Traefik upgrade
- Also broken down the huge docker/main.tf file
- Traefik now responds with a double header (🤦)
This commit is contained in:
parent
e38fa0b07e
commit
e84bc906ea
|
@ -13,6 +13,13 @@ resource "cloudflare_record" "home" {
|
||||||
type = "A"
|
type = "A"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "cloudflare_record" "docker" {
|
||||||
|
domain = "${var.domain}"
|
||||||
|
name = "docker.in"
|
||||||
|
value = "10.8.0.14"
|
||||||
|
type = "A"
|
||||||
|
}
|
||||||
|
|
||||||
resource "cloudflare_record" "internet" {
|
resource "cloudflare_record" "internet" {
|
||||||
domain = "${var.domain}"
|
domain = "${var.domain}"
|
||||||
name = "@"
|
name = "@"
|
||||||
|
|
|
@ -0,0 +1,47 @@
|
||||||
|
resource "docker_container" "mongorocks" {
|
||||||
|
name = "mongorocks"
|
||||||
|
image = "${docker_image.mongorocks.latest}"
|
||||||
|
|
||||||
|
restart = "unless-stopped"
|
||||||
|
destroy_grace_seconds = 30
|
||||||
|
must_run = true
|
||||||
|
memory = 256
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
volume_name = "${docker_volume.mongorocks_data_volume.name}"
|
||||||
|
container_path = "/data/db"
|
||||||
|
host_path = "${docker_volume.mongorocks_data_volume.mountpoint}"
|
||||||
|
}
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"AUTH=no",
|
||||||
|
"DATABASE=wiki",
|
||||||
|
"OPLOG_SIZE=50",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "docker_container" "mariadb" {
|
||||||
|
name = "mariadb"
|
||||||
|
image = "${docker_image.mariadb.latest}"
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
volume_name = "${docker_volume.mariadb_volume.name}"
|
||||||
|
container_path = "/var/lib/mysql"
|
||||||
|
host_path = "${docker_volume.mariadb_volume.mountpoint}"
|
||||||
|
}
|
||||||
|
|
||||||
|
ports {
|
||||||
|
internal = 3306
|
||||||
|
external = 3306
|
||||||
|
ip = "192.168.1.111"
|
||||||
|
}
|
||||||
|
|
||||||
|
memory = 512
|
||||||
|
restart = "unless-stopped"
|
||||||
|
destroy_grace_seconds = 10
|
||||||
|
must_run = true
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"MYSQL_ROOT_PASSWORD=${var.mysql_root_password}",
|
||||||
|
]
|
||||||
|
}
|
158
docker/main.tf
158
docker/main.tf
|
@ -11,7 +11,8 @@ resource docker_container "transmission" {
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
}
|
}
|
||||||
|
|
||||||
ports {
|
ports {
|
||||||
|
@ -65,7 +66,8 @@ resource docker_container "gitea" {
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
}
|
}
|
||||||
|
|
||||||
ports {
|
ports {
|
||||||
|
@ -92,32 +94,6 @@ resource docker_container "gitea" {
|
||||||
must_run = true
|
must_run = true
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_container" "mariadb" {
|
|
||||||
name = "mariadb"
|
|
||||||
image = "${docker_image.mariadb.latest}"
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
volume_name = "${docker_volume.mariadb_volume.name}"
|
|
||||||
container_path = "/var/lib/mysql"
|
|
||||||
host_path = "${docker_volume.mariadb_volume.mountpoint}"
|
|
||||||
}
|
|
||||||
|
|
||||||
ports {
|
|
||||||
internal = 3306
|
|
||||||
external = 3306
|
|
||||||
ip = "192.168.1.111"
|
|
||||||
}
|
|
||||||
|
|
||||||
memory = 512
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"MYSQL_ROOT_PASSWORD=${var.mysql_root_password}",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_container" "emby" {
|
resource "docker_container" "emby" {
|
||||||
name = "emby"
|
name = "emby"
|
||||||
image = "${docker_image.emby.latest}"
|
image = "${docker_image.emby.latest}"
|
||||||
|
@ -143,7 +119,8 @@ resource "docker_container" "emby" {
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
}
|
}
|
||||||
|
|
||||||
memory = 2048
|
memory = 2048
|
||||||
|
@ -189,7 +166,8 @@ resource "docker_container" "couchpotato" {
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
}
|
}
|
||||||
|
|
||||||
memory = 256
|
memory = 256
|
||||||
|
@ -207,79 +185,6 @@ resource "docker_container" "couchpotato" {
|
||||||
links = ["transmission"]
|
links = ["transmission"]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_container" "traefik" {
|
|
||||||
name = "traefik"
|
|
||||||
image = "${docker_image.traefik.latest}"
|
|
||||||
|
|
||||||
# Admin Backend
|
|
||||||
ports {
|
|
||||||
internal = 1111
|
|
||||||
external = 1111
|
|
||||||
ip = "192.168.1.111"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Local Web Server
|
|
||||||
ports {
|
|
||||||
internal = 80
|
|
||||||
external = 8888
|
|
||||||
ip = "192.168.1.111"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Local Web Server
|
|
||||||
ports {
|
|
||||||
internal = 80
|
|
||||||
external = 80
|
|
||||||
ip = "192.168.1.111"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Local Web Server (HTTPS)
|
|
||||||
ports {
|
|
||||||
internal = 443
|
|
||||||
external = 443
|
|
||||||
ip = "192.168.1.111"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Proxied via sydney.captnemo.in
|
|
||||||
ports {
|
|
||||||
internal = 443
|
|
||||||
external = 443
|
|
||||||
ip = "10.8.0.14"
|
|
||||||
}
|
|
||||||
|
|
||||||
ports {
|
|
||||||
internal = 80
|
|
||||||
external = 80
|
|
||||||
ip = "10.8.0.14"
|
|
||||||
}
|
|
||||||
|
|
||||||
upload {
|
|
||||||
content = "${file("${path.module}/conf/traefik.toml")}"
|
|
||||||
file = "/etc/traefik/traefik.toml"
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/var/run/docker.sock"
|
|
||||||
container_path = "/var/run/docker.sock"
|
|
||||||
read_only = true
|
|
||||||
}
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
host_path = "/mnt/xwing/config/acme"
|
|
||||||
container_path = "/acme"
|
|
||||||
}
|
|
||||||
|
|
||||||
memory = 256
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 10
|
|
||||||
must_run = true
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
|
|
||||||
"CLOUDFLARE_API_KEY=${var.cloudflare_key}"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
resource "docker_container" "airsonic" {
|
resource "docker_container" "airsonic" {
|
||||||
name = "airsonic"
|
name = "airsonic"
|
||||||
image = "${docker_image.airsonic.latest}"
|
image = "${docker_image.airsonic.latest}"
|
||||||
|
@ -318,7 +223,8 @@ resource "docker_container" "airsonic" {
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -341,7 +247,8 @@ resource "docker_container" "headerdebug" {
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -380,7 +287,8 @@ resource "docker_container" "sickrage" {
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
}
|
}
|
||||||
|
|
||||||
env = [
|
env = [
|
||||||
|
@ -428,7 +336,8 @@ resource "docker_container" "headphones" {
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# lounge:tatooine
|
# lounge:tatooine
|
||||||
|
@ -482,7 +391,8 @@ resource "docker_container" "ubooquity" {
|
||||||
"traefik.read.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.read.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.read.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.read.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.read.frontend.headers.browserXSSFilter" = "true"
|
"traefik.read.frontend.headers.browserXSSFilter" = "true"
|
||||||
"traefik.read.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.read.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
}
|
}
|
||||||
|
|
||||||
upload {
|
upload {
|
||||||
|
@ -535,7 +445,9 @@ resource "docker_container" "wiki" {
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
|
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
|
||||||
}
|
}
|
||||||
|
|
||||||
links = ["mongorocks"]
|
links = ["mongorocks"]
|
||||||
|
@ -546,28 +458,6 @@ resource "docker_container" "wiki" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_container" "mongorocks" {
|
|
||||||
name = "mongorocks"
|
|
||||||
image = "${docker_image.mongorocks.latest}"
|
|
||||||
|
|
||||||
restart = "unless-stopped"
|
|
||||||
destroy_grace_seconds = 30
|
|
||||||
must_run = true
|
|
||||||
memory = 256
|
|
||||||
|
|
||||||
volumes {
|
|
||||||
volume_name = "${docker_volume.mongorocks_data_volume.name}"
|
|
||||||
container_path = "/data/db"
|
|
||||||
host_path = "${docker_volume.mongorocks_data_volume.mountpoint}"
|
|
||||||
}
|
|
||||||
|
|
||||||
env = [
|
|
||||||
"AUTH=no",
|
|
||||||
"DATABASE=wiki",
|
|
||||||
"OPLOG_SIZE=50",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "docker_container" "muximux" {
|
resource "docker_container" "muximux" {
|
||||||
name = "muximux"
|
name = "muximux"
|
||||||
image = "${docker_image.muximux.latest}"
|
image = "${docker_image.muximux.latest}"
|
||||||
|
@ -594,7 +484,8 @@ resource "docker_container" "muximux" {
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
|
"traefik.frontend.headers.frameDeny" = "true"
|
||||||
}
|
}
|
||||||
|
|
||||||
# lounge:tatooine
|
# lounge:tatooine
|
||||||
|
@ -654,6 +545,7 @@ resource "docker_container" "cadvisor" {
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
|
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,71 @@
|
||||||
|
resource "docker_container" "traefik" {
|
||||||
|
name = "traefik"
|
||||||
|
image = "${docker_image.traefik.latest}"
|
||||||
|
|
||||||
|
# Admin Backend
|
||||||
|
ports {
|
||||||
|
internal = 1111
|
||||||
|
external = 1111
|
||||||
|
ip = "192.168.1.111"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Local Web Server
|
||||||
|
ports {
|
||||||
|
internal = 80
|
||||||
|
external = 8888
|
||||||
|
ip = "192.168.1.111"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Local Web Server
|
||||||
|
ports {
|
||||||
|
internal = 80
|
||||||
|
external = 80
|
||||||
|
ip = "192.168.1.111"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Local Web Server (HTTPS)
|
||||||
|
ports {
|
||||||
|
internal = 443
|
||||||
|
external = 443
|
||||||
|
ip = "192.168.1.111"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Proxied via sydney.captnemo.in
|
||||||
|
ports {
|
||||||
|
internal = 443
|
||||||
|
external = 443
|
||||||
|
ip = "10.8.0.14"
|
||||||
|
}
|
||||||
|
|
||||||
|
ports {
|
||||||
|
internal = 80
|
||||||
|
external = 80
|
||||||
|
ip = "10.8.0.14"
|
||||||
|
}
|
||||||
|
|
||||||
|
upload {
|
||||||
|
content = "${file("${path.module}/conf/traefik.toml")}"
|
||||||
|
file = "/etc/traefik/traefik.toml"
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/var/run/docker.sock"
|
||||||
|
container_path = "/var/run/docker.sock"
|
||||||
|
read_only = true
|
||||||
|
}
|
||||||
|
|
||||||
|
volumes {
|
||||||
|
host_path = "/mnt/xwing/config/acme"
|
||||||
|
container_path = "/acme"
|
||||||
|
}
|
||||||
|
|
||||||
|
memory = 256
|
||||||
|
restart = "unless-stopped"
|
||||||
|
destroy_grace_seconds = 10
|
||||||
|
must_run = true
|
||||||
|
|
||||||
|
env = [
|
||||||
|
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
|
||||||
|
"CLOUDFLARE_API_KEY=${var.cloudflare_key}"
|
||||||
|
]
|
||||||
|
}
|
|
@ -31,11 +31,11 @@ variable "hsts_max_age" {
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "xfo_allow" {
|
variable "xfo_allow" {
|
||||||
default = "ALLOW-FROM https://muximux.bb8.fun/"
|
default = "ALLOW-FROM https://home.bb8.fun/"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "xpoweredby" {
|
variable "xpoweredby" {
|
||||||
default = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
default = "X-Powered-By:Allomancy||X-Server:Blackbox"
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "refpolicy" {
|
variable "refpolicy" {
|
||||||
|
|
Loading…
Reference in New Issue