diff --git a/docker-compose.yml b/docker-compose.yml
index b423184..8d4a7d3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,26 +1,10 @@
services:
- nginx:
- image: nginx:alpine
- ports:
- - "80:80"
- - "443:443"
- volumes:
- - ./nginx.conf:/etc/nginx/nginx.conf:ro
- - ./docker/data/certbot/conf:/etc/letsencrypt
- - ./docker/data/certbot/www:/var/www/certbot
- depends_on:
- - app
- networks:
- - app-network
- restart: unless-stopped
app:
build:
context: .
dockerfile: Dockerfile
-# ports:
-# - "${PORT}:${PORT}"
- expose:
- - "${PORT}"
+ ports:
+ - "${PORT}:${PORT}"
environment:
- ENV=${ENV}
- HOST=${HOST}
@@ -50,6 +34,26 @@ services:
restart: unless-stopped
networks:
- app-network
+ labels:
+ - "traefik.enable=true"
+ - "traefik.http.routers.app.rule=Host(`${HOST}`)"
+ - "traefik.http.routers.app.entrypoints=websecure"
+ - "traefik.http.routers.app.tls.certresolver=le"
+ - "traefik.http.services.app.loadbalancer.server.port=${PORT}"
+ - "traefik.http.routers.app.middlewares=websocket"
+
+ traefik:
+ image: traefik:v2.10
+ ports:
+ - "80:80"
+ - "443:443"
+ - "8080:8080"
+ volumes:
+ - traefik_data:/data
+ - ./traefik.toml:/etc/traefik/traefik.toml
+ restart: unless-stopped
+ networks:
+ - app-network
mariadb:
image: mariadb:lts
@@ -86,4 +90,5 @@ volumes:
app-public:
app-logs:
mariadb-data:
- redis-data:
\ No newline at end of file
+ redis-data:
+ traefik_data:
\ No newline at end of file
diff --git a/nginx.conf b/nginx.conf
deleted file mode 100644
index 8ce9ffc..0000000
--- a/nginx.conf
+++ /dev/null
@@ -1,41 +0,0 @@
-events {
- worker_connections 1024;
-}
-
-http {
- upstream socketio_backend {
- server app:${PORT};
- }
-
- server {
- listen 80;
- server_name ${HOST};
-
- location /.well-known/acme-challenge/ {
- root /var/www/certbot;
- }
-
- location / {
- return 301 https://$host$request_uri;
- }
- }
-
- server {
- listen 443 ssl;
- server_name ${HOST};
-
- ssl_certificate /etc/letsencrypt/live/${HOST}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/${HOST}/privkey.pem;
-
- location / {
- proxy_pass http://socketio_backend;
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- }
- }
-}
\ No newline at end of file
diff --git a/traefik.toml b/traefik.toml
new file mode 100644
index 0000000..df463ac
--- /dev/null
+++ b/traefik.toml
@@ -0,0 +1,59 @@
+[entryPoints]
+ [entryPoints.web]
+ address = ":80"
+ [entryPoints.web.http.redirections.entryPoint]
+ to = "websecure"
+ scheme = "https"
+
+ [entryPoints.websecure]
+ address = ":443"
+
+[providers.docker]
+ endpoint = "unix:///var/run/docker.sock"
+ exposedByDefault = false
+
+[certificatesResolvers.le.acme]
+ email = "your-email@example.com"
+ storage = "/data/acme.json"
+ [certificatesResolvers.le.acme.tlsChallenge]
+
+[api]
+ dashboard = true
+
+[ping] # Health check
+ entryPoint = "websecure"
+
+[http.routers.api]
+ rule = "PathPrefix(`/api`)"
+ service = "api"
+ entryPoints = ["websecure"]
+
+[http.services.api.loadBalancer]
+ [[http.services.api.loadBalancer.servers]]
+ url = "http://app:${PORT}"
+
+# Added for websocket
+[http.services.app.loadBalancer]
+ sticky = true
+ [[http.services.app.loadBalancer.servers]]
+ url = "http://app:${PORT}"
+
+# Added for websocket
+[http.routers.app]
+ rule = "Host(`${HOST}`)"
+ entrypoints = ["websecure"]
+ service = "app"
+
+ [http.routers.app.tls]
+ certresolver = "le"
+
+ [http.routers.app.middlewares]
+ # Enable websockets
+ - "websocket"
+
+[http.middlewares]
+ [http.middlewares.websocket.headers]
+ accessControlAllowHeaders = ["Origin", "Content-Type", "Accept", "Authorization"]
+ accessControlAllowMethods = ["GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]
+ accessControlAllowOrigin = ["*"]
+ accessControlExposeHeaders = ["Content-Length", "Content-Range"]
\ No newline at end of file