dalphinloser/odoocker
1
0
Fork 0
mirror of https://github.com/odoocker/odoocker synced 2025-11-04 15:19:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16 from codeagencybe/main

Browse Source 
Fabio | Feature | Traefik reverse proxy
This commit is contained in:
Yhael S
2024-01-20 05:16:28 -07:00
committed by GitHub
parent 7568dbc44f 5620db94a1
commit 2f1f6fc63b
5 changed files with 90 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
.env.example
View File

@@ -144,6 +144,7 @@ ODOO_PROFILES="odoo"
POSTGRES_PROFILES="postgres" POSTGRES_PROFILES="postgres"
NGINX_PROFILES="nginx" NGINX_PROFILES="nginx"
NGINX_PROXY_PROFILES="proxy" NGINX_PROXY_PROFILES="proxy"
TRAEFIK_PROFILES="traefik"
ACME_COMPANION_PROFILES="acme" ACME_COMPANION_PROFILES="acme"
KEYDB_PROFILES="keydb" KEYDB_PROFILES="keydb"
MINIO_PROFILES="minio" MINIO_PROFILES="minio"
@@ -156,6 +157,7 @@ KEYDB_TAG=latest
MINIO_TAG=latest MINIO_TAG=latest
NGINX_TAG=1.25.3 NGINX_TAG=1.25.3
NGINX_PROXY_TAG=1.4.0 NGINX_PROXY_TAG=1.4.0
TRAEFIK_TAG=2.11
ACME_COMPANION_TAG=2.2.9 ACME_COMPANION_TAG=2.2.9
PGADMIN_TAG=8.1 PGADMIN_TAG=8.1
@@ -313,6 +315,40 @@ POSTGRES_USER=${POSTGRES_MAIN_USER}
POSTGRES_PASSWORD=${POSTGRES_MAIN_PASSWORD} POSTGRES_PASSWORD=${POSTGRES_MAIN_PASSWORD}
PGDATA=/var/lib/postgresql/data/${PROJECT_NAME} PGDATA=/var/lib/postgresql/data/${PROJECT_NAME}
#---------------#
# Traefik #
#---------------#
# Volumes
ACME_JSON=/acme.json
TRAEFIK_LOGS=/var/log/traefik
# Command
API_DASHBOARD=true
API_INSECURE=true
API_DEBUG=false
ENTRYPOINTS_WEB_ADDRESS=:80
ENTRYPOINTS_WEBSECURE_ADDRESS=:443
TRAEFIK_LOG_LEVEL=INFO
ACCESSLOG_FILEPATH=${TRAEFIK_LOGS}/access.log
ACME_HTTPCHALLENGE=true
ACME_HTTPCHALLENGE_ENTRYPOINT=web
ACME_EMAIL=mail@example.com
ACME_STORAGE=${ACME_JSON}
# For prod use: https://acme-v02.api.letsencrypt.org/directory
ACME_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory
INSERCURE_SKIP_VERIFY=true
# Labels
TRAEFIK_ENABLE=true
HTTP_CATCHALL_ENTRYPOINTS=web
HTTP_CATCHALL_MIDDLEWARES=redirect-to-https
MIDDLEWARES_REDIRECT_SCHEME=https
TRAEFIK_DASHBOARD_DOMAIN=traefik.odoocker.test
TRAEFIK_DASHBOARD_ENTRYPOINTS=websecure
TRAEFIK_DASHBOARD_TLS_CERTRESOLVER=leresolver
TRAEFIK_DASHBOARD_SERVICE=api@internal
#-------------# #-------------#
# Nginx # # Nginx #
#-------------# #-------------#

6
docker-compose.override.local.yml
View File

@@ -21,6 +21,12 @@ services:
- 80:80 - 80:80
- 443:443 - 443:443
traefik:
restart: 'no'
ports:
- 80:80
- 443:443
letsencrypt: letsencrypt:
restart: 'no' restart: 'no'

18
docker-compose.override.production.yml
View File

@@ -21,6 +21,24 @@ services:
- 80:80 - 80:80
- 443:443 - 443:443
traefik:
restart: unless-stopped
ports:
- 80:80
- 443:443
command:
- --entrypoints.websecure.address=${ENTRYPOINTS_WEBSECURE_ADDRESS}
- --certificatesresolvers.leresolver.acme.httpchallenge=${ACME_HTTPCHALLENGE}
- --certificatesresolvers.leresolver.acme.httpchallenge.entrypoint=${ACME_HTTPCHALLENGE_ENTRYPOINT}
- --certificatesresolvers.leresolver.acme.email=${ACME_EMAIL}
- --certificatesresolvers.leresolver.acme.storage=${ACME_STORAGE}
- --certificatesresolvers.leresolver.acme.caserver=${ACME_CASERVER}
labels:
- traefik.http.routers.http-catchall.middlewares=${HTTP_CATCHALL_MIDDLEWARES}
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=${MIDDLEWARES_REDIRECT_SCHEME}
- traefik.http.routers.traefik-dashboard.entrypoints=${TRAEFIK_DASHBOARD_ENTRYPOINTS}
- traefik.http.routers.traefik-dashboard.tls.certresolver=${TRAEFIK_DASHBOARD_TLS_CERTRESOLVER}
letsencrypt: letsencrypt:
restart: unless-stopped restart: unless-stopped

30
docker-compose.yml
View File

@@ -117,6 +117,35 @@ services:
- internal - internal
profiles: [$NGINX_PROXY_PROFILES] profiles: [$NGINX_PROXY_PROFILES]
traefik:
container_name: traefik
image: "traefik:${TRAEFIK_TAG}"
networks:
- internal
command:
- --api.dashboard=${API_DASHBOARD}
- --api.insecure=${API_INSECURE}
- --api.debug=${API_DEBUG}
- --entrypoints.web.address=${ENTRYPOINTS_WEB_ADDRESS}
- --providers.docker
- --log.level=${TRAEFIK_LOG_LEVEL}
- --accesslog.filepath=${ACCESSLOG_FILEPATH}
- --serversTransport.insecureSkipVerify=${INSERCURE_SKIP_VERIFY}
tty: true
volumes:
- ${DOCKER_SOCK}:${DOCKER_SOCK}:ro
- ./acme.json:${ACME_JSON}
- traefik_logs:${TRAEFIK_LOGS}
labels:
- traefik.enable=${TRAEFIK_ENABLE}
# Catch all HTTP trafic and redirect it to HTTPS
- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
- traefik.http.routers.http-catchall.entrypoints=${HTTP_CATCHALL_ENTRYPOINTS}
# Traefik Dashboard route
- traefik.http.routers.traefik-dashboard.rule=Host(`${TRAEFIK_DASHBOARD_DOMAIN}`)
- traefik.http.routers.traefik-dashboard.service=${TRAEFIK_DASHBOARD_SERVICE}
profiles: [$TRAEFIK_PROFILES]
letsencrypt: letsencrypt:
image: nginxproxy/acme-companion:${ACME_COMPANION_TAG} image: nginxproxy/acme-companion:${ACME_COMPANION_TAG}
depends_on: depends_on:
@@ -216,6 +245,7 @@ volumes:
vhost: vhost:
certs: certs:
acme: acme:
traefik_logs:
networks: networks:
internal: internal:

0
traefik/acme.json Normal file
View File