push
This commit is contained in:
4
files/swarm/config/traefik-dynamic-configuration.yml
Normal file
4
files/swarm/config/traefik-dynamic-configuration.yml
Normal file
@@ -0,0 +1,4 @@
|
||||
tls:
|
||||
certificates:
|
||||
- certFile: /run/secrets/wildcard-jingoh-private.crt
|
||||
keyFile: /run/secrets/wildcard-jingoh-private.key
|
||||
156
files/swarm/stack.yml
Normal file
156
files/swarm/stack.yml
Normal file
@@ -0,0 +1,156 @@
|
||||
version: '3.13'
|
||||
# https://github.com/akhil/traefik-docker-swarm-example/blob/master/traefik.yml
|
||||
# services:
|
||||
# traefik:
|
||||
# # Image tag (replace with yours)
|
||||
# image: traefik:latest
|
||||
# command:
|
||||
# - "--log.level=DEBUG"
|
||||
# - "--accesslog=true"
|
||||
# - "--api.dashboard=true"
|
||||
# - "--api.insecure=true"
|
||||
# - "--entryPoints.web.address=:80"
|
||||
# - "--entryPoints.websecure.address=:443"
|
||||
# - "--providers.docker=true"
|
||||
# - "--providers.docker.watch=true"
|
||||
# - "--providers.swarm=true"
|
||||
# - "--providers.docker.network=public"
|
||||
# - "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
||||
# - "--providers.docker.exposedByDefault=false"
|
||||
# - "--providers.file.filename=/etc/traefik/configs/traefik-dynamic-configuration.yml"
|
||||
# # - "--metrics.prometheus=true"
|
||||
# # - "--metrics.prometheus.buckets=0.1,0.3,1.2,5.0"
|
||||
# - "--global.checkNewVersion=true"
|
||||
# - "--global.sendAnonymousUsage=false"
|
||||
# volumes:
|
||||
# - /var/run/docker.sock:/var/run/docker.sock
|
||||
# networks:
|
||||
# - public
|
||||
# ports:
|
||||
# - "80:80"
|
||||
# - "443:443"
|
||||
# # For Mattermost
|
||||
# # - "8443:8443"
|
||||
# configs:
|
||||
# - source: traefik-dynamic-configuration
|
||||
# target: /etc/traefik/configs/traefik-dynamic-configuration.yml
|
||||
# secrets:
|
||||
# - wildcard-jingoh-private.crt
|
||||
# - wildcard-jingoh-private.key
|
||||
# deploy:
|
||||
# mode: replicated
|
||||
# replicas: 1
|
||||
# placement:
|
||||
# constraints:
|
||||
# - node.role == manager
|
||||
# update_config:
|
||||
# delay: 15s
|
||||
# parallelism: 1
|
||||
# monitor: 10s
|
||||
# failure_action: rollback
|
||||
# max_failure_ratio: 0.55
|
||||
# # Container resources (replace with yours)
|
||||
# resources:
|
||||
# limits:
|
||||
# cpus: '1.55'
|
||||
# memory: 2G
|
||||
# reservations:
|
||||
# cpus: '0.55'
|
||||
# memory: 1G
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
# # Traefik URL (replace with yours)
|
||||
# - "traefik.http.routers.dashboard.rule=Host(`traefikswarm.jingoh.private`)"
|
||||
# - "traefik.http.routers.dashboard.service=api@internal"
|
||||
# - "traefik.http.routers.dashboard.entrypoints=websecure"
|
||||
# - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
|
||||
# - "traefik.http.routers.dashboard.tls=true"
|
||||
# - "traefik.http.services.dashboard.loadbalancer.passhostheader=true"
|
||||
# - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
|
||||
# - "traefik.http.routers.http-catchall.entrypoints=web"
|
||||
# - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
||||
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
|
||||
# agent:
|
||||
# image: portainer/agent:latest
|
||||
# environment:
|
||||
# # REQUIRED: Should be equal to the service name prefixed by "tasks." when
|
||||
# # deployed inside an overlay network
|
||||
# AGENT_CLUSTER_ADDR: tasks.agent
|
||||
# # AGENT_PORT: 9001
|
||||
# # LOG_LEVEL: debug
|
||||
# volumes:
|
||||
# - /var/run/docker.sock:/var/run/docker.sock
|
||||
# - /var/lib/docker/volumes:/var/lib/docker/volumes
|
||||
# networks:
|
||||
# - agent_network
|
||||
# deploy:
|
||||
# mode: global
|
||||
# placement:
|
||||
# constraints: [node.platform.os == linux]
|
||||
|
||||
# portainer:
|
||||
# image: portainer/portainer-ce:latest
|
||||
# command: -H tcp://tasks.agent:9001 --tlsskipverify --http-enabled
|
||||
# volumes:
|
||||
# - /var/run/docker.sock:/var/run/docker.sock
|
||||
# - portainer_data:/data
|
||||
# - /etc/localtime:/etc/localtime
|
||||
# networks:
|
||||
# - public
|
||||
# - agent_network
|
||||
# deploy:
|
||||
# mode: replicated
|
||||
# replicas: 1
|
||||
# placement:
|
||||
# constraints: [node.role == manager]
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
# - "traefik.http.routers.portainer.rule=Host(`portainer.jingoh.private`)"
|
||||
# - "traefik.http.routers.portainer.entrypoints=websecure"
|
||||
# - "traefik.http.routers.portainer.service=portainer"
|
||||
# - "traefik.http.services.portainer.loadbalancer.server.port=9443"
|
||||
# - "traefik.http.routers.portainer.tls=true"
|
||||
# - "traefik.http.services.portainer.loadbalancer.passhostheader=true"
|
||||
# # Edge
|
||||
# - "traefik.http.routers.edge.rule=Host(`edge.jingoh.private`)"
|
||||
# - "traefik.http.routers.edge.entrypoints=websecure"
|
||||
# - "traefik.http.services.edge.loadbalancer.server.port=8000"
|
||||
# - "traefik.http.routers.edge.service=edge"
|
||||
# - "traefik.http.routers.edge.tls=true"
|
||||
# - "traefik.http.services.edge.loadbalancer.passhostheader=true"
|
||||
|
||||
# whoami:
|
||||
# image: "traefik/whoami"
|
||||
# deploy:
|
||||
# labels:
|
||||
# - "traefik.enable=true"
|
||||
# - "traefik.http.routers.whoami.rule=Host(`whoamitest.jingoh.private`)"
|
||||
# - "traefik.http.routers.whoami.entrypoints=websecure"
|
||||
# - "traefik.http.services.whoami.loadbalancer.server.port=80"
|
||||
# - "traefik.http.routers.whoami.tls=true"
|
||||
# - "traefik.http.services.whoami.loadbalancer.passhostheader=true"
|
||||
# networks:
|
||||
# - public
|
||||
|
||||
# networks:
|
||||
# public:
|
||||
# external: true
|
||||
# agent_network:
|
||||
# external: true
|
||||
# attachable: true
|
||||
# volumes:
|
||||
# portainer_data:
|
||||
|
||||
|
||||
|
||||
# configs:
|
||||
# traefik-dynamic-configuration:
|
||||
# external: true
|
||||
|
||||
# secrets:
|
||||
# wildcard-jingoh-private.crt:
|
||||
# external: true
|
||||
|
||||
# wildcard-jingoh-private.key:
|
||||
# external: true
|
||||
22
files/swarm/tls/jingoh.private.crt
Normal file
22
files/swarm/tls/jingoh.private.crt
Normal file
@@ -0,0 +1,22 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDrzCCApegAwIBAgIUKJ9Qnulnmv91wS0XQXuFAAJTLOkwDQYJKoZIhvcNAQEL
|
||||
BQAwcTELMAkGA1UEBhMCRlIxFzAVBgNVBAgMDklsZXMtZGUtZnJhbmNlMQ4wDAYD
|
||||
VQQHDAVQYXJpczEPMA0GA1UECgwGamluZ29oMQ8wDQYDVQQLDAZqaW5nb2gxFzAV
|
||||
BgNVBAMMDmppbmdvaC5wcml2YXRlMB4XDTI0MDQxNzE5MDIxMloXDTM0MDQxNTE5
|
||||
MDIxMlowcTELMAkGA1UEBhMCRlIxFzAVBgNVBAgMDklsZXMtZGUtZnJhbmNlMQ4w
|
||||
DAYDVQQHDAVQYXJpczEPMA0GA1UECgwGamluZ29oMQ8wDQYDVQQLDAZqaW5nb2gx
|
||||
FzAVBgNVBAMMDmppbmdvaC5wcml2YXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
|
||||
MIIBCgKCAQEAuvwbT5XwP4wOhPLubWk7KBdt1+taFV/YNIkx+Ky9Nb+eceJ8iYXm
|
||||
Xy9bRK0WTdTiwOLC60h3WigsMMPc8sI1FiW3jfHMU8Z2GqJTHFM6CP1LcN+LpKZZ
|
||||
f8pZu3ONMhTcaPGvGYH+GAdi8Qk7rRskirZlImsA6lGDoteKKF/Xc4Y6IoIxIZ7X
|
||||
SK7klO/qN0ZPHWiu9QAtNBc4vVZEz83aXEbKH7eCOtSz07cOIT6yrvUF11225Y0e
|
||||
nn+DOLEcBBwI5KLco0udERz/Epn90eUWgbibP4QIaVQJypFC17RU3fXkiqZjb0Qy
|
||||
B2WEYi8awyB6KgZfu1PvzuvHYuKugBeYVwIDAQABoz8wPTAJBgNVHRMEAjAAMBsG
|
||||
A1UdEQQUMBKCECouamluZ29oLnByaXZhdGUwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
|
||||
DQYJKoZIhvcNAQELBQADggEBAJ2hJ5SW9TD9yLecxG++x/jl32oxYJ/EyDPXZNHw
|
||||
fAb+9YmniThDEJTJ2RJTOIhZz6uqdjfP+37sFDu17SMvxauG78RIYSaTGnIaoiXt
|
||||
v5Uh4apUR1DOOPoZoUX82ZQJEJ5LenO+EFHevYbzgcDW61T/oByPwK8FOtLqQMHe
|
||||
SC09WsGyLQ/hls+4EgxQFyl7UN5T9NK6xrQrHwNbV0IgHcnGcTSkzRj4mt1nzsdh
|
||||
Enq/Ztz9iefxqDvHPFRRtcqDv+Ozh7zSuxVfP3tb7+5Ak7j/0Txi5NAbo+F3opAD
|
||||
8eeY2dTgxc9sV1esvB305zgl4SUkfLD+BDjOjn/NvWFj2i0=
|
||||
-----END CERTIFICATE-----
|
||||
27
files/swarm/tls/jingoh.private.key
Normal file
27
files/swarm/tls/jingoh.private.key
Normal file
@@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAuvwbT5XwP4wOhPLubWk7KBdt1+taFV/YNIkx+Ky9Nb+eceJ8
|
||||
iYXmXy9bRK0WTdTiwOLC60h3WigsMMPc8sI1FiW3jfHMU8Z2GqJTHFM6CP1LcN+L
|
||||
pKZZf8pZu3ONMhTcaPGvGYH+GAdi8Qk7rRskirZlImsA6lGDoteKKF/Xc4Y6IoIx
|
||||
IZ7XSK7klO/qN0ZPHWiu9QAtNBc4vVZEz83aXEbKH7eCOtSz07cOIT6yrvUF1122
|
||||
5Y0enn+DOLEcBBwI5KLco0udERz/Epn90eUWgbibP4QIaVQJypFC17RU3fXkiqZj
|
||||
b0QyB2WEYi8awyB6KgZfu1PvzuvHYuKugBeYVwIDAQABAoIBACqQz4rLgDiHIpsD
|
||||
TmGbzfqvcrLvgb9R5T74aGbKs/vzVhdozp7j23CZsDYvDN/E8aWlOWgkQ/9DG+Qy
|
||||
Ai9FJJ6ZEXL/s1ry19nyT+cnzxNSzgSw7vIZaFBd+RViFadr9kzxj8HHxNclf1GN
|
||||
n4cloajuIpG2OCwfSE8er/XG8535cc7aErTpuhj5EoqRtYy++VkiC0d3VSaCE/uW
|
||||
J1ulfGnaZ3qiJfr6o+0xlTPYFcK5pkm+3uvTdSYZeLSSJPfnnaqx7G8yxoVZ1QaH
|
||||
3Sey4Ax1Y8vGYtbJ2ZS7NlnBgbgSDPGimZMFfoGFThK4Y5AcqGIEByZvOSByXnQ6
|
||||
tHiB6OECgYEA3KJIThM+RtwAk17MoRvkdUl+iPj0k+Go7lJQycFgCeNfp2rylqYm
|
||||
K1/Hzo0rSueVVRO3iL+clxt3bYHHNk62nJnp+nnkAaETTs9A8QRwGk418BKw9HyR
|
||||
faSrmXkTgKlY+sWrwECP9SyLa80UPyWIyIeOqb/zvjfirRRaPRFQTrECgYEA2PUI
|
||||
HYSqia+iOm4XEOtlUMHbNnLhW/aFhBingABt/CMO0cPTCCYdEzS+xDZzF7MROHzd
|
||||
O6zJyLUtenTIwN3dcVTWCPCRxcAY4p6V/PjV0c/b0vteQ4WWFM/l6ubTAwX+uJih
|
||||
SQREkqseMPLAqeEX84yZfqb/N3s2N2GuGIbP6YcCgYEAsztlz38UbU3VbeJqC0r0
|
||||
WU896pmLXgLIT+ow1OUxVncOQpu/vB/3C+9ACoxlqfDdQALHauB1nc9jQmNV6Mki
|
||||
0a67A443ahdm7vOwhtqbEtOMP51/gO0c59t4xzEzZaassPMZphEMoRfxnr43f2DH
|
||||
cFemzkEwCcuuafoJoGhLO9ECgYA2yAg4i9sT0QlBf7LLTuTSM2DKqs9EjUbBSAhj
|
||||
Rbh/xcpkJPIQSK9mvha9LJJ7FXfvr3edLc/1oenN1dcq+9qCV02EDFqCeDLQZgKx
|
||||
UZOL2tRCvb3bhsuSjbwcSBRX2xeqPL/c0/sMnbCN433KZ0/I62OGm1wuAip6aWuw
|
||||
PboZ2QKBgFaEqOCUFMGHet0A/BOGkzkpCZsXl+EDqvx9l7s30vdv2NIoNR8V+Zl3
|
||||
B2arO/jGjDZnbGJcHG6B7WrCX8aJyM7Fm9akbreL7lWWzqKXs1lDHwAxqQN/TllI
|
||||
tO5XRx7AHoJXkEmzKAwQWAbKzRKLTp0x9lcOBGz8CR29oPxZI2/H
|
||||
-----END RSA PRIVATE KEY-----
|
||||
Reference in New Issue
Block a user