Mejorando configuracion de stacks usando traefik

2025-11-08 01:11:42 -03:00
parent 115aac9d2a
commit cc93471cb0
22 changed files with 317 additions and 164 deletions
--- a/stacks/traefik/dynamic/komodo.yml
+++ b/stacks/traefik/dynamic/komodo.yml
@@ -0,0 +1,16 @@
+http:
+  routers:
+    komodo:
+      rule: Host(`komodo.skrd.fun`)
+      entryPoints:
+        - websecure
+      service: komodo-svc
+      tls:
+        certResolver: cf
+      middlewares:
+        - local-only
+  services:
+    komodo-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.102.1:9120"
--- a/stacks/traefik/dynamic/middlewares.yml
+++ b/stacks/traefik/dynamic/middlewares.yml
@@ -0,0 +1,12 @@
+http:
+  middlewares:
+    local-only:
+      ipWhiteList:
+        sourceRange:
+          - "192.168.0.0/16"
+          - "10.0.0.0/8"
+          - "127.0.0.1/32"
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
--- a/stacks/traefik/trafik.yml
+++ b/stacks/traefik/trafik.yml
@@ -0,0 +1,42 @@
+services:
+  traefik:
+    image: traefik:v3.5
+    command:
+      - "--log.level=DEBUG"
+      - "--accesslog=true"
+      - "--api.dashboard=true"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.directory=/dynamic"
+      - "--providers.file.watch=true"
+      - "--entryPoints.web.address=:80"
+      - "--entryPoints.websecure.address=:443"
+      - "--certificatesresolvers.cf.acme.dnschallenge=true"
+      - "--certificatesresolvers.cf.acme.dnschallenge.provider=cloudflare"
+      - "--certificatesresolvers.cf.acme.email=tls@skrd.fun"
+      - "--certificatesresolvers.cf.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard-web.rule=Host(`traefik.skrd.fun`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))"
+      - "traefik.http.routers.dashboard-web.entrypoints=web"
+      - "traefik.http.routers.dashboard-web.middlewares=local-only@file, redirect-to-https@file"
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.skrd.fun`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.tls.certresolver=cf"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.middlewares=local-only@file"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/letsencrypt:/letsencrypt"
+      - "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/dynamic:/dynamic"
+    environment:
+      CF_API_EMAIL: "${CF_API_EMAIL}"
+      CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN}"
+
+networks:
+  default:
+    name: traefik