agents4you/devtools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Configure traefik

Browse Source
This commit is contained in:
mrkuz
2026-06-14 22:21:58 +02:00
parent 8e687edeb0
commit e7c69475a6
8 changed files with 130 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
+1
View File
@@ -0,0 +1 @@
.env
sync.sh
Executable
+12
View File
@@ -0,0 +1,12 @@
#!/usr/bin/env bash
set -e
REMOTE_HOST="135.125.232.253"
REMOTE_USER="ubuntu"
REMOTE_DIR="/home/${REMOTE_USER}/compose/traefik"
rsync -avz --progress \
-e "ssh -o StrictHostKeyChecking=no" \
--exclude 'acme.json' \
./traefik/ \
"${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_DIR}/"
traefik/.env.template
+2
View File
@@ -0,0 +1,2 @@
CF_API_EMAIL=markus@bitsandbobs.net
CF_API_KEY=YOUR_CLOUDFLARE_API_TOKEN_HERE
traefik/acme.json
+6
View File
@@ -0,0 +1,6 @@
{
"let's encrypt": {
"email": "markus@bitsandbobs.net",
"caaPropagationTimeout": 30
}
}
traefik/config.yml
+30
View File
@@ -0,0 +1,30 @@
api:
dashboard: true
insecure: false
entryPoints:
http:
address: ":80"
https:
address: ":443"
http:
tls:
certResolver: letsencrypt
certificateResolvers:
letsencrypt:
acme:
email: markus@bitsandbobs.net
storage: /acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
providers:
file:
filename: /etc/traefik/middleware.yml
docker:
network: public
exposedByDefault: false
traefik/docker-compose.yml
+41
View File
@@ -0,0 +1,41 @@
services:
traefik:
image: traefik:v3.7.5
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- "80:80"
- "443:443"
environment:
- CF_API_EMAIL=${CF_API_EMAIL}
- CF_API_KEY=${CF_API_KEY}
env_file:
- .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config.yml:/etc/traefik/traefik.yml:ro
- ./middleware.yml:/etc/traefik/middleware.yml:ro
- ./acme.json:/acme.json
networks:
- public
whoami:
image: traefik/whoami
container_name: whoami
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.bnb1.net`)"
- "traefik.http.routers.whoami.entrypoints=https"
- "traefik.http.routers.whoami.middlewares=secure-headers@file"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
networks:
- public
networks:
public:
name: public
traefik/middleware.yml
+9
View File
@@ -0,0 +1,9 @@
http:
middlewares:
secure-headers:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
vps.md
+29 -3
View File
@@ -8,14 +8,40 @@
Copy ssh key: `ssh-copy-id ubuntu@135.125.232.2` Copy ssh key: `ssh-copy-id ubuntu@135.125.232.2`
# DNS # DNS - Namecheap
| Type | Host | Value | TTL | Custom DNS
- dilbert.ns.cloudflare.com
- virginia.ns.cloudflare.com
# DNS - Cloudlflare
| Name | Type | Content | TTL |
| --- | --- | --- | --- | | --- | --- | --- | --- |
| A | `*` | 135.125.232.253 | Automatic| | `*.bnb1.net` | A | 135.125.232.253 | Auto|
# Ansible # Ansible
```bash ```bash
cd ansible && ansible-playbook docker.yml cd ansible && ansible-playbook docker.yml
``` ```
# Treafik
## Create Cloudflare API Token
Profile -> API Tokens -> Create Token -> Edit Zone DNS Template -> Select domain in Zone Resources -> Continue to summary
Add to `traefik/.env`.
## Sync files
`./sync-files.sh`
## Run
```sh
cd $HOME/compose/traefik
docker compose up -d
```