Fanch
11 months ago
15 changed files with 1904 additions and 0 deletions
@ -0,0 +1 @@ |
|||
../../config/dockers.env |
@ -0,0 +1,67 @@ |
|||
version: '3' |
|||
|
|||
services: |
|||
|
|||
prometheus: |
|||
image: prom/prometheus:v2.15.2 |
|||
restart: unless-stopped |
|||
container_name: ${prometheusServName} |
|||
volumes: |
|||
- ./prometheus/:/etc/prometheus/ |
|||
- prometheus:/prometheus |
|||
- /etc/timezone:/etc/timezone:ro |
|||
- /etc/localtime:/etc/localtime:ro |
|||
command: |
|||
- "--web.route-prefix=/" |
|||
- "--web.external-url=https://${site}.${domain}/prometheus" |
|||
- "--config.file=/etc/prometheus/prometheus.yml" |
|||
- "--storage.tsdb.path=/prometheus" |
|||
- "--web.console.libraries=/usr/share/prometheus/console_libraries" |
|||
- "--web.console.templates=/usr/share/prometheus/consoles" |
|||
networks: |
|||
- traefikNet |
|||
labels: |
|||
- "traefik.enable=true" |
|||
- "traefik.http.routers.prometheus-secure.entrypoints=websecure" |
|||
- "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus" |
|||
- "traefik.http.routers.prometheus-secure.rule=Host(`${site}.${domain}`) && PathPrefix(`/prometheus`)" |
|||
# - "traefik.http.routers.prometheus-secure.tls=true" |
|||
- "traefik.http.routers.prometheus-secure.middlewares=prometheus-stripprefix,test-adminipwhitelist@file,traefik-auth" |
|||
- "traefik.http.routers.prometheus-secure.service=prometheus" |
|||
- "traefik.http.services.prometheus.loadbalancer.server.port=9090" |
|||
- "traefik.docker.network=traefikNet" |
|||
|
|||
grafana: |
|||
image: grafana/grafana:6.6.1 |
|||
restart: unless-stopped |
|||
container_name: ${grafanaServName} |
|||
volumes: |
|||
- grafana:/var/lib/grafana |
|||
- ./grafana/provisioning:/etc/grafana/provisioning |
|||
- /etc/timezone:/etc/timezone:ro |
|||
- /etc/localtime:/etc/localtime:ro |
|||
env_file: |
|||
- grafana.env |
|||
depends_on: |
|||
- prometheus |
|||
networks: |
|||
- traefikNet |
|||
labels: |
|||
- "traefik.enable=true" |
|||
- "traefik.http.routers.grafana-secure.entrypoints=websecure" |
|||
- "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana" |
|||
- "traefik.http.routers.grafana-secure.rule=Host(`${site}.${domain}`) && PathPrefix(`/grafana`)" |
|||
# - "traefik.http.routers.grafana-secure.tls=true" |
|||
- "traefik.http.routers.grafana-secure.service=grafana" |
|||
- "traefik.http.routers.grafana-secure.middlewares=grafana-stripprefix,test-adminipwhitelist@file,traefik-auth" |
|||
- "traefik.http.services.grafana.loadbalancer.server.port=3000" |
|||
- "traefik.docker.network=traefikNet" |
|||
|
|||
networks: |
|||
traefikNet: |
|||
external: true |
|||
name: traefikNet |
|||
|
|||
volumes: |
|||
prometheus: |
|||
grafana: |
@ -0,0 +1,6 @@ |
|||
GF_AUTH_ANONYMOUS_ENABLED=true |
|||
GF_AUTH_BASIC_ENABLED=false |
|||
GF_AUTH_PROXY_ENABLED=false |
|||
GF_USERS_ALLOW_SIGN_UP=false |
|||
GF_INSTALL_PLUGINS=grafana-piechart-panel |
|||
GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s:%(http_port)s/grafana |
@ -0,0 +1,21 @@ |
|||
apiVersion: 1 |
|||
|
|||
providers: |
|||
# <string> provider name |
|||
- name: 'default' |
|||
# <int> org id. will default to orgId 1 if not specified |
|||
orgId: 1 |
|||
# <string, required> name of the dashboard folder. Required |
|||
folder: '' |
|||
# <string> folder UID. will be automatically generated if not specified |
|||
folderUid: '' |
|||
# <string, required> provider type. Required |
|||
type: file |
|||
# <bool> disable dashboard deletion |
|||
disableDeletion: false |
|||
# <bool> enable dashboard editing |
|||
editable: true |
|||
# <int> how often Grafana will scan for changed dashboards |
|||
updateIntervalSeconds: 10 |
|||
options: |
|||
path: /etc/grafana/provisioning/dashboards |
File diff suppressed because it is too large
@ -0,0 +1,50 @@ |
|||
# config file version |
|||
apiVersion: 1 |
|||
|
|||
# list of datasources that should be deleted from the database |
|||
deleteDatasources: |
|||
- name: Prometheus |
|||
orgId: 1 |
|||
|
|||
# list of datasources to insert/update depending |
|||
# whats available in the database |
|||
datasources: |
|||
# <string, required> name of the datasource. Required |
|||
- name: Prometheus |
|||
# <string, required> datasource type. Required |
|||
type: prometheus |
|||
# <string, required> access mode. direct or proxy. Required |
|||
access: proxy |
|||
# <int> org id. will default to orgId 1 if not specified |
|||
orgId: 1 |
|||
# <string> url |
|||
url: http://prometheus:9090 |
|||
# <string> database password, if used |
|||
password: |
|||
# <string> database user, if used |
|||
user: |
|||
# <string> database name, if used |
|||
database: |
|||
# <bool> enable/disable basic auth |
|||
basicAuth: false |
|||
# <string> basic auth username |
|||
basicAuthUser: |
|||
# <string> basic auth password |
|||
basicAuthPassword: |
|||
# <bool> enable/disable with credentials headers |
|||
withCredentials: |
|||
# <bool> mark as default datasource. Max one per org |
|||
isDefault: true |
|||
# <map> fields that will be converted to json and stored in json_data |
|||
jsonData: |
|||
graphiteVersion: "1.1" |
|||
tlsAuth: false |
|||
tlsAuthWithCACert: false |
|||
# <string> json object of data that will be encrypted. |
|||
secureJsonData: |
|||
tlsCACert: "..." |
|||
tlsClientCert: "..." |
|||
tlsClientKey: "..." |
|||
version: 1 |
|||
# <bool> allow users to edit datasources from the UI. |
|||
editable: true |
@ -0,0 +1,11 @@ |
|||
groups: |
|||
- name: traefik |
|||
rules: |
|||
- alert: service_down |
|||
expr: up == 0 |
|||
for: 2m |
|||
labels: |
|||
severity: page |
|||
annotations: |
|||
summary: "Instance {{ $labels.instance }} down" |
|||
description: "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 2 minutes" |
@ -0,0 +1,12 @@ |
|||
global: |
|||
scrape_interval: 15s |
|||
evaluation_interval: 15s |
|||
|
|||
rule_files: |
|||
- 'alert.rules' |
|||
|
|||
scrape_configs: |
|||
- job_name: 'traefik' |
|||
scrape_interval: 5s |
|||
static_configs: |
|||
- targets: ['dashboard.kaz.sns:8289','dashboard2.kaz.sns:8289'] |
@ -0,0 +1 @@ |
|||
../../config/dockers.env |
@ -0,0 +1,20 @@ |
|||
#tls: |
|||
# certificates: |
|||
# - certFile: __SSL_CERT__ |
|||
# keyFile: __SSL_KEY__ |
|||
# |
|||
# stores: |
|||
# default: |
|||
# defaultCertificate: |
|||
# certFile: __SSL_CERT__ |
|||
# keyFile: __SSL_KEY__ |
|||
# options: |
|||
# default: |
|||
# minVersion: VersionTLS12 |
|||
# cipherSuites: |
|||
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
|||
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
|||
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
|||
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
|||
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 |
|||
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 |
@ -0,0 +1,11 @@ |
|||
# http: |
|||
# middlewares: |
|||
# redirect-to-https: |
|||
# redirectscheme: |
|||
# scheme: https |
|||
# permanent: true |
|||
# routers: |
|||
# http-catchall: |
|||
# rule: "HostRegexp(`{host:.+}`)" |
|||
# middlewares: redirect-to-https |
|||
# service: noop@internal |
@ -0,0 +1,54 @@ |
|||
providers: |
|||
file: |
|||
directory: "/etc/traefik/dynamic" |
|||
watch: true |
|||
docker: {} |
|||
|
|||
entryPoints: |
|||
web: |
|||
address: ":80" |
|||
websecure: |
|||
address: ":443" |
|||
http: |
|||
tls: |
|||
certResolver: letsencrypt |
|||
# Ajout d'un point d'entrée sur le port 8289 |
|||
metrics: |
|||
address: ":8289" |
|||
|
|||
#serversTransport: |
|||
# rootCAs: |
|||
# - /etc/letsencrypt/local/rootCA.pem |
|||
|
|||
|
|||
api: |
|||
dashboard: true |
|||
|
|||
accessLog: |
|||
filePath: "/var/log/traefik/access.log" |
|||
format: json |
|||
|
|||
certificatesresolvers: |
|||
letsencrypt: |
|||
acme: |
|||
# email: sysadmins@kaz.bzh |
|||
storage: /letsencrypt/acme.json |
|||
# caServer: "https://acme-staging.api.letsencrypt.org/directory" |
|||
httpChallenge: |
|||
entryPoint: web |
|||
|
|||
# Ajout de la partie métrique qui concerne Prometheus |
|||
metrics: |
|||
prometheus: |
|||
# Nom du point d'entrée défini au dessus |
|||
entryPoint: metrics |
|||
# On configure la latence des métriques |
|||
buckets: |
|||
- 0.1 |
|||
- 0.3 |
|||
- 1.2 |
|||
- 5.0 |
|||
# Ajout des métriques sur les points d'entrée |
|||
addEntryPointsLabels: true |
|||
# Ajout des services |
|||
addServicesLabels: true |
@ -0,0 +1,188 @@ |
|||
version: '3' |
|||
|
|||
services: |
|||
reverse-proxy: |
|||
# The official v2 Traefik docker image |
|||
image: traefik:v2.10 |
|||
container_name: ${traefikServName} |
|||
# Enables the web UI and tells Traefik to listen to docker |
|||
ports: |
|||
# The HTTP port |
|||
- ${MAIN_IP}:80:80 |
|||
- ${MAIN_IP}:443:443 |
|||
# The Web UI (enabled by --api.insecure=true) |
|||
# - ${MAIN_IP}:8289:8289 |
|||
volumes: |
|||
# So that Traefik can listen to the Docker events |
|||
- /var/run/docker.sock:/var/run/docker.sock:ro |
|||
- ./conf:/etc/traefik/ |
|||
- letsencrypt:/letsencrypt |
|||
environment: |
|||
- TRAEFIK_PROVIDERS_DOCKER=true |
|||
- TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false |
|||
- TRAEFIK_API=true |
|||
- TRAEFIK_PROVIDERS_FILE_DIRECTORY=/etc/traefik/dynamic |
|||
- TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80 |
|||
- TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=websecure |
|||
- TRAEFIK_ENTRYPOINTS_websecure_ADDRESS=:443 |
|||
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_CERTRESOLVER=letsencrypt |
|||
#- TRAEFIK_ENTRYPOINTS_metrics_ADDRESS=:8289 |
|||
#- TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT=metrics |
|||
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=postmaster@${domain} |
|||
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server} |
|||
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json |
|||
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_TLSCHALLENGE=true |
|||
- TRAEFIK_LOG_LEVEL=INFO |
|||
#- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_HTTPCHALLENGE=true |
|||
#- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_HTTPCHALLENGE_ENTRYPOINT=web |
|||
labels: |
|||
- "traefik.enable=true" |
|||
- "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`)" |
|||
- "traefik.http.routers.traefik_https.entrypoints=websecure" |
|||
# - "traefik.http.routers.traefik_https.tls=true" |
|||
- "traefik.http.routers.traefik_https.service=api@internal" |
|||
- "traefik.http.routers.traefik_https.middlewares=test-adminipwhitelist@file,traefik-auth" |
|||
# - "traefik.http.routers.traefik_https.tls.certresolver=letsencrypt" |
|||
- "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/passfile" |
|||
networks: |
|||
- traefikNet |
|||
{{web |
|||
- webNet |
|||
}} |
|||
{{jirafeau |
|||
- jirafeauNet |
|||
}} |
|||
{{ethercalc |
|||
- ethercalcNet |
|||
}} |
|||
{{etherpad |
|||
- etherpadNet |
|||
}} |
|||
{{framadate |
|||
- framadateNet |
|||
}} |
|||
{{ldap |
|||
- ldapNet |
|||
}} |
|||
{{mobilizon |
|||
- mobilizonNet |
|||
}} |
|||
{{cloud |
|||
- cloudNet |
|||
}} |
|||
{{collabora |
|||
- collaboraNet |
|||
}} |
|||
{{garradin |
|||
- garradinNet |
|||
}} |
|||
{{mattermost |
|||
- mattermostNet |
|||
}} |
|||
{{roundcube |
|||
- roundcubeNet |
|||
}} |
|||
{{gitea |
|||
- giteaNet |
|||
}} |
|||
{{dokuwiki |
|||
- dokuwikiNet |
|||
}} |
|||
{{postfix |
|||
- postfixNet |
|||
}} |
|||
{{vaultwarden |
|||
- vaultwardenNet |
|||
}} |
|||
#### BEGIN ORGA USE_NET |
|||
#### END ORGA USE_NET |
|||
|
|||
networks: |
|||
traefikNet: |
|||
external: true |
|||
name: traefikNet |
|||
{{web |
|||
webNet: |
|||
external: true |
|||
name: webNet |
|||
}} |
|||
{{jirafeau |
|||
jirafeauNet: |
|||
external: true |
|||
name: jirafeauNet |
|||
}} |
|||
{{ethercalc |
|||
ethercalcNet: |
|||
external: true |
|||
name: ethercalcNet |
|||
}} |
|||
{{etherpad |
|||
etherpadNet: |
|||
external: true |
|||
name: etherpadNet |
|||
}} |
|||
{{framadate |
|||
framadateNet: |
|||
external: true |
|||
name: framadateNet |
|||
}} |
|||
{{ldap |
|||
ldapNet: |
|||
external: true |
|||
name: ldapNet |
|||
}} |
|||
{{mobilizon |
|||
mobilizonNet: |
|||
external: true |
|||
name: mobilizonNet |
|||
}} |
|||
{{cloud |
|||
cloudNet: |
|||
external: true |
|||
name: cloudNet |
|||
}} |
|||
{{collabora |
|||
collaboraNet: |
|||
external: true |
|||
name: collaboraNet |
|||
}} |
|||
{{garradin |
|||
garradinNet: |
|||
external: true |
|||
name: garradinNet |
|||
}} |
|||
{{mattermost |
|||
mattermostNet: |
|||
external: true |
|||
name: mattermostNet |
|||
}} |
|||
{{roundcube |
|||
roundcubeNet: |
|||
external: true |
|||
name: roundcubeNet |
|||
}} |
|||
{{gitea |
|||
giteaNet: |
|||
external: true |
|||
name: giteaNet |
|||
}} |
|||
{{dokuwiki |
|||
dokuwikiNet: |
|||
external: true |
|||
name: dokuwikiNet |
|||
}} |
|||
{{postfix |
|||
postfixNet: |
|||
external: true |
|||
name: postfixNet |
|||
}} |
|||
{{vaultwarden |
|||
vaultwardenNet: |
|||
external: true |
|||
name: vaultwardenNet |
|||
}} |
|||
#### BEGIN ORGA DEF_NET |
|||
#### END ORGA DEF_NET |
|||
|
|||
volumes: |
|||
letsencrypt: |
@ -0,0 +1,165 @@ |
|||
#!/bin/bash |
|||
|
|||
KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd) |
|||
. "${KAZ_ROOT}/bin/.commonFunctions.sh" |
|||
setKazVars |
|||
. "${DOCKERS_ENV}" |
|||
. "${KAZ_ROOT}/secret/SetAllPass.sh" |
|||
|
|||
printKazMsg "\n *** Proxy update config" |
|||
|
|||
#NGINX_TMPL=config/nginx.tmpl.conf |
|||
#NGINX_CONF=config/nginx.conf |
|||
DOCKER_DIST=docker-compose.tmpl.yml.dist |
|||
DOCKER_TMPL=docker-compose.tmpl.yml |
|||
DOCKER_CONF=docker-compose.yml |
|||
PASSFILE=conf/passfile |
|||
|
|||
ALLOW_ADMIN_IP_FILE="/kaz/secret/allow_admin_ip" |
|||
ALLOW_IP_FILE="/kaz/config/proxy/allow_ip" |
|||
|
|||
# TODO |
|||
# for service in agora cloud garradin wiki wp; do |
|||
# touch "${KAZ_CONF_PROXY_DIR}/${service}_kaz_map" |
|||
# touch "${KAZ_CONF_PROXY_DIR}/${service}_kaz_name" |
|||
# done |
|||
|
|||
cd $(dirname $0) |
|||
# update ip allowed |
|||
TRAEFIK_ALLOW_IP_FILE=conf/dynamic/allow_ip.yml |
|||
if [ ! -f "${TRAEFIK_ALLOW_IP_FILE}" ]; then |
|||
cat > "${TRAEFIK_ALLOW_IP_FILE}" <<EOF |
|||
http: |
|||
middlewares: |
|||
test-ipwhitelist: |
|||
ipWhiteList: |
|||
sourceRange: |
|||
# Remove ALLOWEDIP / FINALLOWEDIP flags to prevent proxy-gen to modify this |
|||
#ALLOWEDIP |
|||
- "0.0.0.0/0" |
|||
#FINALLOWEDIP |
|||
test-adminipwhitelist: |
|||
ipWhiteList: |
|||
sourceRange: |
|||
# Remove ADMINIP / FINADMINIP flags to prevent proxy-gen to modify this |
|||
#ADMINIP |
|||
- "0.0.0.0/0" |
|||
#FINADMINIP |
|||
EOF |
|||
fi |
|||
|
|||
# berk berk ... pour éviter d'avoir à maintenir le fichier traefik, on extrait les ip depuis les fichiers allow_admin_ip et allow_ip de nginx |
|||
if [[ -f ${ALLOW_ADMIN_IP_FILE} && -n $(grep -e '^\s*allow' ${ALLOW_ADMIN_IP_FILE}) ]]; then |
|||
sed -i 's/#ADMINIP/#ADMINIP\n #FINADMINIP\n#DELETE/' ${TRAEFIK_ALLOW_IP_FILE} |
|||
sed -i '/#DELETE/,/#FINADMINIP/d' ${TRAEFIK_ALLOW_IP_FILE} |
|||
grep -e '^\s*allow' ${ALLOW_ADMIN_IP_FILE} | awk '{print $2}' | sed 's/all/0.0.0.0\\\\\/0/;s/[^.0-9/]//g;s/\//\\\\\//g' | xargs -I '{}' sed -i "s/#ADMINIP/#ADMINIP\n - \"{}\"/" ${TRAEFIK_ALLOW_IP_FILE} |
|||
fi |
|||
if [[ -f ${ALLOW_IP_FILE} && -n $(grep -e '^\s*allow' ${ALLOW_IP_FILE}) ]]; then |
|||
sed -i 's/#ALLOWEDIP/#ALLOWEDIP\n #FINALLOWEDIP\n#DELETE/' ${TRAEFIK_ALLOW_IP_FILE} |
|||
sed -i '/#DELETE/,/#FINALLOWEDIP/d' ${TRAEFIK_ALLOW_IP_FILE} |
|||
grep -e '^\s*allow' ${ALLOW_IP_FILE} | awk '{print $2}' | sed 's/all/0.0.0.0\\\\\/0/;s/[^.0-9/]//g;s/\//\\\\\//g' | xargs -I '{}' sed -i "s/#ALLOWEDIP/#ALLOWEDIP\n - \"{}\"/" ${TRAEFIK_ALLOW_IP_FILE} |
|||
fi |
|||
|
|||
|
|||
CERTFILE_TMPL=conf/dynamic/certificates.yml.tmpl |
|||
CERTFILE=conf/dynamic/certificates.yml |
|||
if [ ! -f "${CERTFILE}" ]; then |
|||
cp "${CERTFILE_TMPL}" "${CERTFILE}" |
|||
case "${domain}" in |
|||
kaz.bzh) |
|||
SSL_CERT="/etc/ssl/certs/wildcard_${domain//./_}.chain.pem" |
|||
SSL_KEY="/etc/ssl/private/wildcard_${domain//./_}.key.pem" |
|||
;; |
|||
kaz.local) |
|||
SSL_CERT="/etc/letsencrypt/local/_wildcard.${domain}.pem" |
|||
SSL_KEY="/etc/letsencrypt/local/_wildcard.${domain}-key.pem" |
|||
;; |
|||
*) |
|||
SSL_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem" |
|||
SSL_KEY="/etc/letsencrypt/live/${domain}/privkey.pem" |
|||
;; |
|||
esac |
|||
|
|||
sed -i "s|__SSL_CERT__|${SSL_CERT}|g" ${CERTFILE} |
|||
sed -i "s|__SSL_KEY__|${SSL_KEY}|g" ${CERTFILE} |
|||
fi |
|||
|
|||
# cat > "${PROXY_PORT_CFG}" <<EOF |
|||
# listen 443 ssl http2; |
|||
|
|||
# ssl_certificate ${SSL_CERT}; |
|||
# ssl_certificate_key ${SSL_KEY}; |
|||
|
|||
# ssl_session_timeout 1d; |
|||
# ssl_protocols TLSv1.2 TLSv1.3; |
|||
# ssl_early_data on; |
|||
# ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; |
|||
# ssl_prefer_server_ciphers on; |
|||
# ssl_session_cache shared:SSL:50m; |
|||
# ssl_stapling on; |
|||
# ssl_stapling_verify on; |
|||
# EOF |
|||
#fi |
|||
|
|||
# update redirect |
|||
# PROXY_REDIRECT="${KAZ_CONF_PROXY_DIR}/redirect" |
|||
# if [ ! -f "${PROXY_REDIRECT}" ]; then |
|||
# cat > "${PROXY_REDIRECT}" <<EOF |
|||
# server { |
|||
# listen 80; |
|||
# return 301 https://\$host\$request_uri; |
|||
# } |
|||
|
|||
# # file |
|||
# server { |
|||
# listen 80; |
|||
# server_name file.${domain}; |
|||
# return 301 https://depot.${domain}\$request_uri; |
|||
# } |
|||
|
|||
# # cacl |
|||
# server { |
|||
# listen 80; |
|||
# server_name calc.${domain}; |
|||
# return 301 https://tableur.${domain}\$request_uri; |
|||
# } |
|||
|
|||
# # date |
|||
# server { |
|||
# listen 80; |
|||
# server_name date.${domain}; |
|||
# return 301 https://sondage.${domain}\$request_uri; |
|||
# } |
|||
|
|||
# # cloud |
|||
# server { |
|||
# listen 80; |
|||
# server_name bureau.${domain}; |
|||
# return 301 https://cloud.${domain}\$request_uri; |
|||
# } |
|||
|
|||
# # mattermost |
|||
# server { |
|||
# listen 80; |
|||
# server_name mattermost.${domain}; |
|||
# return 301 https://agora.${domain}\$request_uri; |
|||
# } |
|||
|
|||
# # dokuwiki |
|||
# server { |
|||
# listen 80; |
|||
# server_name dokuwiki.${domain}; |
|||
# return 301 https://wiki.${domain}\$request_uri; |
|||
# } |
|||
# EOF |
|||
# fi |
|||
|
|||
cd $(dirname $0) |
|||
|
|||
|
|||
[[ -f "${PASSFILE}" ]] || printf "${traefik_DASHBOARD_USER}:$( echo ${traefik_DASHBOARD_PASSWORD} | openssl passwd -apr1 -stdin)\n" >> ${PASSFILE} |
|||
[[ -f "${DOCKER_TMPL}" ]] || cp "${DOCKER_DIST}" "${DOCKER_TMPL}" |
|||
"${APPLY_TMPL}" -time "${DOCKER_TMPL}" "${DOCKER_CONF}" |
|||
# "${APPLY_TMPL}" -time "${NGINX_TMPL}" "${NGINX_CONF}" |
|||
|
|||
#("${KAZ_COMP_DIR}/web/web-gen.sh" ) & |
@ -0,0 +1,4 @@ |
|||
#!/bin/bash |
|||
|
|||
# Do nothing |
|||
# Théoriquement traefik gère tout seul sauf les changements dans le traefik.yml |
Loading…
Reference in new issue