Fix redirect and passthru

2019-09-21 14:42:16 +05:30 · 2019-09-21 14:42:16 +05:30 · 7f6ad55873
parent cce99c0b6a
commit 7f6ad55873
4 changed files with 46 additions and 51 deletions
--- a/kaarana/dyn.toml
+++ b/kaarana/dyn.toml
@ -0,0 +1,21 @@
+[http.middlewares]
+  [http.middlewares.redirect.redirectScheme]
+    scheme = "https"
+
+[tcp.routers]
+  [tcp.routers.forwardtohome]
+    entryPoints = ["web-secure"]
+    # TODO: Somehow change this back to:
+    # `*.bb8.fun`, `rss.captnemo.in`, `git.captnemo.in`
+    rule = "HostSNI(`airsonic.bb8.fun`,`audioserve.bb8.fun`,`bazarr.bb8.fun`,`debug.bb8.fun`,`ebooks.bb8.fun`,`emby.bb8.fun`,`firesync.bb8.fun`,`git.captnemo.in`,`grafana.bb8.fun`,`jackett.bb8.fun`,`lidarr.bb8.fun`,`media.bb8.fun`,`mylar.bb8.fun`,`opml.bb8.fun`,`radarr.bb8.fun`,`radicale.bb8.fun`,`rss-bridge.bb8.fun`,`rss.captnemo.in`,`sonarr.bb8.fun`,`transmission.bb8.fun`,`wiki.bb8.fun`,`library.bb8.fun`,`read.bb8.fun`,`comics.bb8.fun`,`books.bb8.fun`)"
+    # rule= "HostSNI(*)"
+    # Give this lower priority
+    priority = 1
+    service = "homeserver"
+    [tcp.routers.forwardtohome.tls]
+    passthrough = true
+
+[tcp.services]
+  [tcp.services.homeserver.loadBalancer]
+    [[tcp.services.homeserver.loadBalancer.servers]]
+      address = "10.8.0.14:443"
--- a/kaarana/traefik.tf
+++ b/kaarana/traefik.tf
@ -14,17 +14,16 @@ resource "docker_container" "traefik" {
  name  = "traefik"
  image = "${docker_image.traefik.latest}"

-  # Do not offer HTTP2
-  # https://community.containo.us/t/traefikv2-http-2-0/1199
-  env = [
-    "GODEBUG=http2client=0",
-  ]
-
  upload {
    content = "${file("${path.module}/traefik.toml")}"
    file    = "/etc/traefik/traefik.toml"
  }

+  upload {
+    content = "${file("${path.module}/dyn.toml")}"
+    file    = "/etc/traefik/dyn.toml"
+  }
+
  volumes {
    host_path      = "/var/run/docker.sock"
    container_path = "/var/run/docker.sock"
@ -38,7 +37,7 @@ resource "docker_container" "traefik" {

  ports {
    internal = 443
-    external = 8443
+    external = 443
    ip       = "139.59.22.234"
  }

--- a/kaarana/traefik.toml
+++ b/kaarana/traefik.toml
@ -1,8 +1,12 @@
-# This configures docker service discovery
+# traefik.toml
+# Static configuration
+
 [providers.docker]
-exposedByDefault = false
-network = "traefik"
-defaultRule = ""
+  exposedByDefault = false
+  network = "traefik"
+
+[providers.file]
+  filename = "/etc/traefik/dyn.toml"

 [entryPoints]
  [entryPoints.web]
@ -11,35 +15,9 @@ defaultRule = ""
  [entryPoints.web-secure]
    address = ":443"

-[http.middlewares]
-  [http.middlewares.everything.redirectScheme]
-    scheme = "https"
-
-[tcp.routers]
-  [tcp.routers.forwardtohome]
-    entryPoints = ["web-secure"]
-    rule = "HostSNI(`emby.bb8.fun`, `git.captnemo.in`)"
-    service = "homeserver"
-    [tcp.routers.forwardtohome.tls]
-    passthrough = true
-
-[tcp.services]
-  [tcp.services.homeserver.loadBalancer]
-    [[tcp.services.homeserver.loadBalancer.servers]]
-      address = "10.8.0.14:443"
-
 [certificatesResolvers.default.acme]
  email = "certs@captnemo.in"
  storage = "/acme/acme.json"
  [certificatesResolvers.default.acme.httpChallenge]
    # used during the challenge
    entryPoint = "web"
-
-
-[tls.options]
-  [tls.options.foo]
-    minVersion = "VersionTLS12"
-    cipherSuites = [
-      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-      "TLS_RSA_WITH_AES_256_GCM_SHA384"
-    ]
--- a/kaarana/wordpress.tf
+++ b/kaarana/wordpress.tf
@ -6,16 +6,19 @@ resource "docker_container" "wp" {
  must_run = true

  labels {
-    "traefik.enable"                   = "true"
-    "traefik.tcp.routers.kaarana.rule" = "HostSNI(`kaarana.captnemo.in`)"
-    "traefik.tcp.routers.kaarana.tls"  = "true"
+    "traefik.enable" = "true"

-    # "traefik.tcp.routers.kaarana.tls.options"                 = "foo"
-    "traefik.tcp.services.wordpress.loadbalancer.server.port" = "80"
+    # Redirect Setup
+    "traefik.http.routers.kaarana-insecure.rule"              = "Host(`kaarana.captnemo.in`)"
+    "traefik.http.routers.kaarana-insecure.entrypoints"       = "web"
+    "traefik.http.routers.kaarana-insecure.middlewares"       = "redirect"
+    "traefik.http.middlewares.redirect.redirectScheme.scheme" = "https"

-    # "traefik.tcp.routers.kaarana.entrypoints"                 = "web-secure"
-    "traefik.tcp.routers.kaarana.tls.certResolver"    = "default"
-    "traefik.tcp.routers.kaarana.tls.domains[0].main" = "kaarana.captnemo.in"
+    "traefik.http.routers.kaarana"                  = "true"
+    "traefik.http.routers.kaarana.priority"         = "2"                           #Doesn't help
+    "traefik.http.routers.kaarana.entrypoints"      = "web-secure"
+    "traefik.http.routers.kaarana.rule"             = "Host(`kaarana.captnemo.in`)"
+    "traefik.http.routers.kaarana.tls.certResolver" = "default"
  }

  env = [
@ -31,12 +34,6 @@ resource "docker_container" "wp" {
    container_path = "/var/www/html"
  }

-  ports {
-    internal = 80
-    external = 8213
-    ip       = "10.8.0.1"
-  }
-
  networks_advanced = [
    {
      name = "kaarana-db"