Add traefik improvements: proxy to nginx, use .yml instead of .toml

4 years ago · 93839ce21d
parent eb1491863e
commit 93839ce21d
4 changed files with 79 additions and 153 deletions
--- a/ansible/roles/awfulAll/tasks/main.yml
+++ b/ansible/roles/awfulAll/tasks/main.yml
@ -62,13 +62,15 @@
 #     dest: /home/josiah/apps/znc/
 #     version: master

- name: copy over awful-All compose file
+- name: copy over awful-All config files
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0777
  with_items:
    - {src: 'awful-compose.yml', dest: '/home/josiah/apps/awful/docker-compose.yml'}
+    - {src: 'traefik.yml', dest: '/home/josiah/apps/awful/traefik.yml'}
+    - {src: 'awful.club.html', dest: '/home/josiah/apps/awful/awful.club.html'}        

 - name: Deploy awful stack
  docker_stack:
--- a/ansible/roles/awfulAll/templates/awful-compose.yml
+++ b/ansible/roles/awfulAll/templates/awful-compose.yml
@ -8,167 +8,43 @@ volumes:
  nextcloud:
  db:
  traefik_acme:
-  traefik_logs:    
+  traefik_logs:
+  nginx_logs:
    
-services:
+services:      
+
  traefik:
-    image: traefik
-    networks:
-      - pubnet    
-    command: --web --docker --docker.swarmmode --docker.watch --logLevel=DEBUG
+    image: "traefik:v2.2"
    ports:
-      - 80:80
-      - 443:443
-      - 5000:5000
-    volumes:
-      - traefik_acme:/acme/
-      - traefik_logs:/var/log/access.log
-      - /var/run/docker.sock:/var/run/docker.sock
-      - /home/josiah/apps/traefik/traefik.toml:/traefik.toml
-    deploy:
-      mode: global      
-      placement:
-        constraints:
-          - node.role == manager
-    labels:
-      - "traefik.enable=true"    
-      - "traefik.http.routers.awfulAll-traefik-api.rule=Host(`awful-1.awful.club`)&&(PathPrefix(`/api`)||PathPrefix(`/dashboard`)||PathPrefix(`/debug`))"
-      - "traefik.http.routers.awfulAll-traefik-api.service=api@internal"
-      - "traefik.http.routers.awfulAll-traefik-api.entrypoints=http"
-
-  whoami:
-    image: containous/whoami:latest
-    networks:
-      - pubnet
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.awfulAll-whoami.rule=Host(`awful-1.awful.club`) && PathPrefix(`/whoami`)"
-      - "traefik.http.routers.awfulAll-whoami.service=awfulAll-whoami"
-      - "traefik.http.services.awfulAll-whoami.loadbalancer.server.port=80"      
-      
-  mojo-web:
-    build: 
-      context: /home/josiah/apps/mojo/mojo-web/
-      dockerfile: Dockerfile      
-    image: mojo-web
+      - "80:80"
+      - "443:443"
+      - "222:222"
+      - "8080:8080"
    environment:
-      SLACK_BOT_TOKEN: {{ slack_bot_token }}
+      DO_AUTH_TOKEN: "{{ DO_AUTH_TOKEN }}"
    volumes:
-      - /mnt/volume_sfo2_znc/:/shared/
+      - "/home/josiah/apps/awful/letsencrypt/:/letsencrypt"
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "/home/josiah/apps/test/traefik.yml:/etc/traefik/traefik.yml"
+      - traefik_logs:/log

-  mojo-rtm:
-    build: 
-      context: /home/josiah/apps/mojo/mojo-rtm/ 
-      dockerfile: Dockerfile
-    image: mojo-rtm      
-    environment:
-      SLACK_BOT_TOKEN: {{ slack_bot_token }}
-    volumes:
-      - /mnt/volume_sfo2_znc/:/shared/
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.services.awfulAll-mojo-rtm.loadbalancer.server.port=443"
-      - "traefik.http.routers.awfulAll-mojo-rtm.service=awfulAll-mojo-rtm"
-      - "traefik.http.routers.awfulAll-mojo-rtm.rule=Host(`slack.awful.club`)"
-      
-  arke:
-    build: 
-      context: /home/josiah/apps/arke/
-      dockerfile: Dockerfile
-    image: arke
-    volumes:
-      - /mnt/volume_sfo2_znc/:/shared/
-
-  znc:
-    build: 
-      context: /home/josiah/apps/znc/
-      dockerfile: Dockerfile
-    image: znc      
-    ports:
-      - 5000:5000
-    volumes:
-      - /mnt/volume_sfo2_znc/:/znc-data
+  whoami:
+    image: "containous/whoami"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.services.awfulAll-mojo-rtm.loadbalancer.server.port=5000"
-      - "traefik.http.routers.awfulAll-mojo-rtm.service=awfulAll-znc"
-      - "traefik.http.routers.awfulAll-mojo-rtm.rule=Host(`bouncer.awful.club`)"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.awful.club`)"
+      - "traefik.http.routers.whoami.entrypoints=websecure"
+      - "traefik.http.routers.whoami.tls.certresolver=awful-letsencrypt"

-  gitea-server:
-    image: gitea/gitea:latest
-    environment:
-      - USER_UID=1000
-      - USER_GID=1000
-      - DB_TYPE=postgres
-      - DB_HOST=db:5432
-      - DB_NAME={{ GITEA_DB_NAME }}
-      - DB_USER={{ GITEA_DB_USER }}
-      - DB_PASSWD={{ GITEA_DB_PASSWD }}
-    restart: always
-    networks:
-      - gitea
+  nginx: 
+    image: nginx:1.17.10
    volumes:
-      - /mnt/volume_sfo2_01/gitea:/data
-    ports:
-      - "3000:3000"
-      - "222:22"
-    depends_on:
-      - db
+      - /etc/nginx/:/etc/nginx/
+      - /etc/letsencrypt/:/etc/letsencrypt/
+      - /home/josiah/apps/awful/awful.club.html:/var/www/awful.club/html/index.html
+      - nginx_logs:/log
    labels:
      - "traefik.enable=true"
-      - "traefik.services.awfulAll-gitea.port=222"
-      - "traefik.http.services.awfulAll-gitea.loadbalancer.server.port=3000"
-      - "traefik.http.routers.awfulAll-gitea.service=awfulAll-znc"
-      - "traefik.http.routers.awfulAll-gitea.rule=Host(`git.awful.club`)"      
-
-  gitea-db:
-    image: postgres:9.6
-    restart: always
-    environment:
-      - POSTGRES_USER={{ GITEA_POSTGRES_USER }}
-      - POSTGRES_PASSWORD={{ GITEA_POSTGRES_USER }}
-      - POSTGRES_DB={{ GITEA_POSTGRES_USER }}
-    networks:
-      - gitea
-    volumes:
-      - /mnt/volume_sfo2_01/psql:/var/lib/postgresql/data
-
-  nextcloud-db:
-    image: postgres:9.6
-    ports:
-      - 5432:5432
-    restart: always
-    volumes:
-      - /mnt/shared_document_store/nextcloud/sql:/var/lib/postgresql
-    environment:
-      - USER_UID=1000
-      - USER_GID=1000
-      - POSTGRES_ROOT_PASSWORD={{ NEXTCLOUD_POSTGRES_ROOT_PASSWORD }}
-      - POSTGRES_PASSWORD={{ NEXTCLOUD_POSTGRES_PASSWORD }}
-      - POSTGRES_DB={{ NEXTCLOUD_POSTGRES_DATABASE }}
-      - POSTGRES_USER={{ NEXTCLOUD_POSTGRES_USER }}
-      - POSTGRES_HOST={{ NEXTCLOUD_POSTGRES_HOST }}
-      - NEXTCLOUD_ADMIN_USER={{ NEXTCLOUD_ADMIN_USER }}
-      - NEXTCLOUD_ADMIN_PASSWORD={{ NEXTCLOUD_ADMIN_PASSWORD }}
-
-  nextcloud-app:
-    image: nextcloud:18
-    ports:
-      - 8080:80
-    links:
-      - nextcloud-db
-    volumes:
-      - /mnt/shared_document_store/nextcloud/html/:/var/www/html/
-    depends_on:
-      - nextcloud-db
-    environment:
-      - USER_UID=1000
-      - USER_GID=1000      
-      - POSTGRES_ROOT_PASSWORD={{ NEXTCLOUD_POSTGRES_ROOT_PASSWORD }}
-      - POSTGRES_PASSWORD={{ NEXTCLOUD_POSTGRES_PASSWORD }}
-      - POSTGRES_DB={{ NEXTCLOUD_POSTGRES_DATABASE }}
-      - POSTGRES_USER={{ NEXTCLOUD_POSTGRES_USER }}
-      - POSTGRES_HOST={{ NEXTCLOUD_POSTGRES_HOST }}
-      - NEXTCLOUD_ADMIN_USER={{ NEXTCLOUD_ADMIN_USER }}
-      - NEXTCLOUD_ADMIN_PASSWORD={{ NEXTCLOUD_ADMIN_PASSWORD }}
-      
+      - "traefik.http.routers.nginx.rule=Host(`awful.club`)||Host(`jowj.net`)"
+      - "traefik.http.routers.nginx.entrypoints=websecure"
+      - "traefik.http.routers.nginx.tls.certresolver=awful-letsencrypt"
--- a/ansible/roles/awfulAll/templates/awful.club.html
+++ b/ansible/roles/awfulAll/templates/awful.club.html
@ -0,0 +1,9 @@
+<html>
+    <head>
+        <title>welcome to awful.club</title>
+    </head>
+    <body>
+        <h1>Success!  The awful.club server block is working!</h1>
+	<p> you made it past the traefik config to the nginx config
+    </body>
+</html>
--- a/ansible/roles/awfulAll/templates/traefik.yml
+++ b/ansible/roles/awfulAll/templates/traefik.yml
@ -0,0 +1,39 @@
+# defaultEntryPoints must be at the top
+# because it should not be in any table below
+defaultEntryPoints: ["http", "https"]
+
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: true
+api:
+  dashboard: false
+  debug: true
+  insecure: false
+entryPoints:
+  ssh: 
+    address: ":22"
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+
+providers:
+  docker:
+    watch: true
+    swarmMode: false
+    endpoint: "unix:///var/run/docker.sock"
+    exposedbydefault: false
+certificatesResolvers:
+  awful-letsencrypt:
+    acme:
+      email: "me@jowj.net"
+      storage: "/letsencrypt/acme.json"
+      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+      dnsChallenge:
+        provider: "digitalocean"
+log:
+  filePath: "/log/traefik.log"
+  level: DEBUG
+accessLog:
+  filePath: "/log/access.log"
+  bufferingSize: 100