imshvc/noxious_server
1
0
Fork 0
forked from noxious/server
Code Pull Requests Activity

Added traefik

Browse Source
This commit is contained in:
Dennis Postma 2025-02-08 14:56:39 +01:00
parent daca3d306d
commit ee4eca6db3
3 changed files with 83 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
docker-compose.yml
View File

@ -1,26 +1,10 @@
services:
nginx:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ./docker/data/certbot/conf:/etc/letsencrypt
- ./docker/data/certbot/www:/var/www/certbot
depends_on:
- app
networks:
- app-network
restart: unless-stopped
app:
build:
context: .
dockerfile: Dockerfile
# ports:
# - "${PORT}:${PORT}"
expose:
- "${PORT}"
ports:
- "${PORT}:${PORT}"
environment:
- ENV=${ENV}
- HOST=${HOST}
@ -50,6 +34,26 @@ services:
restart: unless-stopped
networks:
- app-network
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`${HOST}`)"
- "traefik.http.routers.app.entrypoints=websecure"
- "traefik.http.routers.app.tls.certresolver=le"
- "traefik.http.services.app.loadbalancer.server.port=${PORT}"
- "traefik.http.routers.app.middlewares=websocket"
traefik:
image: traefik:v2.10
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- traefik_data:/data
- ./traefik.toml:/etc/traefik/traefik.toml
restart: unless-stopped
networks:
- app-network
mariadb:
image: mariadb:lts
@ -87,3 +91,4 @@ volumes:
app-logs:
mariadb-data:
redis-data:
traefik_data:

41
nginx.conf
View File

@ -1,41 +0,0 @@
events {
worker_connections 1024;
}
http {
upstream socketio_backend {
server app:${PORT};
}
server {
listen 80;
server_name ${HOST};
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name ${HOST};
ssl_certificate /etc/letsencrypt/live/${HOST}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${HOST}/privkey.pem;
location / {
proxy_pass http://socketio_backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}

59
traefik.toml Normal file
View File

@ -0,0 +1,59 @@
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
exposedByDefault = false
[certificatesResolvers.le.acme]
email = "your-email@example.com"
storage = "/data/acme.json"
[certificatesResolvers.le.acme.tlsChallenge]
[api]
dashboard = true
[ping] # Health check
entryPoint = "websecure"
[http.routers.api]
rule = "PathPrefix(`/api`)"
service = "api"
entryPoints = ["websecure"]
[http.services.api.loadBalancer]
[[http.services.api.loadBalancer.servers]]
url = "http://app:${PORT}"
# Added for websocket
[http.services.app.loadBalancer]
sticky = true
[[http.services.app.loadBalancer.servers]]
url = "http://app:${PORT}"
# Added for websocket
[http.routers.app]
rule = "Host(`${HOST}`)"
entrypoints = ["websecure"]
service = "app"
[http.routers.app.tls]
certresolver = "le"
[http.routers.app.middlewares]
# Enable websockets
- "websocket"
[http.middlewares]
[http.middlewares.websocket.headers]
accessControlAllowHeaders = ["Origin", "Content-Type", "Accept", "Authorization"]
accessControlAllowMethods = ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
accessControlAllowOrigin = ["*"]
accessControlExposeHeaders = ["Content-Length", "Content-Range"]