Switch to locals for common traefik labels #4
15
docker/locals.tf
Normal file
15
docker/locals.tf
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
locals {
|
||||||
|
traefik_common_labels {
|
||||||
|
"traefik.enable" = "true"
|
||||||
|
// HSTS
|
||||||
|
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
||||||
|
"traefik.frontend.headers.STSSeconds" = "2592000"
|
||||||
|
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
||||||
|
// X-Powered-By, Server headers
|
||||||
|
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
||||||
|
// X-Frame-Options
|
||||||
|
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
||||||
|
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
||||||
|
"traefik.frontend.headers.browserXSSFilter" = "true"
|
||||||
|
}
|
||||||
|
}
|
197
docker/main.tf
197
docker/main.tf
@ -2,18 +2,12 @@ resource docker_container "transmission" {
|
|||||||
name = "transmission"
|
name = "transmission"
|
||||||
image = "${docker_image.transmission.latest}"
|
image = "${docker_image.transmission.latest}"
|
||||||
|
|
||||||
labels {
|
labels = "${merge(
|
||||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
local.traefik_common_labels,
|
||||||
"traefik.port" = 9091
|
map(
|
||||||
"traefik.enable" = "true"
|
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.port", 9091,
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
))}"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
|
||||||
}
|
|
||||||
|
|
||||||
ports {
|
ports {
|
||||||
internal = 51413
|
internal = 51413
|
||||||
@ -68,20 +62,14 @@ resource "docker_container" "emby" {
|
|||||||
container_path = "/media"
|
container_path = "/media"
|
||||||
}
|
}
|
||||||
|
|
||||||
labels {
|
labels = "${merge(
|
||||||
"traefik.frontend.rule" = "Host:emby.in.${var.domain},emby.${var.domain}"
|
local.traefik_common_labels,
|
||||||
"traefik.frontend.passHostHeader" = "true"
|
map(
|
||||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
"traefik.frontend.rule", "Host:emby.in.${var.domain},emby.${var.domain}",
|
||||||
"traefik.port" = 8096
|
"traefik.frontend.passHostHeader", "true",
|
||||||
"traefik.enable" = "true"
|
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.port", 8096,
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
))}"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
|
||||||
}
|
|
||||||
|
|
||||||
memory = 2048
|
memory = 2048
|
||||||
restart = "unless-stopped"
|
restart = "unless-stopped"
|
||||||
@ -117,18 +105,12 @@ resource "docker_container" "couchpotato" {
|
|||||||
container_path = "/movies"
|
container_path = "/movies"
|
||||||
}
|
}
|
||||||
|
|
||||||
labels {
|
labels = "${merge(
|
||||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
local.traefik_common_labels,
|
||||||
"traefik.port" = 5050
|
map(
|
||||||
"traefik.enable" = "true"
|
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.port", 5050,
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
))}"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
|
||||||
}
|
|
||||||
|
|
||||||
memory = 256
|
memory = 256
|
||||||
restart = "unless-stopped"
|
restart = "unless-stopped"
|
||||||
@ -175,17 +157,13 @@ resource "docker_container" "airsonic" {
|
|||||||
container_path = "/airsonic/podcasts"
|
container_path = "/airsonic/podcasts"
|
||||||
}
|
}
|
||||||
|
|
||||||
labels {
|
labels = "${merge(
|
||||||
"traefik.frontend.rule" = "Host:airsonic.in.${var.domain},airsonic.${var.domain}"
|
local.traefik_common_labels,
|
||||||
"traefik.frontend.passHostHeader" = "true"
|
map(
|
||||||
"traefik.port" = 4040
|
"traefik.frontend.rule", "Host:airsonic.in.${var.domain},airsonic.${var.domain}",
|
||||||
"traefik.enable" = "true"
|
"traefik.frontend.passHostHeader", "true",
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.port", 4040,
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
))}"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_container" "headerdebug" {
|
resource "docker_container" "headerdebug" {
|
||||||
@ -198,17 +176,13 @@ resource "docker_container" "headerdebug" {
|
|||||||
|
|
||||||
memory = 16
|
memory = 16
|
||||||
|
|
||||||
labels {
|
labels = "${merge(
|
||||||
"traefik.frontend.rule" = "Host:debug.in.${var.domain}"
|
local.traefik_common_labels,
|
||||||
"traefik.frontend.passHostHeader" = "true"
|
map(
|
||||||
"traefik.port" = 8080
|
"traefik.frontend.rule", "Host:debug.in.${var.domain},debug.${var.domain}",
|
||||||
"traefik.enable" = "true"
|
"traefik.port", 8080,
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.enable", "true",
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
))}"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "docker_container" "sickrage" {
|
resource "docker_container" "sickrage" {
|
||||||
@ -236,19 +210,13 @@ resource "docker_container" "sickrage" {
|
|||||||
container_path = "/tv"
|
container_path = "/tv"
|
||||||
}
|
}
|
||||||
|
|
||||||
labels {
|
labels = "${merge(
|
||||||
"traefik.frontend.passHostHeader" = "false"
|
local.traefik_common_labels,
|
||||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
map(
|
||||||
"traefik.port" = 8081
|
"traefik.frontend.passHostHeader", "false",
|
||||||
"traefik.enable" = "true"
|
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.port", 8081,
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
))}"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
|
||||||
}
|
|
||||||
|
|
||||||
env = [
|
env = [
|
||||||
"PUID=1004",
|
"PUID=1004",
|
||||||
@ -286,18 +254,12 @@ resource "docker_container" "headphones" {
|
|||||||
file = "/config/config.ini"
|
file = "/config/config.ini"
|
||||||
}
|
}
|
||||||
|
|
||||||
labels {
|
labels = "${merge(
|
||||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
local.traefik_common_labels,
|
||||||
"traefik.port" = 8181
|
map(
|
||||||
"traefik.enable" = "true"
|
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.port", 8181,
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
))}"
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
|
||||||
}
|
|
||||||
|
|
||||||
# lounge:tatooine
|
# lounge:tatooine
|
||||||
env = [
|
env = [
|
||||||
@ -396,19 +358,18 @@ resource "docker_container" "wiki" {
|
|||||||
container_path = "/data"
|
container_path = "/data"
|
||||||
}
|
}
|
||||||
|
|
||||||
labels {
|
// The last header is a workaround for double header traefik bug
|
||||||
"traefik.frontend.rule" = "Host:wiki.${var.domain}"
|
// This might be actually breaking iframe till the 1.5 Final release.
|
||||||
"traefik.frontend.passHostHeader" = "true"
|
|
||||||
"traefik.port" = 9999
|
|
||||||
"traefik.enable" = "true"
|
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}"
|
|
||||||
}
|
|
||||||
|
|
||||||
|
labels = "${merge(
|
||||||
|
local.traefik_common_labels,
|
||||||
|
map(
|
||||||
|
"traefik.frontend.rule", "Host:wiki.${var.domain}",
|
||||||
|
"traefik.frontend.passHostHeader", "true",
|
||||||
|
"traefik.port", 9999,
|
||||||
|
"traefik.frontend.headers.customResponseHeaders", "${var.xpoweredby}||Referrer-Policy:${var.refpolicy}||X-Frame-Options:${var.xfo_allow}",
|
||||||
|
))}"
|
||||||
links = ["mongorocks"]
|
links = ["mongorocks"]
|
||||||
|
|
||||||
env = [
|
env = [
|
||||||
"WIKI_ADMIN_EMAIL=me@captnemo.in",
|
"WIKI_ADMIN_EMAIL=me@captnemo.in",
|
||||||
"SESSION_SECRET=${var.wiki_session_secret}",
|
"SESSION_SECRET=${var.wiki_session_secret}",
|
||||||
@ -429,20 +390,15 @@ resource "docker_container" "muximux" {
|
|||||||
container_path = "/config"
|
container_path = "/config"
|
||||||
}
|
}
|
||||||
|
|
||||||
labels {
|
labels = "${merge(
|
||||||
"traefik.frontend.rule" = "Host:home.in.${var.domain},home.${var.domain}"
|
local.traefik_common_labels,
|
||||||
"traefik.frontend.passHostHeader" = "false"
|
map(
|
||||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
"traefik.port", 80,
|
||||||
"traefik.port" = 80
|
"traefik.frontend.headers.frameDeny", "true",
|
||||||
"traefik.enable" = "true"
|
"traefik.frontend.passHostHeader", "false",
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
"traefik.frontend.rule", "Host:home.in.${var.domain},home.${var.domain}",
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
))}"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
|
||||||
"traefik.frontend.headers.frameDeny" = "true"
|
|
||||||
}
|
|
||||||
|
|
||||||
# lounge:tatooine
|
# lounge:tatooine
|
||||||
env = [
|
env = [
|
||||||
@ -490,17 +446,12 @@ resource "docker_container" "cadvisor" {
|
|||||||
container_path = "/var/run"
|
container_path = "/var/run"
|
||||||
}
|
}
|
||||||
|
|
||||||
labels {
|
labels = "${merge(
|
||||||
"traefik.frontend.rule" = "Host:cadvisor.${var.domain}"
|
local.traefik_common_labels,
|
||||||
"traefik.frontend.auth.basic" = "${var.basic_auth}"
|
map(
|
||||||
"traefik.port" = 8080
|
|
||||||
"traefik.enable" = "true"
|
"traefik.frontend.passHostHeader", "true",
|
||||||
"traefik.frontend.headers.SSLTemporaryRedirect" = "true"
|
"traefik.frontend.auth.basic", "${var.basic_auth}",
|
||||||
"traefik.frontend.headers.STSSeconds" = "2592000"
|
"traefik.port", 8080,
|
||||||
"traefik.frontend.headers.STSIncludeSubdomains" = "false"
|
))}"
|
||||||
"traefik.frontend.headers.contentTypeNosniff" = "true"
|
|
||||||
"traefik.frontend.headers.browserXSSFilter" = "true"
|
|
||||||
"traefik.frontend.headers.customFrameOptionsValue" = "${var.xfo_allow}"
|
|
||||||
"traefik.frontend.headers.customResponseHeaders" = "${var.xpoweredby}"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -9,7 +9,6 @@ resource "docker_container" "traefik" {
|
|||||||
ip = "${var.ips["eth0"]}"
|
ip = "${var.ips["eth0"]}"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Admin Backend
|
|
||||||
ports {
|
ports {
|
||||||
internal = 1111
|
internal = 1111
|
||||||
external = 1111
|
external = 1111
|
||||||
|
Loading…
Reference in New Issue
Block a user