Fanch
12 months ago
15 changed files with 1904 additions and 0 deletions
@ -0,0 +1 @@ |
|||||
|
../../config/dockers.env |
@ -0,0 +1,67 @@ |
|||||
|
version: '3' |
||||
|
|
||||
|
services: |
||||
|
|
||||
|
prometheus: |
||||
|
image: prom/prometheus:v2.15.2 |
||||
|
restart: unless-stopped |
||||
|
container_name: ${prometheusServName} |
||||
|
volumes: |
||||
|
- ./prometheus/:/etc/prometheus/ |
||||
|
- prometheus:/prometheus |
||||
|
- /etc/timezone:/etc/timezone:ro |
||||
|
- /etc/localtime:/etc/localtime:ro |
||||
|
command: |
||||
|
- "--web.route-prefix=/" |
||||
|
- "--web.external-url=https://${site}.${domain}/prometheus" |
||||
|
- "--config.file=/etc/prometheus/prometheus.yml" |
||||
|
- "--storage.tsdb.path=/prometheus" |
||||
|
- "--web.console.libraries=/usr/share/prometheus/console_libraries" |
||||
|
- "--web.console.templates=/usr/share/prometheus/consoles" |
||||
|
networks: |
||||
|
- traefikNet |
||||
|
labels: |
||||
|
- "traefik.enable=true" |
||||
|
- "traefik.http.routers.prometheus-secure.entrypoints=websecure" |
||||
|
- "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus" |
||||
|
- "traefik.http.routers.prometheus-secure.rule=Host(`${site}.${domain}`) && PathPrefix(`/prometheus`)" |
||||
|
# - "traefik.http.routers.prometheus-secure.tls=true" |
||||
|
- "traefik.http.routers.prometheus-secure.middlewares=prometheus-stripprefix,test-adminipwhitelist@file,traefik-auth" |
||||
|
- "traefik.http.routers.prometheus-secure.service=prometheus" |
||||
|
- "traefik.http.services.prometheus.loadbalancer.server.port=9090" |
||||
|
- "traefik.docker.network=traefikNet" |
||||
|
|
||||
|
grafana: |
||||
|
image: grafana/grafana:6.6.1 |
||||
|
restart: unless-stopped |
||||
|
container_name: ${grafanaServName} |
||||
|
volumes: |
||||
|
- grafana:/var/lib/grafana |
||||
|
- ./grafana/provisioning:/etc/grafana/provisioning |
||||
|
- /etc/timezone:/etc/timezone:ro |
||||
|
- /etc/localtime:/etc/localtime:ro |
||||
|
env_file: |
||||
|
- grafana.env |
||||
|
depends_on: |
||||
|
- prometheus |
||||
|
networks: |
||||
|
- traefikNet |
||||
|
labels: |
||||
|
- "traefik.enable=true" |
||||
|
- "traefik.http.routers.grafana-secure.entrypoints=websecure" |
||||
|
- "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana" |
||||
|
- "traefik.http.routers.grafana-secure.rule=Host(`${site}.${domain}`) && PathPrefix(`/grafana`)" |
||||
|
# - "traefik.http.routers.grafana-secure.tls=true" |
||||
|
- "traefik.http.routers.grafana-secure.service=grafana" |
||||
|
- "traefik.http.routers.grafana-secure.middlewares=grafana-stripprefix,test-adminipwhitelist@file,traefik-auth" |
||||
|
- "traefik.http.services.grafana.loadbalancer.server.port=3000" |
||||
|
- "traefik.docker.network=traefikNet" |
||||
|
|
||||
|
networks: |
||||
|
traefikNet: |
||||
|
external: true |
||||
|
name: traefikNet |
||||
|
|
||||
|
volumes: |
||||
|
prometheus: |
||||
|
grafana: |
@ -0,0 +1,6 @@ |
|||||
|
GF_AUTH_ANONYMOUS_ENABLED=true |
||||
|
GF_AUTH_BASIC_ENABLED=false |
||||
|
GF_AUTH_PROXY_ENABLED=false |
||||
|
GF_USERS_ALLOW_SIGN_UP=false |
||||
|
GF_INSTALL_PLUGINS=grafana-piechart-panel |
||||
|
GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s:%(http_port)s/grafana |
@ -0,0 +1,21 @@ |
|||||
|
apiVersion: 1 |
||||
|
|
||||
|
providers: |
||||
|
# <string> provider name |
||||
|
- name: 'default' |
||||
|
# <int> org id. will default to orgId 1 if not specified |
||||
|
orgId: 1 |
||||
|
# <string, required> name of the dashboard folder. Required |
||||
|
folder: '' |
||||
|
# <string> folder UID. will be automatically generated if not specified |
||||
|
folderUid: '' |
||||
|
# <string, required> provider type. Required |
||||
|
type: file |
||||
|
# <bool> disable dashboard deletion |
||||
|
disableDeletion: false |
||||
|
# <bool> enable dashboard editing |
||||
|
editable: true |
||||
|
# <int> how often Grafana will scan for changed dashboards |
||||
|
updateIntervalSeconds: 10 |
||||
|
options: |
||||
|
path: /etc/grafana/provisioning/dashboards |
File diff suppressed because it is too large
@ -0,0 +1,50 @@ |
|||||
|
# config file version |
||||
|
apiVersion: 1 |
||||
|
|
||||
|
# list of datasources that should be deleted from the database |
||||
|
deleteDatasources: |
||||
|
- name: Prometheus |
||||
|
orgId: 1 |
||||
|
|
||||
|
# list of datasources to insert/update depending |
||||
|
# whats available in the database |
||||
|
datasources: |
||||
|
# <string, required> name of the datasource. Required |
||||
|
- name: Prometheus |
||||
|
# <string, required> datasource type. Required |
||||
|
type: prometheus |
||||
|
# <string, required> access mode. direct or proxy. Required |
||||
|
access: proxy |
||||
|
# <int> org id. will default to orgId 1 if not specified |
||||
|
orgId: 1 |
||||
|
# <string> url |
||||
|
url: http://prometheus:9090 |
||||
|
# <string> database password, if used |
||||
|
password: |
||||
|
# <string> database user, if used |
||||
|
user: |
||||
|
# <string> database name, if used |
||||
|
database: |
||||
|
# <bool> enable/disable basic auth |
||||
|
basicAuth: false |
||||
|
# <string> basic auth username |
||||
|
basicAuthUser: |
||||
|
# <string> basic auth password |
||||
|
basicAuthPassword: |
||||
|
# <bool> enable/disable with credentials headers |
||||
|
withCredentials: |
||||
|
# <bool> mark as default datasource. Max one per org |
||||
|
isDefault: true |
||||
|
# <map> fields that will be converted to json and stored in json_data |
||||
|
jsonData: |
||||
|
graphiteVersion: "1.1" |
||||
|
tlsAuth: false |
||||
|
tlsAuthWithCACert: false |
||||
|
# <string> json object of data that will be encrypted. |
||||
|
secureJsonData: |
||||
|
tlsCACert: "..." |
||||
|
tlsClientCert: "..." |
||||
|
tlsClientKey: "..." |
||||
|
version: 1 |
||||
|
# <bool> allow users to edit datasources from the UI. |
||||
|
editable: true |
@ -0,0 +1,11 @@ |
|||||
|
groups: |
||||
|
- name: traefik |
||||
|
rules: |
||||
|
- alert: service_down |
||||
|
expr: up == 0 |
||||
|
for: 2m |
||||
|
labels: |
||||
|
severity: page |
||||
|
annotations: |
||||
|
summary: "Instance {{ $labels.instance }} down" |
||||
|
description: "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 2 minutes" |
@ -0,0 +1,12 @@ |
|||||
|
global: |
||||
|
scrape_interval: 15s |
||||
|
evaluation_interval: 15s |
||||
|
|
||||
|
rule_files: |
||||
|
- 'alert.rules' |
||||
|
|
||||
|
scrape_configs: |
||||
|
- job_name: 'traefik' |
||||
|
scrape_interval: 5s |
||||
|
static_configs: |
||||
|
- targets: ['dashboard.kaz.sns:8289','dashboard2.kaz.sns:8289'] |
@ -0,0 +1 @@ |
|||||
|
../../config/dockers.env |
@ -0,0 +1,20 @@ |
|||||
|
#tls: |
||||
|
# certificates: |
||||
|
# - certFile: __SSL_CERT__ |
||||
|
# keyFile: __SSL_KEY__ |
||||
|
# |
||||
|
# stores: |
||||
|
# default: |
||||
|
# defaultCertificate: |
||||
|
# certFile: __SSL_CERT__ |
||||
|
# keyFile: __SSL_KEY__ |
||||
|
# options: |
||||
|
# default: |
||||
|
# minVersion: VersionTLS12 |
||||
|
# cipherSuites: |
||||
|
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
||||
|
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
||||
|
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 |
||||
|
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
||||
|
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 |
||||
|
# - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 |
@ -0,0 +1,11 @@ |
|||||
|
# http: |
||||
|
# middlewares: |
||||
|
# redirect-to-https: |
||||
|
# redirectscheme: |
||||
|
# scheme: https |
||||
|
# permanent: true |
||||
|
# routers: |
||||
|
# http-catchall: |
||||
|
# rule: "HostRegexp(`{host:.+}`)" |
||||
|
# middlewares: redirect-to-https |
||||
|
# service: noop@internal |
@ -0,0 +1,54 @@ |
|||||
|
providers: |
||||
|
file: |
||||
|
directory: "/etc/traefik/dynamic" |
||||
|
watch: true |
||||
|
docker: {} |
||||
|
|
||||
|
entryPoints: |
||||
|
web: |
||||
|
address: ":80" |
||||
|
websecure: |
||||
|
address: ":443" |
||||
|
http: |
||||
|
tls: |
||||
|
certResolver: letsencrypt |
||||
|
# Ajout d'un point d'entrée sur le port 8289 |
||||
|
metrics: |
||||
|
address: ":8289" |
||||
|
|
||||
|
#serversTransport: |
||||
|
# rootCAs: |
||||
|
# - /etc/letsencrypt/local/rootCA.pem |
||||
|
|
||||
|
|
||||
|
api: |
||||
|
dashboard: true |
||||
|
|
||||
|
accessLog: |
||||
|
filePath: "/var/log/traefik/access.log" |
||||
|
format: json |
||||
|
|
||||
|
certificatesresolvers: |
||||
|
letsencrypt: |
||||
|
acme: |
||||
|
# email: sysadmins@kaz.bzh |
||||
|
storage: /letsencrypt/acme.json |
||||
|
# caServer: "https://acme-staging.api.letsencrypt.org/directory" |
||||
|
httpChallenge: |
||||
|
entryPoint: web |
||||
|
|
||||
|
# Ajout de la partie métrique qui concerne Prometheus |
||||
|
metrics: |
||||
|
prometheus: |
||||
|
# Nom du point d'entrée défini au dessus |
||||
|
entryPoint: metrics |
||||
|
# On configure la latence des métriques |
||||
|
buckets: |
||||
|
- 0.1 |
||||
|
- 0.3 |
||||
|
- 1.2 |
||||
|
- 5.0 |
||||
|
# Ajout des métriques sur les points d'entrée |
||||
|
addEntryPointsLabels: true |
||||
|
# Ajout des services |
||||
|
addServicesLabels: true |
@ -0,0 +1,188 @@ |
|||||
|
version: '3' |
||||
|
|
||||
|
services: |
||||
|
reverse-proxy: |
||||
|
# The official v2 Traefik docker image |
||||
|
image: traefik:v2.10 |
||||
|
container_name: ${traefikServName} |
||||
|
# Enables the web UI and tells Traefik to listen to docker |
||||
|
ports: |
||||
|
# The HTTP port |
||||
|
- ${MAIN_IP}:80:80 |
||||
|
- ${MAIN_IP}:443:443 |
||||
|
# The Web UI (enabled by --api.insecure=true) |
||||
|
# - ${MAIN_IP}:8289:8289 |
||||
|
volumes: |
||||
|
# So that Traefik can listen to the Docker events |
||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro |
||||
|
- ./conf:/etc/traefik/ |
||||
|
- letsencrypt:/letsencrypt |
||||
|
environment: |
||||
|
- TRAEFIK_PROVIDERS_DOCKER=true |
||||
|
- TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false |
||||
|
- TRAEFIK_API=true |
||||
|
- TRAEFIK_PROVIDERS_FILE_DIRECTORY=/etc/traefik/dynamic |
||||
|
- TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80 |
||||
|
- TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=websecure |
||||
|
- TRAEFIK_ENTRYPOINTS_websecure_ADDRESS=:443 |
||||
|
- TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_CERTRESOLVER=letsencrypt |
||||
|
#- TRAEFIK_ENTRYPOINTS_metrics_ADDRESS=:8289 |
||||
|
#- TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT=metrics |
||||
|
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=postmaster@${domain} |
||||
|
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server} |
||||
|
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json |
||||
|
- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_TLSCHALLENGE=true |
||||
|
- TRAEFIK_LOG_LEVEL=INFO |
||||
|
#- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_HTTPCHALLENGE=true |
||||
|
#- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_HTTPCHALLENGE_ENTRYPOINT=web |
||||
|
labels: |
||||
|
- "traefik.enable=true" |
||||
|
- "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`)" |
||||
|
- "traefik.http.routers.traefik_https.entrypoints=websecure" |
||||
|
# - "traefik.http.routers.traefik_https.tls=true" |
||||
|
- "traefik.http.routers.traefik_https.service=api@internal" |
||||
|
- "traefik.http.routers.traefik_https.middlewares=test-adminipwhitelist@file,traefik-auth" |
||||
|
# - "traefik.http.routers.traefik_https.tls.certresolver=letsencrypt" |
||||
|
- "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/passfile" |
||||
|
networks: |
||||
|
- traefikNet |
||||
|
{{web |
||||
|
- webNet |
||||
|
}} |
||||
|
{{jirafeau |
||||
|
- jirafeauNet |
||||
|
}} |
||||
|
{{ethercalc |
||||
|
- ethercalcNet |
||||
|
}} |
||||
|
{{etherpad |
||||
|
- etherpadNet |
||||
|
}} |
||||
|
{{framadate |
||||
|
- framadateNet |
||||
|
}} |
||||
|
{{ldap |
||||
|
- ldapNet |
||||
|
}} |
||||
|
{{mobilizon |
||||
|
- mobilizonNet |
||||
|
}} |
||||
|
{{cloud |
||||
|
- cloudNet |
||||
|
}} |
||||
|
{{collabora |
||||
|
- collaboraNet |
||||
|
}} |
||||
|
{{garradin |
||||
|
- garradinNet |
||||
|
}} |
||||
|
{{mattermost |
||||
|
- mattermostNet |
||||
|
}} |
||||
|
{{roundcube |
||||
|
- roundcubeNet |
||||
|
}} |
||||
|
{{gitea |
||||
|
- giteaNet |
||||
|
}} |
||||
|
{{dokuwiki |
||||
|
- dokuwikiNet |
||||
|
}} |
||||
|
{{postfix |
||||
|
- postfixNet |
||||
|
}} |
||||
|
{{vaultwarden |
||||
|
- vaultwardenNet |
||||
|
}} |
||||
|
#### BEGIN ORGA USE_NET |
||||
|
#### END ORGA USE_NET |
||||
|
|
||||
|
networks: |
||||
|
traefikNet: |
||||
|
external: true |
||||
|
name: traefikNet |
||||
|
{{web |
||||
|
webNet: |
||||
|
external: true |
||||
|
name: webNet |
||||
|
}} |
||||
|
{{jirafeau |
||||
|
jirafeauNet: |
||||
|
external: true |
||||
|
name: jirafeauNet |
||||
|
}} |
||||
|
{{ethercalc |
||||
|
ethercalcNet: |
||||
|
external: true |
||||
|
name: ethercalcNet |
||||
|
}} |
||||
|
{{etherpad |
||||
|
etherpadNet: |
||||
|
external: true |
||||
|
name: etherpadNet |
||||
|
}} |
||||
|
{{framadate |
||||
|
framadateNet: |
||||
|
external: true |
||||
|
name: framadateNet |
||||
|
}} |
||||
|
{{ldap |
||||
|
ldapNet: |
||||
|
external: true |
||||
|
name: ldapNet |
||||
|
}} |
||||
|
{{mobilizon |
||||
|
mobilizonNet: |
||||
|
external: true |
||||
|
name: mobilizonNet |
||||
|
}} |
||||
|
{{cloud |
||||
|
cloudNet: |
||||
|
external: true |
||||
|
name: cloudNet |
||||
|
}} |
||||
|
{{collabora |
||||
|
collaboraNet: |
||||
|
external: true |
||||
|
name: collaboraNet |
||||
|
}} |
||||
|
{{garradin |
||||
|
garradinNet: |
||||
|
external: true |
||||
|
name: garradinNet |
||||
|
}} |
||||
|
{{mattermost |
||||
|
mattermostNet: |
||||
|
external: true |
||||
|
name: mattermostNet |
||||
|
}} |
||||
|
{{roundcube |
||||
|
roundcubeNet: |
||||
|
external: true |
||||
|
name: roundcubeNet |
||||
|
}} |
||||
|
{{gitea |
||||
|
giteaNet: |
||||
|
external: true |
||||
|
name: giteaNet |
||||
|
}} |
||||
|
{{dokuwiki |
||||
|
dokuwikiNet: |
||||
|
external: true |
||||
|
name: dokuwikiNet |
||||
|
}} |
||||
|
{{postfix |
||||
|
postfixNet: |
||||
|
external: true |
||||
|
name: postfixNet |
||||
|
}} |
||||
|
{{vaultwarden |
||||
|
vaultwardenNet: |
||||
|
external: true |
||||
|
name: vaultwardenNet |
||||
|
}} |
||||
|
#### BEGIN ORGA DEF_NET |
||||
|
#### END ORGA DEF_NET |
||||
|
|
||||
|
volumes: |
||||
|
letsencrypt: |
@ -0,0 +1,165 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
KAZ_ROOT=$(cd "$(dirname $0)/../.."; pwd) |
||||
|
. "${KAZ_ROOT}/bin/.commonFunctions.sh" |
||||
|
setKazVars |
||||
|
. "${DOCKERS_ENV}" |
||||
|
. "${KAZ_ROOT}/secret/SetAllPass.sh" |
||||
|
|
||||
|
printKazMsg "\n *** Proxy update config" |
||||
|
|
||||
|
#NGINX_TMPL=config/nginx.tmpl.conf |
||||
|
#NGINX_CONF=config/nginx.conf |
||||
|
DOCKER_DIST=docker-compose.tmpl.yml.dist |
||||
|
DOCKER_TMPL=docker-compose.tmpl.yml |
||||
|
DOCKER_CONF=docker-compose.yml |
||||
|
PASSFILE=conf/passfile |
||||
|
|
||||
|
ALLOW_ADMIN_IP_FILE="/kaz/secret/allow_admin_ip" |
||||
|
ALLOW_IP_FILE="/kaz/config/proxy/allow_ip" |
||||
|
|
||||
|
# TODO |
||||
|
# for service in agora cloud garradin wiki wp; do |
||||
|
# touch "${KAZ_CONF_PROXY_DIR}/${service}_kaz_map" |
||||
|
# touch "${KAZ_CONF_PROXY_DIR}/${service}_kaz_name" |
||||
|
# done |
||||
|
|
||||
|
cd $(dirname $0) |
||||
|
# update ip allowed |
||||
|
TRAEFIK_ALLOW_IP_FILE=conf/dynamic/allow_ip.yml |
||||
|
if [ ! -f "${TRAEFIK_ALLOW_IP_FILE}" ]; then |
||||
|
cat > "${TRAEFIK_ALLOW_IP_FILE}" <<EOF |
||||
|
http: |
||||
|
middlewares: |
||||
|
test-ipwhitelist: |
||||
|
ipWhiteList: |
||||
|
sourceRange: |
||||
|
# Remove ALLOWEDIP / FINALLOWEDIP flags to prevent proxy-gen to modify this |
||||
|
#ALLOWEDIP |
||||
|
- "0.0.0.0/0" |
||||
|
#FINALLOWEDIP |
||||
|
test-adminipwhitelist: |
||||
|
ipWhiteList: |
||||
|
sourceRange: |
||||
|
# Remove ADMINIP / FINADMINIP flags to prevent proxy-gen to modify this |
||||
|
#ADMINIP |
||||
|
- "0.0.0.0/0" |
||||
|
#FINADMINIP |
||||
|
EOF |
||||
|
fi |
||||
|
|
||||
|
# berk berk ... pour éviter d'avoir à maintenir le fichier traefik, on extrait les ip depuis les fichiers allow_admin_ip et allow_ip de nginx |
||||
|
if [[ -f ${ALLOW_ADMIN_IP_FILE} && -n $(grep -e '^\s*allow' ${ALLOW_ADMIN_IP_FILE}) ]]; then |
||||
|
sed -i 's/#ADMINIP/#ADMINIP\n #FINADMINIP\n#DELETE/' ${TRAEFIK_ALLOW_IP_FILE} |
||||
|
sed -i '/#DELETE/,/#FINADMINIP/d' ${TRAEFIK_ALLOW_IP_FILE} |
||||
|
grep -e '^\s*allow' ${ALLOW_ADMIN_IP_FILE} | awk '{print $2}' | sed 's/all/0.0.0.0\\\\\/0/;s/[^.0-9/]//g;s/\//\\\\\//g' | xargs -I '{}' sed -i "s/#ADMINIP/#ADMINIP\n - \"{}\"/" ${TRAEFIK_ALLOW_IP_FILE} |
||||
|
fi |
||||
|
if [[ -f ${ALLOW_IP_FILE} && -n $(grep -e '^\s*allow' ${ALLOW_IP_FILE}) ]]; then |
||||
|
sed -i 's/#ALLOWEDIP/#ALLOWEDIP\n #FINALLOWEDIP\n#DELETE/' ${TRAEFIK_ALLOW_IP_FILE} |
||||
|
sed -i '/#DELETE/,/#FINALLOWEDIP/d' ${TRAEFIK_ALLOW_IP_FILE} |
||||
|
grep -e '^\s*allow' ${ALLOW_IP_FILE} | awk '{print $2}' | sed 's/all/0.0.0.0\\\\\/0/;s/[^.0-9/]//g;s/\//\\\\\//g' | xargs -I '{}' sed -i "s/#ALLOWEDIP/#ALLOWEDIP\n - \"{}\"/" ${TRAEFIK_ALLOW_IP_FILE} |
||||
|
fi |
||||
|
|
||||
|
|
||||
|
CERTFILE_TMPL=conf/dynamic/certificates.yml.tmpl |
||||
|
CERTFILE=conf/dynamic/certificates.yml |
||||
|
if [ ! -f "${CERTFILE}" ]; then |
||||
|
cp "${CERTFILE_TMPL}" "${CERTFILE}" |
||||
|
case "${domain}" in |
||||
|
kaz.bzh) |
||||
|
SSL_CERT="/etc/ssl/certs/wildcard_${domain//./_}.chain.pem" |
||||
|
SSL_KEY="/etc/ssl/private/wildcard_${domain//./_}.key.pem" |
||||
|
;; |
||||
|
kaz.local) |
||||
|
SSL_CERT="/etc/letsencrypt/local/_wildcard.${domain}.pem" |
||||
|
SSL_KEY="/etc/letsencrypt/local/_wildcard.${domain}-key.pem" |
||||
|
;; |
||||
|
*) |
||||
|
SSL_CERT="/etc/letsencrypt/live/${domain}/fullchain.pem" |
||||
|
SSL_KEY="/etc/letsencrypt/live/${domain}/privkey.pem" |
||||
|
;; |
||||
|
esac |
||||
|
|
||||
|
sed -i "s|__SSL_CERT__|${SSL_CERT}|g" ${CERTFILE} |
||||
|
sed -i "s|__SSL_KEY__|${SSL_KEY}|g" ${CERTFILE} |
||||
|
fi |
||||
|
|
||||
|
# cat > "${PROXY_PORT_CFG}" <<EOF |
||||
|
# listen 443 ssl http2; |
||||
|
|
||||
|
# ssl_certificate ${SSL_CERT}; |
||||
|
# ssl_certificate_key ${SSL_KEY}; |
||||
|
|
||||
|
# ssl_session_timeout 1d; |
||||
|
# ssl_protocols TLSv1.2 TLSv1.3; |
||||
|
# ssl_early_data on; |
||||
|
# ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'; |
||||
|
# ssl_prefer_server_ciphers on; |
||||
|
# ssl_session_cache shared:SSL:50m; |
||||
|
# ssl_stapling on; |
||||
|
# ssl_stapling_verify on; |
||||
|
# EOF |
||||
|
#fi |
||||
|
|
||||
|
# update redirect |
||||
|
# PROXY_REDIRECT="${KAZ_CONF_PROXY_DIR}/redirect" |
||||
|
# if [ ! -f "${PROXY_REDIRECT}" ]; then |
||||
|
# cat > "${PROXY_REDIRECT}" <<EOF |
||||
|
# server { |
||||
|
# listen 80; |
||||
|
# return 301 https://\$host\$request_uri; |
||||
|
# } |
||||
|
|
||||
|
# # file |
||||
|
# server { |
||||
|
# listen 80; |
||||
|
# server_name file.${domain}; |
||||
|
# return 301 https://depot.${domain}\$request_uri; |
||||
|
# } |
||||
|
|
||||
|
# # cacl |
||||
|
# server { |
||||
|
# listen 80; |
||||
|
# server_name calc.${domain}; |
||||
|
# return 301 https://tableur.${domain}\$request_uri; |
||||
|
# } |
||||
|
|
||||
|
# # date |
||||
|
# server { |
||||
|
# listen 80; |
||||
|
# server_name date.${domain}; |
||||
|
# return 301 https://sondage.${domain}\$request_uri; |
||||
|
# } |
||||
|
|
||||
|
# # cloud |
||||
|
# server { |
||||
|
# listen 80; |
||||
|
# server_name bureau.${domain}; |
||||
|
# return 301 https://cloud.${domain}\$request_uri; |
||||
|
# } |
||||
|
|
||||
|
# # mattermost |
||||
|
# server { |
||||
|
# listen 80; |
||||
|
# server_name mattermost.${domain}; |
||||
|
# return 301 https://agora.${domain}\$request_uri; |
||||
|
# } |
||||
|
|
||||
|
# # dokuwiki |
||||
|
# server { |
||||
|
# listen 80; |
||||
|
# server_name dokuwiki.${domain}; |
||||
|
# return 301 https://wiki.${domain}\$request_uri; |
||||
|
# } |
||||
|
# EOF |
||||
|
# fi |
||||
|
|
||||
|
cd $(dirname $0) |
||||
|
|
||||
|
|
||||
|
[[ -f "${PASSFILE}" ]] || printf "${traefik_DASHBOARD_USER}:$( echo ${traefik_DASHBOARD_PASSWORD} | openssl passwd -apr1 -stdin)\n" >> ${PASSFILE} |
||||
|
[[ -f "${DOCKER_TMPL}" ]] || cp "${DOCKER_DIST}" "${DOCKER_TMPL}" |
||||
|
"${APPLY_TMPL}" -time "${DOCKER_TMPL}" "${DOCKER_CONF}" |
||||
|
# "${APPLY_TMPL}" -time "${NGINX_TMPL}" "${NGINX_CONF}" |
||||
|
|
||||
|
#("${KAZ_COMP_DIR}/web/web-gen.sh" ) & |
@ -0,0 +1,4 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
# Do nothing |
||||
|
# Théoriquement traefik gère tout seul sauf les changements dans le traefik.yml |
Loading…
Reference in new issue