Traefik upgrade
- Also broken down the huge docker/main.tf file
- Traefik now responds with a double header (🤦)
This commit is contained in:
parent
e38fa0b07e
commit
e84bc906ea
|
@ -13,6 +13,13 @@ resource "cloudflare_record" "home" {
|
|||
type = "A"
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "docker" {
|
||||
domain = "${var.domain}"
|
||||
name = "docker.in"
|
||||
value = "10.8.0.14"
|
||||
type = "A"
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "internet" {
|
||||
domain = "${var.domain}"
|
||||
name = "@"
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
resource "docker_container" "mongorocks" {
|
||||
name = "mongorocks"
|
||||
image = "${docker_image.mongorocks.latest}"
|
||||
|
||||
restart = "unless-stopped"
|
||||
destroy_grace_seconds = 30
|
||||
must_run = true
|
||||
memory = 256
|
||||
|
||||
volumes {
|
||||
volume_name = "${docker_volume.mongorocks_data_volume.name}"
|
||||
container_path = "/data/db"
|
||||
host_path = "${docker_volume.mongorocks_data_volume.mountpoint}"
|
||||
}
|
||||
|
||||
env = [
|
||||
"AUTH=no",
|
||||
"DATABASE=wiki",
|
||||
"OPLOG_SIZE=50",
|
||||
]
|
||||
}
|
||||
|
||||
resource "docker_container" "mariadb" {
|
||||
name = "mariadb"
|
||||
image = "${docker_image.mariadb.latest}"
|
||||
|
||||
volumes {
|
||||
volume_name = "${docker_volume.mariadb_volume.name}"
|
||||
container_path = "/var/lib/mysql"
|
||||
host_path = "${docker_volume.mariadb_volume.mountpoint}"
|
||||
}
|
||||
|
||||
ports {
|
||||
internal = 3306
|
||||
external = 3306
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
memory = 512
|
||||
restart = "unless-stopped"
|
||||
destroy_grace_seconds = 10
|
||||
must_run = true
|
||||
|
||||
env = [
|
||||
"MYSQL_ROOT_PASSWORD=${var.mysql_root_password}",
|
||||
]
|
||||
}
|
158
docker/main.tf
158
docker/main.tf
|
@ -11,7 +11,8 @@ resource docker_container "transmission" {
|
|||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
|
||||
ports {
|
||||
|
@ -65,7 +66,8 @@ resource docker_container "gitea" {
|
|||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
|
||||
ports {
|
||||
|
@ -92,32 +94,6 @@ resource docker_container "gitea" {
|
|||
must_run = true
|
||||
}
|
||||
|
||||
resource "docker_container" "mariadb" {
|
||||
name = "mariadb"
|
||||
image = "${docker_image.mariadb.latest}"
|
||||
|
||||
volumes {
|
||||
volume_name = "${docker_volume.mariadb_volume.name}"
|
||||
container_path = "/var/lib/mysql"
|
||||
host_path = "${docker_volume.mariadb_volume.mountpoint}"
|
||||
}
|
||||
|
||||
ports {
|
||||
internal = 3306
|
||||
external = 3306
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
memory = 512
|
||||
restart = "unless-stopped"
|
||||
destroy_grace_seconds = 10
|
||||
must_run = true
|
||||
|
||||
env = [
|
||||
"MYSQL_ROOT_PASSWORD=${var.mysql_root_password}",
|
||||
]
|
||||
}
|
||||
|
||||
resource "docker_container" "emby" {
|
||||
name = "emby"
|
||||
image = "${docker_image.emby.latest}"
|
||||
|
@ -143,7 +119,8 @@ resource "docker_container" "emby" {
|
|||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
|
||||
memory = 2048
|
||||
|
@ -189,7 +166,8 @@ resource "docker_container" "couchpotato" {
|
|||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
|
||||
memory = 256
|
||||
|
@ -207,79 +185,6 @@ resource "docker_container" "couchpotato" {
|
|||
links = ["transmission"]
|
||||
}
|
||||
|
||||
resource "docker_container" "traefik" {
|
||||
name = "traefik"
|
||||
image = "${docker_image.traefik.latest}"
|
||||
|
||||
# Admin Backend
|
||||
ports {
|
||||
internal = 1111
|
||||
external = 1111
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
# Local Web Server
|
||||
ports {
|
||||
internal = 80
|
||||
external = 8888
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
# Local Web Server
|
||||
ports {
|
||||
internal = 80
|
||||
external = 80
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
# Local Web Server (HTTPS)
|
||||
ports {
|
||||
internal = 443
|
||||
external = 443
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
# Proxied via sydney.captnemo.in
|
||||
ports {
|
||||
internal = 443
|
||||
external = 443
|
||||
ip = "10.8.0.14"
|
||||
}
|
||||
|
||||
ports {
|
||||
internal = 80
|
||||
external = 80
|
||||
ip = "10.8.0.14"
|
||||
}
|
||||
|
||||
upload {
|
||||
content = "${file("${path.module}/conf/traefik.toml")}"
|
||||
file = "/etc/traefik/traefik.toml"
|
||||
}
|
||||
|
||||
volumes {
|
||||
host_path = "/var/run/docker.sock"
|
||||
container_path = "/var/run/docker.sock"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
host_path = "/mnt/xwing/config/acme"
|
||||
container_path = "/acme"
|
||||
}
|
||||
|
||||
memory = 256
|
||||
restart = "unless-stopped"
|
||||
destroy_grace_seconds = 10
|
||||
must_run = true
|
||||
|
||||
env = [
|
||||
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
|
||||
"CLOUDFLARE_API_KEY=${var.cloudflare_key}"
|
||||
]
|
||||
}
|
||||
|
||||
|
||||
resource "docker_container" "airsonic" {
|
||||
name = "airsonic"
|
||||
image = "${docker_image.airsonic.latest}"
|
||||
|
@ -318,7 +223,8 @@ resource "docker_container" "airsonic" {
|
|||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -341,7 +247,8 @@ resource "docker_container" "headerdebug" {
|
|||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -380,7 +287,8 @@ resource "docker_container" "sickrage" {
|
|||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
|
||||
env = [
|
||||
|
@ -428,7 +336,8 @@ resource "docker_container" "headphones" {
|
|||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
|
||||
# lounge:tatooine
|
||||
|
@ -482,7 +391,8 @@ resource "docker_container" "ubooquity" {
|
|||
"traefik.read.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.read.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.read.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.read.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.read.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
}
|
||||
|
||||
upload {
|
||||
|
@ -535,7 +445,9 @@ resource "docker_container" "wiki" {
|
|||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
"traefik.frontend.headers.referrerPolicy" = "${var.refpolicy}"
|
||||
}
|
||||
|
||||
links = ["mongorocks"]
|
||||
|
@ -546,28 +458,6 @@ resource "docker_container" "wiki" {
|
|||
]
|
||||
}
|
||||
|
||||
resource "docker_container" "mongorocks" {
|
||||
name = "mongorocks"
|
||||
image = "${docker_image.mongorocks.latest}"
|
||||
|
||||
restart = "unless-stopped"
|
||||
destroy_grace_seconds = 30
|
||||
must_run = true
|
||||
memory = 256
|
||||
|
||||
volumes {
|
||||
volume_name = "${docker_volume.mongorocks_data_volume.name}"
|
||||
container_path = "/data/db"
|
||||
host_path = "${docker_volume.mongorocks_data_volume.mountpoint}"
|
||||
}
|
||||
|
||||
env = [
|
||||
"AUTH=no",
|
||||
"DATABASE=wiki",
|
||||
"OPLOG_SIZE=50",
|
||||
]
|
||||
}
|
||||
|
||||
resource "docker_container" "muximux" {
|
||||
name = "muximux"
|
||||
image = "${docker_image.muximux.latest}"
|
||||
|
@ -594,7 +484,8 @@ resource "docker_container" "muximux" {
|
|||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
"traefik.frontend.headers.frameDeny" = "true"
|
||||
}
|
||||
|
||||
# lounge:tatooine
|
||||
|
@ -654,6 +545,7 @@ resource "docker_container" "cadvisor" {
|
|||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||
"traefik.frontend.headers.customresponseheaders" = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||
"traefik.frontend.headers.customresponseheaders" = "${var.xpoweredby}"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
resource "docker_container" "traefik" {
|
||||
name = "traefik"
|
||||
image = "${docker_image.traefik.latest}"
|
||||
|
||||
# Admin Backend
|
||||
ports {
|
||||
internal = 1111
|
||||
external = 1111
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
# Local Web Server
|
||||
ports {
|
||||
internal = 80
|
||||
external = 8888
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
# Local Web Server
|
||||
ports {
|
||||
internal = 80
|
||||
external = 80
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
# Local Web Server (HTTPS)
|
||||
ports {
|
||||
internal = 443
|
||||
external = 443
|
||||
ip = "192.168.1.111"
|
||||
}
|
||||
|
||||
# Proxied via sydney.captnemo.in
|
||||
ports {
|
||||
internal = 443
|
||||
external = 443
|
||||
ip = "10.8.0.14"
|
||||
}
|
||||
|
||||
ports {
|
||||
internal = 80
|
||||
external = 80
|
||||
ip = "10.8.0.14"
|
||||
}
|
||||
|
||||
upload {
|
||||
content = "${file("${path.module}/conf/traefik.toml")}"
|
||||
file = "/etc/traefik/traefik.toml"
|
||||
}
|
||||
|
||||
volumes {
|
||||
host_path = "/var/run/docker.sock"
|
||||
container_path = "/var/run/docker.sock"
|
||||
read_only = true
|
||||
}
|
||||
|
||||
volumes {
|
||||
host_path = "/mnt/xwing/config/acme"
|
||||
container_path = "/acme"
|
||||
}
|
||||
|
||||
memory = 256
|
||||
restart = "unless-stopped"
|
||||
destroy_grace_seconds = 10
|
||||
must_run = true
|
||||
|
||||
env = [
|
||||
"CLOUDFLARE_EMAIL=${var.cloudflare_email}",
|
||||
"CLOUDFLARE_API_KEY=${var.cloudflare_key}"
|
||||
]
|
||||
}
|
|
@ -31,11 +31,11 @@ variable "hsts_max_age" {
|
|||
}
|
||||
|
||||
variable "xfo_allow" {
|
||||
default = "ALLOW-FROM https://muximux.bb8.fun/"
|
||||
default = "ALLOW-FROM https://home.bb8.fun/"
|
||||
}
|
||||
|
||||
variable "xpoweredby" {
|
||||
default = "X-Powered-By:Allomancy,X-Server:Blackbox"
|
||||
default = "X-Powered-By:Allomancy||X-Server:Blackbox"
|
||||
}
|
||||
|
||||
variable "refpolicy" {
|
||||
|
|
Loading…
Reference in New Issue