From 662b777ed81a694245ab6040429e30f156c524de Mon Sep 17 00:00:00 2001 From: josiah Date: Mon, 13 Apr 2020 22:02:18 -0500 Subject: [PATCH] Update bad mediaserver configs. this is broken!!!! --- ansible/roles/mediaserver/tasks/main.yml | 2 +- .../mediaserver/templates/traefik-compose.yml | 69 ++++++++++++------- .../roles/mediaserver/templates/traefik.toml | 54 +++++++-------- .../roles/mediaserver/templates/traefik.yml | 11 ++- 4 files changed, 79 insertions(+), 57 deletions(-) diff --git a/ansible/roles/mediaserver/tasks/main.yml b/ansible/roles/mediaserver/tasks/main.yml index 70e57e3..6f9c6da 100644 --- a/ansible/roles/mediaserver/tasks/main.yml +++ b/ansible/roles/mediaserver/tasks/main.yml @@ -70,6 +70,6 @@ - name: Deploy traefik service docker_stack: state: present - name: traefik-app + name: mediaserver compose: - /home/josiah/apps/traefik/traefik-compose.yml diff --git a/ansible/roles/mediaserver/templates/traefik-compose.yml b/ansible/roles/mediaserver/templates/traefik-compose.yml index 07c382a..c7d6e5d 100644 --- a/ansible/roles/mediaserver/templates/traefik-compose.yml +++ b/ansible/roles/mediaserver/templates/traefik-compose.yml @@ -1,45 +1,62 @@ +--- version: '3' - services: traefik: - image: traefik:alpine - command: |- - --entryPoints="Name:http Address::80 Redirect.EntryPoint:https" - --entryPoints="Name:https Address::443 TLS" - --defaultentrypoints="http,https" - --accesslogsfile="/var/log/access.log" - --acme - --acme.acmelogging="true" - # Change this to an actual email address - --acme.email="me@jowj.net" - --acme.entrypoint="https" - --acme.storage="/acme/acme.json" - --acme.onhostrule="true" - --docker - --docker.swarmmode - # Change this to your primary domain - --docker.domain="home.jowj.net" - --docker.watch - --web + image: traefik:v2.0 + command: --web --docker --docker.swarmmode --docker.watch --docker.domain="hatchery.home.jowj.net" --logLevel=DEBUG + container_name: traefik ports: + - 8080:8080 - 80:80 - 443:443 - - 8080:8080 - networks: - - traefik_public volumes: - traefik_acme:/acme/ - traefik_logs:/var/log/access.log - /var/run/docker.sock:/var/run/docker.sock + - /home/josiah/apps/traefik/traefik.toml:/etc/traefik/traefik.toml + networks: + - pubnet + - privnet deploy: placement: constraints: - - node.role == manager - + - node.role == manager + labels: + - "traefik.enable=true" + - "traefik.http.routers.mediaserver-traefik-api.rule=Host(`hatchery.home.jowj.net`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))" + - "traefik.http.routers.mediaserver-traefik-api.service=api@internal" + - "traefik.http.routers.mediaserver-traefik-api.entrypoints=http" + + hydra2: + image: linuxserver/hydra2:latest + container_name: hydra2 + hostname: hydra2 + volumes: + - /home/josiah/apps/hydra2/:/config + - /home/josiah/Downloads/usenet-complete/:/downloads + environment: + PGID: 1000 + PUID: 1000 + TZ: American/Chicago + deploy: + labels: + - "traefik.enable=true" + - "traefik.http.routers.hydra2.service=hydra2" + - "traefik.http.routers.hydra2.rule=Host(`hatchery.home.jowj.net`) && PathPrefix(`/hydra2`))" + - "traefik.http.routers.hydra2.entrypoints=http" + - "traefik.http.services.hydra2.loadbalancer.server.port=5076" + networks: + - privnet + volumes: traefik_acme: traefik_logs: networks: - traefik_public: + pubnet: external: true +networks: + pubnet: + driver: overlay + privnet: + driver: overlay diff --git a/ansible/roles/mediaserver/templates/traefik.toml b/ansible/roles/mediaserver/templates/traefik.toml index 78379f9..4cead55 100644 --- a/ansible/roles/mediaserver/templates/traefik.toml +++ b/ansible/roles/mediaserver/templates/traefik.toml @@ -1,36 +1,34 @@ -checkNewVersion = true +# defaultEntryPoints must be at the top +# because it should not be in any table below + defaultEntryPoints = ["http", "https"] -# This section enable LetsEncrypt automatic certificate generation / renewal -[acme] -email = "me@jowj.net" -storage = "acme.json" # or "traefik/acme/account" if using KV store -entryPoint = "https" -acmeLogging = true -onDemand = true -OnHostRule = true - -# Request wildcard certificates per https://docs.traefik.io/configuration/acme/#wildcard-domains -[[acme.domains]] - main = "hatchery.jowj.net" - sans = ["jowj.net"] - -# Redirect all HTTP to HTTPS (why wouldn't you?) +[log] + level = "DEBUG" + +[api] + dashboard = true + [entryPoints] [entryPoints.http] - address = ":80" - [entryPoints.http.redirect] - entryPoint = "https" + address = ":80" [entryPoints.https] - address = ":443" - [entryPoints.https.tls] + address = ":443" + +[http.middlewares] + [http.middlewares.mediaserver-https-redir.redirectScheme] + scheme = "https" + permanent = true + +[certificatesResolvers.mediaserver-resolver.acme] + storage = "/acme.json" + email = "" + -[web] -address = ":8080" -watch = true +[providers.docker] [docker] -endpoint = "tcp://127.0.0.1:2375" -domain = "home.jowj.net" -watch = true -swarmmode = true + endpoint = "unix:///var/run/docker.sock" + domain = "hatchery.home.jowj.net" + watch = true + exposedbydefault = false diff --git a/ansible/roles/mediaserver/templates/traefik.yml b/ansible/roles/mediaserver/templates/traefik.yml index 7c42f49..cfabc7a 100644 --- a/ansible/roles/mediaserver/templates/traefik.yml +++ b/ansible/roles/mediaserver/templates/traefik.yml @@ -11,12 +11,19 @@ services: deploy: replicas: 0 networks: - - public + - pubnet networks: - public: + pubnet: driver: overlay attachable: true ipam: config: - subnet: 172.16.200.0/24 + privnet: + driver: overlay + attachable: true + ipam: + config: + - subnet: 172.16.219.0/24 +