Enable tls
parent
8e839b20e7
commit
c6847b23df
|
|
@ -17,10 +17,12 @@ local traefikLabels(name, host, port, extras) = toLabels({
|
||||||
'traefik.enable': 'true',
|
'traefik.enable': 'true',
|
||||||
['traefik.http.routers.%s.rule' % name]: 'Host(`%s.mat`)' % host,
|
['traefik.http.routers.%s.rule' % name]: 'Host(`%s.mat`)' % host,
|
||||||
['traefik.http.routers.%s.entrypoints' % name]: 'web',
|
['traefik.http.routers.%s.entrypoints' % name]: 'web',
|
||||||
['traefik.http.services.%s.loadbalancer.server.port' % name]: port,
|
['traefik.http.routers.%s-tls.rule' % name]: 'Host(`%s.home.mat.services`)' % host,
|
||||||
['traefik.http.routers.%s.service' % name]: '%s' % name,
|
['traefik.http.routers.%s-tls.entrypoints' % name]: 'web-tls',
|
||||||
'traefik.docker.network': 'traefik',
|
'traefik.docker.network': 'traefik',
|
||||||
} + extras);
|
} + extras + if port == null then {} else {
|
||||||
|
['traefik.http.services.%s.loadbalancer.server.port' % name]: port
|
||||||
|
});
|
||||||
|
|
||||||
local mkNetwork(svc) = if std.get(svc, 'gluetun', false) then {
|
local mkNetwork(svc) = if std.get(svc, 'gluetun', false) then {
|
||||||
network_mode: 'service:gluetun',
|
network_mode: 'service:gluetun',
|
||||||
|
|
@ -35,7 +37,12 @@ local mkService(name, svc) = svc {
|
||||||
+ if std.get(svc, 'docker', false)
|
+ if std.get(svc, 'docker', false)
|
||||||
then [dockerSocket]
|
then [dockerSocket]
|
||||||
else [],
|
else [],
|
||||||
labels: traefikLabels(name, std.get(svc, 'host', name), svc.webPort, optional(svc, 'traefik')),
|
labels: traefikLabels(
|
||||||
|
name,
|
||||||
|
std.get(svc, 'host', name),
|
||||||
|
svc.webPort,
|
||||||
|
optional(svc, 'traefik')
|
||||||
|
),
|
||||||
restart: std.get(svc, 'restart', 'always'),
|
restart: std.get(svc, 'restart', 'always'),
|
||||||
} + mkNetwork(svc);
|
} + mkNetwork(svc);
|
||||||
|
|
||||||
|
|
@ -70,7 +77,7 @@ local mediaMounts(mounts) = {
|
||||||
|
|
||||||
MediaMounts:: mediaMounts,
|
MediaMounts:: mediaMounts,
|
||||||
|
|
||||||
MediaService(name, tag='latest', env={}, mounts={}, webPort, ports=[], extras={}):: {
|
MediaService(name, tag='latest', env={}, mounts={}, webPort=null, ports=[], extras={}):: {
|
||||||
image: 'lscr.io/linuxserver/%s:%s' % [name, tag],
|
image: 'lscr.io/linuxserver/%s:%s' % [name, tag],
|
||||||
environment: mediaEnv + env,
|
environment: mediaEnv + env,
|
||||||
volumes: { ['media_%s_config' % name]: '/config' },
|
volumes: { ['media_%s_config' % name]: '/config' },
|
||||||
|
|
|
||||||
|
|
@ -24,9 +24,11 @@ function(secrets={})
|
||||||
WIREGUARD_ADDRESSES: std.get(secrets, 'WIREGUARD_ADDRESSES'),
|
WIREGUARD_ADDRESSES: std.get(secrets, 'WIREGUARD_ADDRESSES'),
|
||||||
},
|
},
|
||||||
ports: [
|
ports: [
|
||||||
Port(8888),
|
// http proxy
|
||||||
Port(8388),
|
// Port(8888),
|
||||||
Port(8388, kind='udp'),
|
// shadowsocks proxy
|
||||||
|
// Port(8388),
|
||||||
|
// Port(8388, kind='udp'),
|
||||||
],
|
],
|
||||||
webPort:: 8000,
|
webPort:: 8000,
|
||||||
volumes: { gluetun_data: '/gluetun' },
|
volumes: { gluetun_data: '/gluetun' },
|
||||||
|
|
@ -39,37 +41,47 @@ function(secrets={})
|
||||||
'providers.docker': 'true',
|
'providers.docker': 'true',
|
||||||
'providers.docker.exposedbydefault': 'false',
|
'providers.docker.exposedbydefault': 'false',
|
||||||
'entrypoints.web.address': ':80',
|
'entrypoints.web.address': ':80',
|
||||||
// 'entrypoints.websecure.address': ':443',
|
'entrypoints.web.http.redirections.entrypoint.to': 'web-tls',
|
||||||
|
'entrypoints.web-tls.address': ':443',
|
||||||
|
'entrypoints.web-tls.http.tls.domains[0].main': 'home.mat.services',
|
||||||
|
'entrypoints.web-tls.http.tls.domains[0].sans': '*.home.mat.services',
|
||||||
|
'entrypoints.web-tls.http.tls.certresolver': 'letsencrypt',
|
||||||
|
'certificatesresolvers.letsencrypt.acme.dnschallenge': true,
|
||||||
|
'certificatesresolvers.letsencrypt.acme.dnschallenge.provider': 'luadns',
|
||||||
|
'certificatesresolvers.letsencrypt.acme.email': 'mat@mat.services',
|
||||||
|
'certificatesresolvers.letsencrypt.acme.storage': '/letsencrypt/acme.json',
|
||||||
}),
|
}),
|
||||||
docker:: true,
|
docker:: true,
|
||||||
webPort:: 8080,
|
webPort:: 8080,
|
||||||
ports: [
|
ports: [
|
||||||
Port(80),
|
Port(80),
|
||||||
// Port(443),
|
Port(443),
|
||||||
],
|
],
|
||||||
|
environment: {
|
||||||
|
LUADNS_API_USERNAME: 'mat@mat.services',
|
||||||
|
LUADNS_API_TOKEN: std.get(secrets, 'LUADNS_API_TOKEN'),
|
||||||
|
},
|
||||||
traefik:: {
|
traefik:: {
|
||||||
// 'traefik.http.routers.http-catchall.rule': 'hostregexp(`{host:.+}`)'
|
// 'traefik.http.routers.http-catchall.rule': 'hostregexp(`{host:.+}`)'
|
||||||
// 'traefik.http.routers.http-catchall.entrypoints': 'web'
|
// 'traefik.http.routers.http-catchall.entrypoints': 'web'
|
||||||
// 'traefik.http.routers.http-catchall.middlewares': 'redirect-to-https'
|
// 'traefik.http.routers.http-catchall.middlewares': 'redirect-to-https'
|
||||||
// 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme': 'https'
|
// 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme': 'https'
|
||||||
},
|
},
|
||||||
|
volumes: { letsencrypt_data: '/letsencrypt' }
|
||||||
},
|
},
|
||||||
portainer: {
|
portainer: {
|
||||||
image: 'portainer/portainer-ce:latest',
|
image: 'portainer/portainer-ce:latest',
|
||||||
docker:: true,
|
docker:: true,
|
||||||
volumes: { portainer_portainer_data: '/data' },
|
volumes: { portainer_portainer_data: '/data' },
|
||||||
webPort:: 9000,
|
webPort:: 9000,
|
||||||
ports: [Port(9443)],
|
// useful when traefik is having issues
|
||||||
|
// ports: [Port(9443)],
|
||||||
},
|
},
|
||||||
deluge: MediaService(
|
deluge: MediaService(
|
||||||
name='deluge',
|
name='deluge',
|
||||||
env={ DELUGE_LOGLEVEL: 'error' },
|
env={ DELUGE_LOGLEVEL: 'error' },
|
||||||
mounts={ torrents: '/downloads' },
|
mounts={ torrents: '/downloads' },
|
||||||
webPort=8112,
|
webPort=8112,
|
||||||
// ports=[
|
|
||||||
// Port(54979),
|
|
||||||
// Port(54979, kind='udp'),
|
|
||||||
// ],
|
|
||||||
extras={ gluetun:: true },
|
extras={ gluetun:: true },
|
||||||
),
|
),
|
||||||
prowlarr: MediaService(
|
prowlarr: MediaService(
|
||||||
|
|
@ -128,15 +140,22 @@ function(secrets={})
|
||||||
devices: ['/dev/dri:/dev/dri'],
|
devices: ['/dev/dri:/dev/dri'],
|
||||||
webPort:: 32400,
|
webPort:: 32400,
|
||||||
ports: [
|
ports: [
|
||||||
|
// plex
|
||||||
Port(32400),
|
Port(32400),
|
||||||
|
// companion
|
||||||
Port(3005),
|
Port(3005),
|
||||||
Port(8324),
|
// dlna
|
||||||
Port(32469),
|
Port(32469),
|
||||||
Port(1900, kind='udp'),
|
Port(1900, kind='udp'),
|
||||||
|
// gdm network discovery
|
||||||
Port(32410, kind='udp'),
|
Port(32410, kind='udp'),
|
||||||
Port(32412, kind='udp'),
|
Port(32412, kind='udp'),
|
||||||
Port(32413, kind='udp'),
|
Port(32413, kind='udp'),
|
||||||
Port(32414, kind='udp'),
|
Port(32414, kind='udp'),
|
||||||
|
// bonjour/avahi
|
||||||
|
// Port(5353, kind='udp'),
|
||||||
|
// plex for roku via companion
|
||||||
|
// Port(8324),
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
archivebox: {
|
archivebox: {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue