...
 
Commits (2)
# ignore the generated certificates
acme.json
*.key
*.pem
# accept invalid SSL certs for backends
InsecureSkipVerify = true
defaultEntryPoints = ["http", "https"]
[acme]
email = "hostmaster@zom.bi"
storage = "cert/acme.json"
entryPoint = "https"
onDemand = false
#OnHostRule = true
OnHostRule = false
[acme.httpChallenge]
entryPoint = "http"
[global]
checkNewVersion = false
sendAnonymousUsage = false
[entryPoints]
[entryPoints.http]
[entryPoints.web]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[web]
address = ":8080"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.localhost"
watch = true
exposedbydefault = false
# new domains and subdomains can be configured here.
# note that domains and subdomains not defined in this file will still work,
# when defined in a container Host-Rule. However, they will generate
# their own ACME request, and will count towards LetsEncrypt's rate limit.
[[acme.domains]]
main = "zom.bi"
sans = [
"conference.zom.bi",
"mumble.zom.bi",
"mx.zom.bi",
"user.zom.bi",
"xmpp.zom.bi",
"irc.zom.bi",
# web vhosts:
"api.zom.bi",
"autoconfig.zom.bi",
"blog.zom.bi",
"cloud.zom.bi",
"docker.zom.bi",
"download.zom.bi",
"gdpr.zom.bi",
"git.zom.bi",
"kanban.zom.bi",
"mail.zom.bi",
"music.zom.bi",
"org.zom.bi",
"ovpn.zom.bi",
"pad.zom.bi",
"push.zom.bi",
"static.zom.bi",
"stream.zom.bi",
"tube.zom.bi",
"upload.zom.bi",
"wiki.zom.bi",
"www.zom.bi",
# test subdomain
"test.zom.bi",
]
[[acme.domains]]
main = "suprememachines.de"
sans = [
"www.suprememachines.de",
"git.suprememachines.de",
"pad.suprememachines.de",
]
[[acme.domains]]
main = "aloneonline.net"
sans = ["www.aloneonline.net"]
[entryPoints.websecure]
address = ":443"
# You can define multiple of these blocks, each of which will result in one
# certificate.
#[[acme.domains]]
# main = "zombi.systems"
# sans = ["www.zombi.systems", "blog.zombi.systems"]
[log]
level = "DEBUG"
[accessLog]
format = "common"
filePath = "/dev/null"
[api]
dashboard = true
[ping]
[providers.docker]
network = "proxy_web"
exposedByDefault = false
defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
[certificatesResolvers.default.acme]
email = "hostmaster@zom.bi"
storage = "/cert/acme.json"
[certificatesResolvers.default.acme.httpChallenge]
entryPoint = "web"
[[tls.certificates]]
certFile = "cert/snakeoil.pem"
keyFile = "cert/snakeoil.key"
[[tls.certificates]]
certFile = "cert/bitmask.me.origin.pem"
keyFile = "cert/bitmask.me.origin.key"
[[tls.certificates]]
certFile = "cert/grun.host.origin.pem"
keyFile = "cert/grun.host.origin.key"
......@@ -2,8 +2,7 @@ version: '2'
services:
proxy:
image: traefik:1.7
command: --logLevel=ERROR
image: traefik:v2.1
ports:
- "80:80"
- "443:443"
......@@ -13,9 +12,29 @@ services:
- "./cert/:/cert/"
- "./config/:/etc/traefik/:ro"
labels:
- "traefik.enable=false" # set to true to expose the Monitoring & API
- "traefik.enable=true" # set to true to expose the Monitoring & API
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.backend=proxy"
- "traefik.port=8080"
# Password middleware
#- "traefik.http.middlewares.auth.basicauth.users=zombi:zombibi0815"
# Dashboard
- "traefik.http.routers.dashboard.rule=host(`test.zom.bi`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls.certresolver=default"
- "traefik.http.routers.dashboard.tls.domains[0].main=zom.bi"
- "traefik.http.routers.dashboard.tls.domains[0].sans=conference.zom.bi,mumble.zom.bi,mx.zom.bi,user.zom.bi,xmpp.zom.bi,irc.zom.bi,api.zom.bi,autoconfig.zom.bi,blog.zom.bi,cloud.zom.bi,docker.zom.bi,download.zom.bi,gdpr.zom.bi,git.zom.bi,kanban.zom.bi,mail.zom.bi,music.zom.bi,org.zom.bi,ovpn.zom.bi,pad.zom.bi,push.zom.bi,static.zom.bi,stream.zom.bi,tube.zom.bi,upload.zom.bi,wiki.zom.bi,www.zom.bi,test.zom.bi"
#- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
networks:
- "web"
......