Work on proxying content via sydney

- cloudflare + LE
- traefik now has ingress on 443
- basic auth added for now

.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.gitignore

@@ -1,7 +1,8 @@
-env.sh
+*.tfvars
+.terraform.tfstate.lock.info
 .terraform
 *.tfstate
 *.tfstate.backup
 *.out
 *.backup
-secrets
+secrets

docker/conf/traefik.toml

@@ -1,6 +1,58 @@
+defaultEntryPoints = ["http", "https"]
+[entryPoints]
+[entryPoints.http]
+  address = ":80"
+[entryPoints.http.auth.basic]
+  users = ["tatooine:$2y$05$ZK3.EVeaBi.IQAzZbmchiuaI6mhdDktnoLsQ8iI0K2727OjLDMLFO"]
+[entryPoints.https]
+  address = ":443"
+  # This is required for ACME support
+  [entryPoints.https.tls]
+
+[file]
+[backends]
+
+[backends.ebooks]
+[backends.ebooks.servers.default]
+  url = "http://192.168.1.111:2202"
+
+[backends.elibsrv]
+[backends.elibsrv.servers.default]
+  url = "http://elibsrv.captnemo.in:90"
+
+[backends.scan]
+[backends.scan.servers.default]
+  url = "http://scan.in.bb8.fun:90"
+
+[frontends]
+
+[frontends.ebooks]
+  backend = "ebooks"
+[frontends.ebooks.routes.domain]
+  rule = "Host:ebooks.in.bb8.fun,ebooks.bb8.fun"
+
+[frontends.scan]
+  backend = "scan"
+[frontends.scan.routes.domain]
+  rule = "Host:scan.bb8.fun"
+
 [web]
-address = ":1111"
-[docker]
-domain = "in.bb8.fun,bb8.fun"
-watch = true
-exposedbydefault = false
+  address = ":1111"
+  readOnly = true
+
+[acme]
+
+email = "acme@captnemo.in"
+storage = "/acme/acme.json"
+entryPoint = "https"
+dnsProvider = "cloudflare"
+onHostRule = true
+# Waiting till december to get wildcard SSL on LE
+# [[acme.domains]]
+# main = "bb8.fun"
+# sans = ["*.bb8.fun"]
+
+# [docker]
+#   domain = "in.bb8.fun,bb8.fun"
+#   watch = true
+#   exposedbydefault = false

docker/data.tf

@@ -55,4 +55,4 @@ data "docker_registry_image" "headphones" {
 
 data "docker_registry_image" "muximux" {
   name = "linuxserver/muximux:latest"
-}
+}

docker/main.tf

@@ -219,21 +219,37 @@ resource "docker_container" "traefik" {
   name  = "traefik"
   image = "${docker_image.traefik.latest}"
 
+  # Admin Backend
   ports {
     internal  = 1111
     external  = 1111
     ip        = "192.168.1.111"
   }
 
+  # Local Web Server
   ports {
     internal  = 80
     external  = 8888
     ip        = "192.168.1.111"
   }
 
+  # Local Web Server (HTTPS)
+  ports {
+    internal  = 443
+    external  = 443
+    ip        = "192.168.1.111"
+  }
+
+  # Proxied via sydney.captnemo.in
+  ports {
+    internal  = 443
+    external  = 443
+    ip        = "10.8.0.14"
+  }
+
   ports {
     internal  = 80
-    external  = 8888
+    external  = 80
     ip        = "10.8.0.14"
   }
 
@@ -247,10 +263,20 @@ resource "docker_container" "traefik" {
     container_path    = "/var/run/docker.sock"
   }
 
+  volumes {
+    host_path         = "/mnt/xwing/config/acme"
+    container_path    = "/acme"
+  }
+
   memory = 256
   restart = "unless-stopped"
   destroy_grace_seconds = 10
   must_run = true
+
+  env = [
+    "CLOUDFLARE_EMAIL=${var.cloudflare_email}",
+    "CLOUDFLARE_API_KEY=${var.cloudflare_key}"
+  ]
 }
 
 
@@ -415,7 +441,7 @@ resource "docker_container" "mongo" {
 resource "docker_container" "muximux" {
   name  = "muximux"
   image = "${docker_image.muximux.latest}"
-  
+
   restart = "unless-stopped"
   destroy_grace_seconds = 10
   must_run = true
@@ -437,4 +463,4 @@ resource "docker_container" "muximux" {
     "PGID=1003",
     "TZ=Asia/Kolkata",
   ]
-}
+}

docker/variables.tf

@@ -8,4 +8,14 @@ variable "web_password" {
 
 variable "mysql_root_password" {
   type = "string"
-}
+}
+
+variable "cloudflare_key" {
+  type = "string"
+  description = "cloudflare API Key"
+}
+
+variable "cloudflare_email" {
+  type = "string"
+  description = "cloudflare email address"
+}

main.tf

@@ -24,4 +24,6 @@ module "docker" {
   web_username = "${var.web_username}"
   web_password = "${var.web_password}"
   mysql_root_password = "${var.mysql_root_password}"
+  cloudflare_key = "${var.cloudflare_key}"
+  cloudflare_email = "bb8@captnemo.in"
 }