Work on proxying content via sydney

- cloudflare + LE
- traefik now has ingress on 443
- basic auth added for now
This commit is contained in:
Nemo 2017-11-26 16:53:34 +05:30
parent b64aa08c69
commit 62ee3b47f2
7 changed files with 112 additions and 12 deletions

9
.editorconfig Normal file
View File

@ -0,0 +1,9 @@
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

5
.gitignore vendored
View File

@ -1,7 +1,8 @@
env.sh *.tfvars
.terraform.tfstate.lock.info
.terraform .terraform
*.tfstate *.tfstate
*.tfstate.backup *.tfstate.backup
*.out *.out
*.backup *.backup
secrets secrets

View File

@ -1,6 +1,58 @@
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.auth.basic]
users = ["tatooine:$2y$05$ZK3.EVeaBi.IQAzZbmchiuaI6mhdDktnoLsQ8iI0K2727OjLDMLFO"]
[entryPoints.https]
address = ":443"
# This is required for ACME support
[entryPoints.https.tls]
[file]
[backends]
[backends.ebooks]
[backends.ebooks.servers.default]
url = "http://192.168.1.111:2202"
[backends.elibsrv]
[backends.elibsrv.servers.default]
url = "http://elibsrv.captnemo.in:90"
[backends.scan]
[backends.scan.servers.default]
url = "http://scan.in.bb8.fun:90"
[frontends]
[frontends.ebooks]
backend = "ebooks"
[frontends.ebooks.routes.domain]
rule = "Host:ebooks.in.bb8.fun,ebooks.bb8.fun"
[frontends.scan]
backend = "scan"
[frontends.scan.routes.domain]
rule = "Host:scan.bb8.fun"
[web] [web]
address = ":1111" address = ":1111"
[docker] readOnly = true
domain = "in.bb8.fun,bb8.fun"
watch = true [acme]
exposedbydefault = false
email = "acme@captnemo.in"
storage = "/acme/acme.json"
entryPoint = "https"
dnsProvider = "cloudflare"
onHostRule = true
# Waiting till december to get wildcard SSL on LE
# [[acme.domains]]
# main = "bb8.fun"
# sans = ["*.bb8.fun"]
# [docker]
# domain = "in.bb8.fun,bb8.fun"
# watch = true
# exposedbydefault = false

View File

@ -55,4 +55,4 @@ data "docker_registry_image" "headphones" {
data "docker_registry_image" "muximux" { data "docker_registry_image" "muximux" {
name = "linuxserver/muximux:latest" name = "linuxserver/muximux:latest"
} }

View File

@ -219,21 +219,37 @@ resource "docker_container" "traefik" {
name = "traefik" name = "traefik"
image = "${docker_image.traefik.latest}" image = "${docker_image.traefik.latest}"
# Admin Backend
ports { ports {
internal = 1111 internal = 1111
external = 1111 external = 1111
ip = "192.168.1.111" ip = "192.168.1.111"
} }
# Local Web Server
ports { ports {
internal = 80 internal = 80
external = 8888 external = 8888
ip = "192.168.1.111" ip = "192.168.1.111"
} }
# Local Web Server (HTTPS)
ports {
internal = 443
external = 443
ip = "192.168.1.111"
}
# Proxied via sydney.captnemo.in
ports {
internal = 443
external = 443
ip = "10.8.0.14"
}
ports { ports {
internal = 80 internal = 80
external = 8888 external = 80
ip = "10.8.0.14" ip = "10.8.0.14"
} }
@ -247,10 +263,20 @@ resource "docker_container" "traefik" {
container_path = "/var/run/docker.sock" container_path = "/var/run/docker.sock"
} }
volumes {
host_path = "/mnt/xwing/config/acme"
container_path = "/acme"
}
memory = 256 memory = 256
restart = "unless-stopped" restart = "unless-stopped"
destroy_grace_seconds = 10 destroy_grace_seconds = 10
must_run = true must_run = true
env = [
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
"CLOUDFLARE_API_KEY=${var.cloudflare_key}"
]
} }
@ -415,7 +441,7 @@ resource "docker_container" "mongo" {
resource "docker_container" "muximux" { resource "docker_container" "muximux" {
name = "muximux" name = "muximux"
image = "${docker_image.muximux.latest}" image = "${docker_image.muximux.latest}"
restart = "unless-stopped" restart = "unless-stopped"
destroy_grace_seconds = 10 destroy_grace_seconds = 10
must_run = true must_run = true
@ -437,4 +463,4 @@ resource "docker_container" "muximux" {
"PGID=1003", "PGID=1003",
"TZ=Asia/Kolkata", "TZ=Asia/Kolkata",
] ]
} }

View File

@ -8,4 +8,14 @@ variable "web_password" {
variable "mysql_root_password" { variable "mysql_root_password" {
type = "string" type = "string"
} }
variable "cloudflare_key" {
type = "string"
description = "cloudflare API Key"
}
variable "cloudflare_email" {
type = "string"
description = "cloudflare email address"
}

View File

@ -24,4 +24,6 @@ module "docker" {
web_username = "${var.web_username}" web_username = "${var.web_username}"
web_password = "${var.web_password}" web_password = "${var.web_password}"
mysql_root_password = "${var.mysql_root_password}" mysql_root_password = "${var.mysql_root_password}"
cloudflare_key = "${var.cloudflare_key}"
cloudflare_email = "bb8@captnemo.in"
} }