diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000000000000000000000000000000000000..9c562bd1f916aaad7aef03ec2af22650cc38129d --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_style = space +indent_size = 2 +insert_final_newline = true +trim_trailing_whitespace = true + +[*.{markdown,md}] +trim_trailing_whitespace = false diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000000000000000000000000000000000..6313b56c57848efce05faa7aa7e901ccfc2886ea --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* text=auto eol=lf diff --git a/.gitignore b/.gitignore index 4b9708214ee9ce78e8115439703c20cd071b1efb..e68eca4b701455c02921cbda2f6eaf7d7715b17c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,89 +1,27 @@ -# File created using '.gitignore Generator' for Visual Studio Code: https://bit.ly/vscode-gig - -# Created by https://www.toptal.com/developers/gitignore/api/windows,macos,linux -# Edit at https://www.toptal.com/developers/gitignore?templates=windows,macos,linux - -### Linux ### -*~ - -# temporary files which can be created if a process still has a handle open of a deleted file -.fuse_hidden* - -# KDE directory preferences -.directory - -# Linux trash folder which might appear on any partition or disk -.Trash-* - -# .nfs files are created when an open file is removed but is still being accessed -.nfs* - -### macOS ### -# General -.DS_Store -.AppleDouble -.LSOverride - -# Icon must end with two \r -Icon - -# Thumbnails -._* - -# Files that might appear in the root of a volume -.DocumentRevisions-V100 -.fseventsd -.Spotlight-V100 -.TemporaryItems -.Trashes -.VolumeIcon.icns -.com.apple.timemachine.donotpresent - -# Directories potentially created on remote AFP share -.AppleDB -.AppleDesktop -Network Trash Folder -Temporary Items -.apdisk - -### Windows ### -# Windows thumbnail cache files -Thumbs.db -Thumbs.db:encryptable -ehthumbs.db -ehthumbs_vista.db - -# Dump file -*.stackdump - -# Folder config file -[Dd]esktop.ini - -# Recycle Bin used on file shares -$RECYCLE.BIN/ - -# Windows Installer files -*.cab -*.msi -*.msix -*.msm -*.msp - -# Windows shortcuts -*.lnk - -# End of https://www.toptal.com/developers/gitignore/api/windows,macos,linux - -# Custom rules (everything added below won't be overriden by 'Generate .gitignore File' if you use 'Update' option) - -.env -docker-compose.yml - -config/**/*.json -config/**/*.toml -config/certs/** -custom/** +* + +!/.github/ +!/config/ +!/config/acme/ +!/config/certs/ +!/config/files/ +!/custom/ +!/references/ + +!/.github/FUNDING.yml +!/config/files/middlewares_basic.toml +!/config/files/tls.toml +!/references/info.yml +!/references/traefik.sample.toml + +!/.editorconfig +!/.gitattributes +!/.gitignore +!/.markdownlint.yml +!/CODE_OF_CONDUCT.md +!/LICENSE +!/README.md +!/sample..env +!/sample.docker-compose.yml !.keep -!config/files/middlewares_basic.toml -!config/files/tls.toml diff --git a/.markdownlint.yml b/.markdownlint.yml new file mode 100644 index 0000000000000000000000000000000000000000..229b58f58bcc34428be693edb5eef4fa0d7a7f8d --- /dev/null +++ b/.markdownlint.yml @@ -0,0 +1 @@ +MD033: false diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 1dd899201772f033ff60c0e3021106f1006de465..9a8f1b70846a5b06c37c97f30a4262e1ca21daf2 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -45,16 +45,16 @@ or harmful. Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for -moderation decisions when appropriate. +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. ## Scope This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail -address, posting via an official social media account, or acting as an -appointed representative at an online or offline event. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. ## Enforcement @@ -116,13 +116,17 @@ the community. This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. +[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0]. -Community Impact Guidelines were inspired by [Mozilla's code of conduct -enforcement ladder](https://github.com/mozilla/diversity). - -[homepage]: https://www.contributor-covenant.org +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available +at [https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/README.md b/README.md index 9bba288b2cf7a01e3cc7488f37ce39f998a85ce1..a73c31bb73169d74f1987e8bcd38182ed60c8caf 100644 --- a/README.md +++ b/README.md @@ -1,114 +1,113 @@ -[](https://github.com/RichardLitt/standard-readme/blob/master/example-readmes/minimal-readme.md) [](https://www.repostatus.org/#active) <a href="https://liberapay.com/benz0li/donate"><img src="https://liberapay.com/assets/widgets/donate.svg" alt="Donate using Liberapay" height="20"></a> - # Træfik +<!-- markdownlint-disable line-length --> +[](https://github.com/RichardLitt/standard-readme/blob/master/example-readmes/minimal-readme.md) [](https://www.repostatus.org/#active) <a href="https://liberapay.com/benz0li/donate"><img src="https://liberapay.com/assets/widgets/donate.svg" alt="Donate using Liberapay" height="20"></a> +<!-- markdownlint-enable line-length --> + [This project](https://gitlab.com/b-data/docker/deployments/traefik) serves as -a template to run [Træfik](https://hub.docker.com/_/traefik) v2.8 in a docker +a template to run [Træfik](https://hub.docker.com/_/traefik) v2.11 in a docker container using docker compose. The goal is to set up a TLS termination proxy for all Docker containers providing web services on a **single host**. -**Features** +Features: -* Automatic creation/renewal of Let's Encrypt certificates (HTTP challenge). -* Provision of the following basic Middlewares: - * RedirectScheme: Redirect from HTTP to HTTPS - * RateLimit: Limit to a _fair_ amount of requests - * average: 100 requests per second - * burst: 50 requests (per second) - * Headers: HTTP Strict Transport Security with long duration -* Provision of three configurations (modern, intermediate [default], old) for - TLS. - → See [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org) - for more information. -* Use of an [.env file](https://docs.docker.com/compose/env-file/) for - [variable substitution in the Compose file](https://docs.docker.com/compose/compose-file/#variable-substitution). - +* Automatic creation/renewal of Let's Encrypt certificates (HTTP challenge). +* Provision of the following basic Middlewares: + * RedirectScheme: Redirect from HTTP to HTTPS + * RateLimit: Limit to a _fair_ amount of requests + * average: 100 requests per second + * burst: 50 requests (per second) + * Headers: HTTP Strict Transport Security with long duration +* Provision of three configurations (modern, intermediate [default], old) for + TLS. + → See [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org) + for more information. +* Use of an [.env file](https://docs.docker.com/compose/env-file/) for + [variable substitution in the Compose file](https://docs.docker.com/compose/compose-file/#variable-substitution). -**About træfik** +About træfik: -* Homepage: https://traefik.io/traefik/ -* Documentation: https://doc.traefik.io/traefik/ +* Homepage: <https://traefik.io/traefik/> +* Documentation: <https://doc.traefik.io/traefik/> ## Table of Contents -* [Prerequisites](#prerequisites) -* [Install](#install) -* [Usage](#usage) -* [Contributing](#contributing) -* [License](#license) +* [Prerequisites](#prerequisites) +* [Install](#install) +* [Usage](#usage) +* [Contributing](#contributing) +* [License](#license) ## Prerequisites For the HTTP challenge you require: -* A publicly accessible host allowing connections on port 80 & 443. -* A DNS record for the domain you want to expose pointing to this host. +* A publicly accessible host allowing connections on port 80 & 443. +* A DNS record for the domain you want to expose pointing to this host. ## Install To install docker and docker compose, follow the instructions for your platform: -* [Install Docker Engine | Docker Documentation > Supported platforms](https://docs.docker.com/engine/install/#supported-platforms) - * Includes Docker Compose V2 -* [Post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/) +* [Install Docker Engine | Docker Documentation > Supported platforms](https://docs.docker.com/engine/install/#supported-platforms) + * Includes Docker Compose V2 +* [Post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/) ## Usage -1. Create an external docker network named "webproxy": - ```bash - docker network create webproxy - ``` -1. Change file mode of `config/acme`: - ```bash - chmod go+w config/acme - ``` -1. Make a copy of all `sample.` files: - ```bash - for file in sample.*; do cp "$file" "${file#sample.}"; done; - ``` -1. Update environment variables `TF_ACME_EMAIL` and `TF_CERTRESOLVER_NAME1` in - '.env': - * Replace `postmaster@mydomain.com` with a valid email address of yours. - * Replace `mydomain-com` with a suitable name to identify this certificate - resolvers configuration. - → Dots (`.`) in the name are not allowed! -1. Start the container in detached mode: - ```bash - docker compose up -d - ``` +1. Create an external docker network named "webproxy": + + docker network create webproxy + +1. Change file mode of `config/acme`: + + chmod go+w config/acme + +1. Make a copy of all `sample.` files: + + for file in sample.*; do cp "$file" "${file#sample.}"; done; + +1. Update environment variables `TF_ACME_EMAIL` and `TF_CERTRESOLVER_NAME1` in + '.env': + * Replace `postmaster@mydomain.com` with a valid email address of yours. + * Replace `mydomain-com` with a suitable name to identify this certificate + resolvers configuration. + → Dots (`.`) in the name are not allowed! +1. Start the container in detached mode: + + docker compose up -d `docker compose` commands must be run in the root directory of the project, i.e. where 'docker-compose.yml' is located! ### Test -1. Uncomment lines 43 to 55 in 'docker-compose.yml' to enable service "whoami" - and configure as follows: - * Replace `whoami.mydomain.com` with the intended domain from - [Prerequisites](#prerequisites). - * Replace `mydomain-com` with the value set for `TF_CERTRESOLVER_NAME1` in - '.env'. -2. Start the container in detached mode: - ```bash - docker compose up -d - ``` -3. Wait a bit and visit http://whoami.mydomain.com to confirm everything went -fine. +1. Uncomment lines 43 to 55 in 'docker-compose.yml' to enable service "whoami" + and configure as follows: + * Replace `whoami.mydomain.com` with the intended domain from + [Prerequisites](#prerequisites). + * Replace `mydomain-com` with the value set for `TF_CERTRESOLVER_NAME1` in + '.env'. +2. Start the container in detached mode: + + docker compose up -d + +3. Wait a bit and visit <http://whoami.mydomain.com> to confirm everything went + fine. ### Debugging -Use [docker logs](https://docs.docker.com/engine/reference/commandline/logs/) -to see the output of the container: +Use [docker logs](https://docs.docker.com/engine/reference/commandline/logs/) to +see the output of the container: -```bash -docker logs webproxy-traefik-1 -``` + docker logs webproxy-traefik-1 ## Contributing -PRs accepted. +PRs accepted. Please submit to the +[GitLab repository](https://gitlab.com/b-data/docker/deployments/traefik). This project follows the [Contributor Covenant](https://www.contributor-covenant.org) diff --git a/references/info.yml b/references/info.yml index ccf18c5f0bdd48723e3f8673da18b780b79529ba..8e5854f7548a94ef3cb05dc3272e734754f51bc3 100644 --- a/references/info.yml +++ b/references/info.yml @@ -1,4 +1,4 @@ -sources: +sources: - file_name: traefik.sample.toml url: https://raw.githubusercontent.com/traefik/traefik/master/traefik.sample.toml - date: 2021-10-07 + date: 2023-02-20 diff --git a/sample..env b/sample..env index c87ab1195cc3c4e3b97642eed29b531732e8cb9c..cf3c4df81fcb2a649c188563991ac0d920640069 100644 --- a/sample..env +++ b/sample..env @@ -7,7 +7,7 @@ COMPOSE_PROJECT_NAME=webproxy TF_HOME= ## Version -TF_VERSION=2.9 +TF_VERSION=2.11 ## Certificate Resolvers TF_ACME_EMAIL=postmaster@mydomain.com