From 62ee3b47f2bac1df848c3c039b8c027e1a135229 Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Sun, 26 Nov 2017 16:53:34 +0530
Subject: [PATCH] Work on proxying content via sydney

- cloudflare + LE
- traefik now has ingress on 443
- basic auth added for now
---
 .editorconfig            |  9 ++++++
 .gitignore               |  5 ++--
 docker/conf/traefik.toml | 62 ++++++++++++++++++++++++++++++++++++----
 docker/data.tf           |  2 +-
 docker/main.tf           | 32 +++++++++++++++++++--
 docker/variables.tf      | 12 +++++++-
 main.tf                  |  2 ++
 7 files changed, 112 insertions(+), 12 deletions(-)
 create mode 100644 .editorconfig

diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..c6c8b36
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,9 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
diff --git a/.gitignore b/.gitignore
index 82c3923..167018c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,8 @@
-env.sh
+*.tfvars
+.terraform.tfstate.lock.info
 .terraform
 *.tfstate
 *.tfstate.backup
 *.out
 *.backup
-secrets
\ No newline at end of file
+secrets
diff --git a/docker/conf/traefik.toml b/docker/conf/traefik.toml
index 0256c76..f2eb33e 100644
--- a/docker/conf/traefik.toml
+++ b/docker/conf/traefik.toml
@@ -1,6 +1,58 @@
+defaultEntryPoints = ["http", "https"]
+[entryPoints]
+[entryPoints.http]
+  address = ":80"
+[entryPoints.http.auth.basic]
+  users = ["tatooine:$2y$05$ZK3.EVeaBi.IQAzZbmchiuaI6mhdDktnoLsQ8iI0K2727OjLDMLFO"]
+[entryPoints.https]
+  address = ":443"
+  # This is required for ACME support
+  [entryPoints.https.tls]
+
+[file]
+[backends]
+
+[backends.ebooks]
+[backends.ebooks.servers.default]
+  url = "http://192.168.1.111:2202"
+
+[backends.elibsrv]
+[backends.elibsrv.servers.default]
+  url = "http://elibsrv.captnemo.in:90"
+
+[backends.scan]
+[backends.scan.servers.default]
+  url = "http://scan.in.bb8.fun:90"
+
+[frontends]
+
+[frontends.ebooks]
+  backend = "ebooks"
+[frontends.ebooks.routes.domain]
+  rule = "Host:ebooks.in.bb8.fun,ebooks.bb8.fun"
+
+[frontends.scan]
+  backend = "scan"
+[frontends.scan.routes.domain]
+  rule = "Host:scan.bb8.fun"
+
 [web]
-address = ":1111"
-[docker]
-domain = "in.bb8.fun,bb8.fun"
-watch = true
-exposedbydefault = false
\ No newline at end of file
+  address = ":1111"
+  readOnly = true
+
+[acme]
+
+email = "acme@captnemo.in"
+storage = "/acme/acme.json"
+entryPoint = "https"
+dnsProvider = "cloudflare"
+onHostRule = true
+# Waiting till december to get wildcard SSL on LE
+# [[acme.domains]]
+# main = "bb8.fun"
+# sans = ["*.bb8.fun"]
+
+# [docker]
+#   domain = "in.bb8.fun,bb8.fun"
+#   watch = true
+#   exposedbydefault = false
diff --git a/docker/data.tf b/docker/data.tf
index a0a718e..e018608 100644
--- a/docker/data.tf
+++ b/docker/data.tf
@@ -55,4 +55,4 @@ data "docker_registry_image" "headphones" {
 
 data "docker_registry_image" "muximux" {
   name = "linuxserver/muximux:latest"
-}
\ No newline at end of file
+}
diff --git a/docker/main.tf b/docker/main.tf
index 13f1d66..afa294b 100644
--- a/docker/main.tf
+++ b/docker/main.tf
@@ -219,21 +219,37 @@ resource "docker_container" "traefik" {
   name  = "traefik"
   image = "${docker_image.traefik.latest}"
 
+  # Admin Backend
   ports {
     internal  = 1111
     external  = 1111
     ip        = "192.168.1.111"
   }
 
+  # Local Web Server
   ports {
     internal  = 80
     external  = 8888
     ip        = "192.168.1.111"
   }
 
+  # Local Web Server (HTTPS)
+  ports {
+    internal  = 443
+    external  = 443
+    ip        = "192.168.1.111"
+  }
+
+  # Proxied via sydney.captnemo.in
+  ports {
+    internal  = 443
+    external  = 443
+    ip        = "10.8.0.14"
+  }
+
   ports {
     internal  = 80
-    external  = 8888
+    external  = 80
     ip        = "10.8.0.14"
   }
 
@@ -247,10 +263,20 @@ resource "docker_container" "traefik" {
     container_path    = "/var/run/docker.sock"
   }
 
+  volumes {
+    host_path         = "/mnt/xwing/config/acme"
+    container_path    = "/acme"
+  }
+
   memory = 256
   restart = "unless-stopped"
   destroy_grace_seconds = 10
   must_run = true
+
+  env = [
+    "CLOUDFLARE_EMAIL=${var.cloudflare_email}",
+    "CLOUDFLARE_API_KEY=${var.cloudflare_key}"
+  ]
 }
 
 
@@ -415,7 +441,7 @@ resource "docker_container" "mongo" {
 resource "docker_container" "muximux" {
   name  = "muximux"
   image = "${docker_image.muximux.latest}"
-  
+
   restart = "unless-stopped"
   destroy_grace_seconds = 10
   must_run = true
@@ -437,4 +463,4 @@ resource "docker_container" "muximux" {
     "PGID=1003",
     "TZ=Asia/Kolkata",
   ]
-}
\ No newline at end of file
+}
diff --git a/docker/variables.tf b/docker/variables.tf
index d06977f..25b9d4a 100644
--- a/docker/variables.tf
+++ b/docker/variables.tf
@@ -8,4 +8,14 @@ variable "web_password" {
 
 variable "mysql_root_password" {
   type = "string"
-}
\ No newline at end of file
+}
+
+variable "cloudflare_key" {
+  type = "string"
+  description = "cloudflare API Key"
+}
+
+variable "cloudflare_email" {
+  type = "string"
+  description = "cloudflare email address"
+}
diff --git a/main.tf b/main.tf
index f62af07..e4095fe 100644
--- a/main.tf
+++ b/main.tf
@@ -24,4 +24,6 @@ module "docker" {
   web_username = "${var.web_username}"
   web_password = "${var.web_password}"
   mysql_root_password = "${var.mysql_root_password}"
+  cloudflare_key = "${var.cloudflare_key}"
+  cloudflare_email = "bb8@captnemo.in"
 }