Work on proxying content via sydney

- cloudflare + LE
- traefik now has ingress on 443
- basic auth added for now
This commit is contained in:
Nemo 2017-11-26 16:53:34 +05:30
parent b64aa08c69
commit 62ee3b47f2
7 changed files with 112 additions and 12 deletions

9
.editorconfig Normal file
View File

@ -0,0 +1,9 @@
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

5
.gitignore vendored
View File

@ -1,7 +1,8 @@
env.sh
*.tfvars
.terraform.tfstate.lock.info
.terraform
*.tfstate
*.tfstate.backup
*.out
*.backup
secrets
secrets

View File

@ -1,6 +1,58 @@
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.auth.basic]
users = ["tatooine:$2y$05$ZK3.EVeaBi.IQAzZbmchiuaI6mhdDktnoLsQ8iI0K2727OjLDMLFO"]
[entryPoints.https]
address = ":443"
# This is required for ACME support
[entryPoints.https.tls]
[file]
[backends]
[backends.ebooks]
[backends.ebooks.servers.default]
url = "http://192.168.1.111:2202"
[backends.elibsrv]
[backends.elibsrv.servers.default]
url = "http://elibsrv.captnemo.in:90"
[backends.scan]
[backends.scan.servers.default]
url = "http://scan.in.bb8.fun:90"
[frontends]
[frontends.ebooks]
backend = "ebooks"
[frontends.ebooks.routes.domain]
rule = "Host:ebooks.in.bb8.fun,ebooks.bb8.fun"
[frontends.scan]
backend = "scan"
[frontends.scan.routes.domain]
rule = "Host:scan.bb8.fun"
[web]
address = ":1111"
[docker]
domain = "in.bb8.fun,bb8.fun"
watch = true
exposedbydefault = false
address = ":1111"
readOnly = true
[acme]
email = "acme@captnemo.in"
storage = "/acme/acme.json"
entryPoint = "https"
dnsProvider = "cloudflare"
onHostRule = true
# Waiting till december to get wildcard SSL on LE
# [[acme.domains]]
# main = "bb8.fun"
# sans = ["*.bb8.fun"]
# [docker]
# domain = "in.bb8.fun,bb8.fun"
# watch = true
# exposedbydefault = false

View File

@ -55,4 +55,4 @@ data "docker_registry_image" "headphones" {
data "docker_registry_image" "muximux" {
name = "linuxserver/muximux:latest"
}
}

View File

@ -219,21 +219,37 @@ resource "docker_container" "traefik" {
name = "traefik"
image = "${docker_image.traefik.latest}"
# Admin Backend
ports {
internal = 1111
external = 1111
ip = "192.168.1.111"
}
# Local Web Server
ports {
internal = 80
external = 8888
ip = "192.168.1.111"
}
# Local Web Server (HTTPS)
ports {
internal = 443
external = 443
ip = "192.168.1.111"
}
# Proxied via sydney.captnemo.in
ports {
internal = 443
external = 443
ip = "10.8.0.14"
}
ports {
internal = 80
external = 8888
external = 80
ip = "10.8.0.14"
}
@ -247,10 +263,20 @@ resource "docker_container" "traefik" {
container_path = "/var/run/docker.sock"
}
volumes {
host_path = "/mnt/xwing/config/acme"
container_path = "/acme"
}
memory = 256
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
env = [
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
"CLOUDFLARE_API_KEY=${var.cloudflare_key}"
]
}
@ -415,7 +441,7 @@ resource "docker_container" "mongo" {
resource "docker_container" "muximux" {
name = "muximux"
image = "${docker_image.muximux.latest}"
restart = "unless-stopped"
destroy_grace_seconds = 10
must_run = true
@ -437,4 +463,4 @@ resource "docker_container" "muximux" {
"PGID=1003",
"TZ=Asia/Kolkata",
]
}
}

View File

@ -8,4 +8,14 @@ variable "web_password" {
variable "mysql_root_password" {
type = "string"
}
}
variable "cloudflare_key" {
type = "string"
description = "cloudflare API Key"
}
variable "cloudflare_email" {
type = "string"
description = "cloudflare email address"
}

View File

@ -24,4 +24,6 @@ module "docker" {
web_username = "${var.web_username}"
web_password = "${var.web_password}"
mysql_root_password = "${var.mysql_root_password}"
cloudflare_key = "${var.cloudflare_key}"
cloudflare_email = "bb8@captnemo.in"
}