Skip to content

Commit

Permalink
fix traefik http/https support
Browse files Browse the repository at this point in the history
  • Loading branch information
@OriHoch
OriHoch committed Jan 26, 2024
1 parent 7f18b32 commit 5d9dc2f
Show file tree
Hide file tree
Showing 9 changed files with 28 additions and 18 deletions.
4 changes: 0 additions & 4 deletions apps/anyway/compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,8 +120,6 @@ services:
- "traefik.enable=true"
- "traefik.http.services.airflow-webserver.loadbalancer.server.port=8080"
- "traefik.http.routers.airflow-webserver.rule=Host(`airflow.anyway.co.il`)"
- "traefik.http.routers.airflow-webserver.tls=true"
- "traefik.http.routers.airflow-webserver.tls.certresolver=dfc"

reports:
hostname: anyway-reports
Expand All @@ -132,8 +130,6 @@ services:
- "traefik.enable=true"
- "traefik.http.services.anyway-reports.loadbalancer.server.port=80"
- "traefik.http.routers.anyway-reports.rule=Host(`reports.anyway.co.il`)"
- "traefik.http.routers.anyway-reports.tls=true"
- "traefik.http.routers.anyway-reports.tls.certresolver=dfc"

nginx:
depends_on:
Expand Down
2 changes: 0 additions & 2 deletions apps/redash/compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,8 +64,6 @@ services:
- "traefik.enable=true"
- "traefik.http.services.redash-nginx.loadbalancer.server.port=80"
- "traefik.http.routers.redash-nginx.rule=Host(`redash.dataforchange.org.il`)"
- "traefik.http.routers.redash-nginx.tls=true"
- "traefik.http.routers.redash-nginx.tls.certresolver=dfc"
# pulled Nov 1, 2021
image: redash/nginx:latest@sha256:4eaaa7af6476b0422058b0022661ad6129dfbf9065c506fb0904bbf0a16f2007
restart: unless-stopped
Expand Down
6 changes: 2 additions & 4 deletions apps/selenium/compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ services:
- "traefik.enable=true"
- "traefik.http.services.selenium-chrome-node-nginx.loadbalancer.server.port=80"
- "traefik.http.routers.selenium-chrome-node-nginx.rule=Host(`selenium.dataforchange.org.il`)"
- "traefik.http.routers.selenium-chrome-node-nginx.tls=true"
- "traefik.http.routers.selenium-chrome-node-nginx.tls.certresolver=dfc"
- "traefik.http.routers.selenium-chrome-node-nginx.middlewares=selenium-auth@file"
image: nginx@sha256:63b44e8ddb83d5dd8020327c1f40436e37a6fffd3ef2498a6204df23be6e7e94
restart: unless-stopped
volumes:
Expand All @@ -37,8 +36,7 @@ services:
- "traefik.enable=true"
- "traefik.http.services.selenium-hub.loadbalancer.server.port=4444"
- "traefik.http.routers.selenium-hub.rule=Host(`selenium-hub.dataforchange.org.il`)"
- "traefik.http.routers.selenium-hub.tls=true"
- "traefik.http.routers.selenium-hub.tls.certresolver=dfc"
- "traefik.http.routers.selenium-hub.middlewares=selenium-auth@file"

networks:
dfc:
Expand Down
1 change: 1 addition & 0 deletions apps/traefik/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
dynamic_conf
7 changes: 2 additions & 5 deletions ...raefik/dynamic_conf/anyway_redirects.yaml → apps/traefik/anyway_redirects.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,9 @@
http:
routers:
my-router:
anyway-redirects:
rule: "Host(`anyway.co.il`, `www.oway.org.il`, `oway.org.il`)"
middlewares:
- redirect-to-anyway
middlewares: [redirect-to-anyway]
service: dummy-service
tls:
certResolver: letsencrypt

middlewares:
redirect-to-anyway:
Expand Down
10 changes: 9 additions & 1 deletion apps/traefik/compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,22 @@ networks:
dfc:
external: true

x-pre-deploy:
- cp secrets/selenium_auth.yaml dynamic_conf/selenium_auth.yaml

x-on-file-change:
- docker compose restart traefik

x-files:
dynamic_conf/anyway_redirects.yaml: {}
anyway_redirects.yaml:
target: dynamic_conf/anyway_redirects.yaml

x-secrets:
files:
traefik.yaml:
values:
ACME_EMAIL: "vault:projects/iac/letsencrypt:acme_email"
selenium_auth.yaml:
values:
SELENIUM_USERNAME: "vault:projects/k8s/selenium/secrets:hub-username"
SELENIUM_HASHED_PASSWORD: "vault:projects/k8s/selenium/secrets:hub-password-htpasswd"
5 changes: 5 additions & 0 deletions apps/traefik/selenium_auth.yaml.template
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
http:
middlewares:
selenium-auth:
basicAuth:
users: "~SELENIUM_USERNAME~:~SELENIUM_HASHED_PASSWORD~"
9 changes: 9 additions & 0 deletions apps/traefik/traefik.yaml.template
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,17 @@ providers:
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: "websecure"
scheme: "https"
permanent: true
websecure:
address: ":443"
http:
tls:
certResolver: dfc

log:
level: INFO
Expand Down
2 changes: 0 additions & 2 deletions apps/vault/compose.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,6 @@ services:
- "traefik.enable=true"
- "traefik.http.services.vault.loadbalancer.server.port=8200"
- "traefik.http.routers.vault.rule=Host(`vault.dataforchange.org.il`)"
- "traefik.http.routers.vault.tls=true"
- "traefik.http.routers.vault.tls.certresolver=dfc"
healthcheck:
start_period: 60s
start_interval: 10s
Expand Down

0 comments on commit 5d9dc2f

Please sign in to comment.