Fix redirect and passthru
This commit is contained in:
parent
cce99c0b6a
commit
7f6ad55873
|
@ -0,0 +1,21 @@
|
|||
[http.middlewares]
|
||||
[http.middlewares.redirect.redirectScheme]
|
||||
scheme = "https"
|
||||
|
||||
[tcp.routers]
|
||||
[tcp.routers.forwardtohome]
|
||||
entryPoints = ["web-secure"]
|
||||
# TODO: Somehow change this back to:
|
||||
# `*.bb8.fun`, `rss.captnemo.in`, `git.captnemo.in`
|
||||
rule = "HostSNI(`airsonic.bb8.fun`,`audioserve.bb8.fun`,`bazarr.bb8.fun`,`debug.bb8.fun`,`ebooks.bb8.fun`,`emby.bb8.fun`,`firesync.bb8.fun`,`git.captnemo.in`,`grafana.bb8.fun`,`jackett.bb8.fun`,`lidarr.bb8.fun`,`media.bb8.fun`,`mylar.bb8.fun`,`opml.bb8.fun`,`radarr.bb8.fun`,`radicale.bb8.fun`,`rss-bridge.bb8.fun`,`rss.captnemo.in`,`sonarr.bb8.fun`,`transmission.bb8.fun`,`wiki.bb8.fun`,`library.bb8.fun`,`read.bb8.fun`,`comics.bb8.fun`,`books.bb8.fun`)"
|
||||
# rule= "HostSNI(*)"
|
||||
# Give this lower priority
|
||||
priority = 1
|
||||
service = "homeserver"
|
||||
[tcp.routers.forwardtohome.tls]
|
||||
passthrough = true
|
||||
|
||||
[tcp.services]
|
||||
[tcp.services.homeserver.loadBalancer]
|
||||
[[tcp.services.homeserver.loadBalancer.servers]]
|
||||
address = "10.8.0.14:443"
|
|
@ -14,17 +14,16 @@ resource "docker_container" "traefik" {
|
|||
name = "traefik"
|
||||
image = "${docker_image.traefik.latest}"
|
||||
|
||||
# Do not offer HTTP2
|
||||
# https://community.containo.us/t/traefikv2-http-2-0/1199
|
||||
env = [
|
||||
"GODEBUG=http2client=0",
|
||||
]
|
||||
|
||||
upload {
|
||||
content = "${file("${path.module}/traefik.toml")}"
|
||||
file = "/etc/traefik/traefik.toml"
|
||||
}
|
||||
|
||||
upload {
|
||||
content = "${file("${path.module}/dyn.toml")}"
|
||||
file = "/etc/traefik/dyn.toml"
|
||||
}
|
||||
|
||||
volumes {
|
||||
host_path = "/var/run/docker.sock"
|
||||
container_path = "/var/run/docker.sock"
|
||||
|
@ -38,7 +37,7 @@ resource "docker_container" "traefik" {
|
|||
|
||||
ports {
|
||||
internal = 443
|
||||
external = 8443
|
||||
external = 443
|
||||
ip = "139.59.22.234"
|
||||
}
|
||||
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
# This configures docker service discovery
|
||||
# traefik.toml
|
||||
# Static configuration
|
||||
|
||||
[providers.docker]
|
||||
exposedByDefault = false
|
||||
network = "traefik"
|
||||
defaultRule = ""
|
||||
exposedByDefault = false
|
||||
network = "traefik"
|
||||
|
||||
[providers.file]
|
||||
filename = "/etc/traefik/dyn.toml"
|
||||
|
||||
[entryPoints]
|
||||
[entryPoints.web]
|
||||
|
@ -11,35 +15,9 @@ defaultRule = ""
|
|||
[entryPoints.web-secure]
|
||||
address = ":443"
|
||||
|
||||
[http.middlewares]
|
||||
[http.middlewares.everything.redirectScheme]
|
||||
scheme = "https"
|
||||
|
||||
[tcp.routers]
|
||||
[tcp.routers.forwardtohome]
|
||||
entryPoints = ["web-secure"]
|
||||
rule = "HostSNI(`emby.bb8.fun`, `git.captnemo.in`)"
|
||||
service = "homeserver"
|
||||
[tcp.routers.forwardtohome.tls]
|
||||
passthrough = true
|
||||
|
||||
[tcp.services]
|
||||
[tcp.services.homeserver.loadBalancer]
|
||||
[[tcp.services.homeserver.loadBalancer.servers]]
|
||||
address = "10.8.0.14:443"
|
||||
|
||||
[certificatesResolvers.default.acme]
|
||||
email = "certs@captnemo.in"
|
||||
storage = "/acme/acme.json"
|
||||
[certificatesResolvers.default.acme.httpChallenge]
|
||||
# used during the challenge
|
||||
entryPoint = "web"
|
||||
|
||||
|
||||
[tls.options]
|
||||
[tls.options.foo]
|
||||
minVersion = "VersionTLS12"
|
||||
cipherSuites = [
|
||||
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
"TLS_RSA_WITH_AES_256_GCM_SHA384"
|
||||
]
|
||||
|
|
|
@ -6,16 +6,19 @@ resource "docker_container" "wp" {
|
|||
must_run = true
|
||||
|
||||
labels {
|
||||
"traefik.enable" = "true"
|
||||
"traefik.tcp.routers.kaarana.rule" = "HostSNI(`kaarana.captnemo.in`)"
|
||||
"traefik.tcp.routers.kaarana.tls" = "true"
|
||||
"traefik.enable" = "true"
|
||||
|
||||
# "traefik.tcp.routers.kaarana.tls.options" = "foo"
|
||||
"traefik.tcp.services.wordpress.loadbalancer.server.port" = "80"
|
||||
# Redirect Setup
|
||||
"traefik.http.routers.kaarana-insecure.rule" = "Host(`kaarana.captnemo.in`)"
|
||||
"traefik.http.routers.kaarana-insecure.entrypoints" = "web"
|
||||
"traefik.http.routers.kaarana-insecure.middlewares" = "redirect"
|
||||
"traefik.http.middlewares.redirect.redirectScheme.scheme" = "https"
|
||||
|
||||
# "traefik.tcp.routers.kaarana.entrypoints" = "web-secure"
|
||||
"traefik.tcp.routers.kaarana.tls.certResolver" = "default"
|
||||
"traefik.tcp.routers.kaarana.tls.domains[0].main" = "kaarana.captnemo.in"
|
||||
"traefik.http.routers.kaarana" = "true"
|
||||
"traefik.http.routers.kaarana.priority" = "2" #Doesn't help
|
||||
"traefik.http.routers.kaarana.entrypoints" = "web-secure"
|
||||
"traefik.http.routers.kaarana.rule" = "Host(`kaarana.captnemo.in`)"
|
||||
"traefik.http.routers.kaarana.tls.certResolver" = "default"
|
||||
}
|
||||
|
||||
env = [
|
||||
|
@ -31,12 +34,6 @@ resource "docker_container" "wp" {
|
|||
container_path = "/var/www/html"
|
||||
}
|
||||
|
||||
ports {
|
||||
internal = 80
|
||||
external = 8213
|
||||
ip = "10.8.0.1"
|
||||
}
|
||||
|
||||
networks_advanced = [
|
||||
{
|
||||
name = "kaarana-db"
|
||||
|
|
Loading…
Reference in New Issue