Created
December 10, 2019 13:54
-
-
Save xvzf/151cd1b67d32483e1cf91d9846e61d09 to your computer and use it in GitHub Desktop.
Traefik Docker
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: "3.1" | |
services: | |
db: | |
image: postgres:11.4-alpine | |
restart: always | |
environment: | |
POSTGRES_USER: gitea | |
POSTGRES_DB: gitea | |
POSTGRES_PASSWORD: gitea | |
volumes: | |
- db_data:/var/lib/postgres/data | |
networks: | |
- internal | |
labels: | |
- "traefik.enable=false" | |
gitea: | |
image: gitea/gitea:latest | |
restart: always | |
depends_on: | |
- db | |
volumes: | |
- /opt/gitea/data:/data | |
ports: | |
- "22:22" | |
environment: | |
- USER_UID=1000 | |
- USER_GID=1000 | |
- DB_TYPE=postgres | |
- DB_HOST=db:5432 | |
- DB_NAME=gitea | |
- DB_USER=gitea | |
- DB_PASSWD=gitea | |
networks: | |
internal: | |
aliases: | |
- internal | |
"{{ traefik.docker_network }}": | |
aliases: | |
- gitea_ext | |
labels: | |
- "traefik.enable=true" | |
- "traefik.docker.network={{ traefik.docker_network }}" | |
- "traefik.rocketlan.frontend.rule=Host:{{ gitea.hostname }}" | |
- "traefik.rocketlan.backend=gitea_ext" | |
- "traefik.rocketlan.port=3000" | |
volumes: | |
db_data: | |
networks: | |
internal: | |
{{ traefik.docker_network }}: | |
external: | |
name: "{{ traefik.docker_network }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
debug = false | |
logLevel = "ERROR" | |
defaultEntryPoints = ["https","http"] | |
[entryPoints] | |
[entryPoints.http] | |
address = ":80" | |
[entryPoints.http.redirect] | |
entryPoint = "https" | |
[entryPoints.https] | |
address = ":443" | |
[entryPoints.https.tls] | |
[retry] | |
[docker] | |
endpoint = "unix:///var/run/docker.sock" | |
domain = "{{ traefik.domain }}" | |
watch = true | |
exposedbydefault = false | |
[acme] | |
email = "{{ traefik.acme_email }}" | |
storage = "acme.json" | |
entryPoint = "https" | |
onHostRule = true | |
[acme.httpChallenge] | |
entryPoint = "http" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Traefik configuration directories | |
file: | |
path: /etc/traefik | |
state: directory | |
- name: Traefik configuration | |
template: | |
src: traefik.toml | |
dest: /etc/traefik/traefik.toml | |
mode: 0644 | |
backup: yes | |
- name: ACME storage | |
file: | |
path: /etc/traefik/acme.json | |
state: file | |
mode: 0600 | |
backup: yes | |
ignore_errors: yes | |
register: acme_storage_check | |
- name: Create ACME storage file | |
file: | |
path: /etc/traefik/acme.json | |
state: touch | |
mode: 0600 | |
when: acme_storage_check.state == "absent" | |
- name: Create docker network for web applications | |
docker_network: | |
name: "{{ traefik.docker_network }}" | |
enable_ipv6: yes | |
ipam_config: | |
- subnet: fd00:dead:b33f::/48 | |
- name: Traefik container | |
docker_container: | |
name: traefik | |
image: "{{ traefik.image }}" | |
state: started | |
restart_policy: always | |
command: --api --docker | |
ports: | |
- "80:80" # HTTP endpoint | |
- "443:443" # HTTPS endpoint | |
- "127.0.0.1:8080:8080" # API Port | |
networks_cli_compatible: yes | |
networks: | |
- name: "{{ traefik.docker_network }}" | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- /etc/traefik/traefik.toml:/traefik.toml | |
- /etc/traefik/acme.json:/acme.json | |
- name: Whoami | |
docker_container: | |
name: whoami_health | |
image: containous/whoami # A container that exposes an API to show its IP address | |
networks_cli_compatible: yes | |
networks: | |
- name: "{{ traefik.docker_network }}" | |
labels: | |
traefik.frontend.rule: "Host:whoami.{{ traefik.domain }}" | |
- name: Create IPv6 NAT Container | |
docker_container: | |
name: ipv6nat | |
image: robbertkl/ipv6nat | |
state: started | |
restart_policy: always | |
privileged: true | |
network_mode: host | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock:ro | |
- /lib/modules:/lib/modules:ro |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment