Init nginx and traefik for paladin

2023-10-05 11:26:39 -07:00 · 2023-10-05 11:26:39 -07:00 · 6bd33a909b
commit 6bd33a909b
parent b03b63ab62
7 changed files with 101 additions and 0 deletions
--- a/paladin/config/nginx/docker-compose.yml
+++ b/paladin/config/nginx/docker-compose.yml
@ -0,0 +1,14 @@
+version: '3'
+services:
+  nginx:
+    image: nginx
+    container_name: nginx_test
+    networks:
+      - web
+    labels:
+      - traefik.http.routers.nginx.rule=Host(`nginx.druid.jafner.net`)
+      - traefik.http.routers.nginx.tls.certresolver=lets-encrypt
+
+networks:
+  web:
+    external: true
--- a/paladin/config/traefik/.env
+++ b/paladin/config/traefik/.env
@ -0,0 +1 @@
+DOCKER_DATA=/home/admin/data/traefik
--- a/paladin/config/traefik/config/middlewares.yaml
+++ b/paladin/config/traefik/config/middlewares.yaml
@ -0,0 +1,27 @@
+http:
+  middlewares:
+    lan-only:
+      ipWhiteList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "192.168.1.1/24"
+    securityheaders:
+      headers:
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
+          server: ""
+        sslProxyHeaders:
+          X-Forwarded-Proto: https
+        referrerPolicy: "same-origin"
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        customRequestHeaders:
+          X-Forwarded-Proto: "https"
+          X-Scheme: https
+        contentTypeNosniff: true
+        browserXssFilter: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsSeconds: 63072000
+        stsPreload: true
+
--- a/paladin/config/traefik/config/tls.yaml
+++ b/paladin/config/traefik/config/tls.yaml
@ -0,0 +1,4 @@
+tls:
+  options:
+    tls12:
+      minVersion: VersionTLS12
--- a/paladin/config/traefik/config/traefik_api.yaml
+++ b/paladin/config/traefik/config/traefik_api.yaml
@ -0,0 +1,8 @@
+http:
+  routers:
+    api:
+      rule: "Host(`traefik.druid.jafner.net`)"
+      entryPoints: "websecure"
+      service: "api@internal"
+      tls:
+        certResolver: "lets-encrypt"
--- a/paladin/config/traefik/docker-compose.yml
+++ b/paladin/config/traefik/docker-compose.yml
@ -0,0 +1,19 @@
+version: "3"
+services:
+  traefik:
+    container_name: traefik_traefik
+    image: traefik:latest
+    restart: "no"
+    networks:
+      - web
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik.yaml:/traefik.yaml
+      - ./config:/config
+      - $DOCKER_DATA/acme.json:/acme.json
+networks:
+  web:
+    external: true
--- a/paladin/config/traefik/traefik.yaml
+++ b/paladin/config/traefik/traefik.yaml
@ -0,0 +1,28 @@
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: :443
+
+certificatesResolvers:
+  lets-encrypt:
+    acme:
+      email: jafner425@gmail.com
+      storage: acme.json
+      tlsChallenge: {}
+
+api: 
+  insecure: true
+  dashboard: true
+
+providers:
+  docker:
+    watch: true
+    network: web
+  file:
+    directory: /config