change services for traefik support
This commit is contained in:
parent
0b60fba148
commit
f175f716a5
4 changed files with 57 additions and 33 deletions
26
README.md
26
README.md
|
|
@ -4,20 +4,15 @@
|
||||||
|
|
||||||
### nsd
|
### nsd
|
||||||
|
|
||||||
ZSK rollover.
|
- Change IPv6 addresses
|
||||||
|
- ZSK rollover.
|
||||||
I always resign the zone, even if nothing has changed.
|
- I always resign the zone, even if nothing has changed.
|
||||||
I could check whether the zone has changed or new keys were generated but that is kind of difficult.
|
I could check whether the zone has changed or new keys were generated but that is kind of difficult.
|
||||||
|
|
||||||
### reverse proxy + certbot
|
### Traefik
|
||||||
|
|
||||||
nginx? HA-proxy? Traefik?
|
create network
|
||||||
Enable reverse proxy rules if service is enabled.
|
make docker compose depend on traefik
|
||||||
Should probably start creating a seperate cert for each subdomain.
|
|
||||||
|
|
||||||
### Git server
|
|
||||||
|
|
||||||
GitLab? Gitea?
|
|
||||||
|
|
||||||
### Firewall
|
### Firewall
|
||||||
|
|
||||||
|
|
@ -25,6 +20,11 @@ Seems to be a little annoying with all the docker stuff
|
||||||
|
|
||||||
### Matrix
|
### Matrix
|
||||||
|
|
||||||
yes
|
|
||||||
|
|
||||||
### Peertube?
|
### Peertube?
|
||||||
|
|
||||||
|
### Gitea
|
||||||
|
|
||||||
|
- Fix SSH port
|
||||||
|
- Move over some repos
|
||||||
|
- Setup automatic syncing
|
||||||
|
- Use own git servers
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,8 @@
|
||||||
version: "3"
|
version: "3"
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
gitea:
|
traefik:
|
||||||
external: false
|
external: true
|
||||||
|
|
||||||
services:
|
services:
|
||||||
server:
|
server:
|
||||||
|
|
@ -13,12 +13,15 @@ services:
|
||||||
- USER_GID=1000
|
- USER_GID=1000
|
||||||
restart: always
|
restart: always
|
||||||
networks:
|
networks:
|
||||||
- gitea
|
- traefik
|
||||||
volumes:
|
volumes:
|
||||||
- /data/gitea:/data
|
- /data/gitea:/data
|
||||||
- /apps/gitea/conf:/data/gitea/conf
|
- /apps/gitea/conf:/data/gitea/conf
|
||||||
- /etc/timezone:/etc/timezone:ro
|
- /etc/timezone:/etc/timezone:ro
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
ports:
|
labels:
|
||||||
- "3003:3000"
|
- traefik.http.routers.gitea.entrypoints=websecure
|
||||||
# - "22:22" # Look into this some more later. Obviously needed for git.
|
- traefik.http.routers.gitea.rule=Host(`git.pizzapim.nl`)
|
||||||
|
- traefik.http.routers.gitea.tls=true
|
||||||
|
- traefik.http.routers.gitea.tls.certresolver=pizzapim
|
||||||
|
- traefik.http.services.gitea.loadbalancer.server.port=3000
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ services:
|
||||||
image: postgres:14-alpine
|
image: postgres:14-alpine
|
||||||
shm_size: 256mb
|
shm_size: 256mb
|
||||||
networks:
|
networks:
|
||||||
- internal_network
|
- default
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
test: ['CMD', 'pg_isready', '-U', 'postgres']
|
||||||
volumes:
|
volumes:
|
||||||
|
|
@ -20,7 +20,7 @@ services:
|
||||||
restart: always
|
restart: always
|
||||||
image: redis:7-alpine
|
image: redis:7-alpine
|
||||||
networks:
|
networks:
|
||||||
- internal_network
|
- default
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ['CMD', 'redis-cli', 'ping']
|
test: ['CMD', 'redis-cli', 'ping']
|
||||||
volumes:
|
volumes:
|
||||||
|
|
@ -34,8 +34,8 @@ services:
|
||||||
env_file: .env.production
|
env_file: .env.production
|
||||||
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
|
||||||
networks:
|
networks:
|
||||||
- external_network
|
- default
|
||||||
- internal_network
|
- traefik
|
||||||
healthcheck:
|
healthcheck:
|
||||||
# prettier-ignore
|
# prettier-ignore
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
|
||||||
|
|
@ -45,9 +45,16 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
- redis
|
- redis
|
||||||
# - es
|
|
||||||
volumes:
|
volumes:
|
||||||
- /data/mastodon/public/system:/mastodon/public/system
|
- /data/mastodon/public/system:/mastodon/public/system
|
||||||
|
labels:
|
||||||
|
- traefik.http.routers.mastodon.entrypoints=websecure
|
||||||
|
- traefik.http.routers.mastodon.rule=Host(`social.pizzapim.nl`)
|
||||||
|
- traefik.http.routers.mastodon.tls=true
|
||||||
|
- traefik.http.routers.mastodon.tls.certresolver=pizzapim
|
||||||
|
- traefik.http.services.mastodon.loadbalancer.server.port=3000
|
||||||
|
- traefik.http.routers.mastodon.service=mastodon
|
||||||
|
- traefik.docker.network=traefik
|
||||||
|
|
||||||
streaming:
|
streaming:
|
||||||
image: tootsuite/mastodon:v3.5.3
|
image: tootsuite/mastodon:v3.5.3
|
||||||
|
|
@ -55,8 +62,8 @@ services:
|
||||||
env_file: .env.production
|
env_file: .env.production
|
||||||
command: node ./streaming
|
command: node ./streaming
|
||||||
networks:
|
networks:
|
||||||
- external_network
|
- default
|
||||||
- internal_network
|
- traefik
|
||||||
healthcheck:
|
healthcheck:
|
||||||
# prettier-ignore
|
# prettier-ignore
|
||||||
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
||||||
|
|
@ -66,6 +73,12 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
- redis
|
- redis
|
||||||
|
labels:
|
||||||
|
- traefik.http.routers.mastodon-streaming.entrypoints=websecure
|
||||||
|
- "traefik.http.routers.mastodon-streaming.rule=(Host(`social.pizzapim.nl`) && PathPrefix(`/api/v1/streaming`))"
|
||||||
|
- traefik.http.routers.mastodon-streaming.service=mastodon-streaming
|
||||||
|
- traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000
|
||||||
|
- traefik.docker.network=traefik
|
||||||
|
|
||||||
sidekiq:
|
sidekiq:
|
||||||
image: tootsuite/mastodon:v3.5.3
|
image: tootsuite/mastodon:v3.5.3
|
||||||
|
|
@ -76,14 +89,12 @@ services:
|
||||||
- db
|
- db
|
||||||
- redis
|
- redis
|
||||||
networks:
|
networks:
|
||||||
- external_network
|
- default
|
||||||
- internal_network
|
|
||||||
volumes:
|
volumes:
|
||||||
- /data/mastodon/public/system:/mastodon/public/system
|
- /data/mastodon/public/system:/mastodon/public/system
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
external_network:
|
traefik:
|
||||||
internal_network:
|
external: true
|
||||||
internal: true
|
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,21 @@
|
||||||
version: '3'
|
version: '3'
|
||||||
|
|
||||||
|
networks:
|
||||||
|
traefik:
|
||||||
|
external: true
|
||||||
|
|
||||||
services:
|
services:
|
||||||
radicale:
|
radicale:
|
||||||
restart: always
|
restart: always
|
||||||
image: mailu/radicale:1.9
|
image: mailu/radicale:1.9
|
||||||
ports:
|
|
||||||
- '0.0.0.0:5232:5232'
|
|
||||||
volumes:
|
volumes:
|
||||||
- /data/radicale:/var/lib/radicale
|
- /data/radicale:/var/lib/radicale
|
||||||
- /apps/radicale/config:/radicale
|
- /apps/radicale/config:/radicale
|
||||||
command: radicale -S -C /radicale/radicale.conf
|
command: radicale -S -C /radicale/radicale.conf
|
||||||
|
networks:
|
||||||
|
- traefik
|
||||||
|
labels:
|
||||||
|
- traefik.http.routers.radicale.entrypoints=websecure
|
||||||
|
- traefik.http.routers.radicale.rule=Host(`dav.pizzapim.nl`)
|
||||||
|
- traefik.http.routers.radicale.tls=true
|
||||||
|
- traefik.http.routers.radicale.tls.certresolver=pizzapim
|
||||||
|
|
|
||||||
Reference in a new issue