srv/config}/traefik/htpasswd:/htpasswd
- ${CONFIGS:-/srv/config}/traefik/traefik.toml:/traefik.toml
# - traefik:/data
ports:
# Map port 80 and 443 on the host to this container.
- "80:80"
- "443:443"
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:traefik.${DOMAIN:-localhost}
- traefik.port=8080
- traefik.tags=base
Raw
vault.yml
version: '3'
networks:
web:
external: true
volumes:
vault:
external: true
services:
vault:
image: vault
container_name: vault
command: server -config=/config/config.json
restart: ${RESTARTS:-no}
networks:
- web
volumes:
- vault:/vault
- ${CONFIGS:-/srv/config}/vault:/config
environment:
- VAULT_ADDR=http://0.0.0.0:8200
cap_add:
- IPC_LOCK
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:vault.${DOMAIN:-localhost}
- traefik.port=8200
- traefik.tags=credentials
- traefik.docker.network=web
Raw
vault_config.json
{
"backend": {
"file": {
"path": "/vault/file"
}
},
"listener": {
"tcp":{
"address": "0.0.0.0:8200",
"tls_disable": 1
}
},
"ui": true
}
Raw
watchtower.yml
version: '3'
networks:
web:
external: true
services:
# Watchtower detects if any linked containers have an new image
# available, automatically updating & restarting them if needed.
watchtower:
image: v2tec/watchtower:latest
container_name: watchtower
command: --cleanup --interval 300
restart: ${RESTARTS:-no}
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${CONFIGS:-/srv/config}/watchtower/config.json:/config.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment