From 5d9dc2f0211b222cd9b50900da7c606859cf0877 Mon Sep 17 00:00:00 2001 From: Ori Hoch Date: Fri, 26 Jan 2024 10:34:12 +0200 Subject: [PATCH] fix traefik http/https support --- apps/anyway/compose.yaml | 4 ---- apps/redash/compose.yaml | 2 -- apps/selenium/compose.yaml | 6 ++---- apps/traefik/.gitignore | 1 + apps/traefik/{dynamic_conf => }/anyway_redirects.yaml | 7 ++----- apps/traefik/compose.yaml | 10 +++++++++- apps/traefik/selenium_auth.yaml.template | 5 +++++ apps/traefik/traefik.yaml.template | 9 +++++++++ apps/vault/compose.yaml | 2 -- 9 files changed, 28 insertions(+), 18 deletions(-) create mode 100644 apps/traefik/.gitignore rename apps/traefik/{dynamic_conf => }/anyway_redirects.yaml (77%) create mode 100644 apps/traefik/selenium_auth.yaml.template diff --git a/apps/anyway/compose.yaml b/apps/anyway/compose.yaml index 043e415..f098130 100644 --- a/apps/anyway/compose.yaml +++ b/apps/anyway/compose.yaml @@ -120,8 +120,6 @@ services: - "traefik.enable=true" - "traefik.http.services.airflow-webserver.loadbalancer.server.port=8080" - "traefik.http.routers.airflow-webserver.rule=Host(`airflow.anyway.co.il`)" - - "traefik.http.routers.airflow-webserver.tls=true" - - "traefik.http.routers.airflow-webserver.tls.certresolver=dfc" reports: hostname: anyway-reports @@ -132,8 +130,6 @@ services: - "traefik.enable=true" - "traefik.http.services.anyway-reports.loadbalancer.server.port=80" - "traefik.http.routers.anyway-reports.rule=Host(`reports.anyway.co.il`)" - - "traefik.http.routers.anyway-reports.tls=true" - - "traefik.http.routers.anyway-reports.tls.certresolver=dfc" nginx: depends_on: diff --git a/apps/redash/compose.yaml b/apps/redash/compose.yaml index 7be60a0..e1c9bc5 100644 --- a/apps/redash/compose.yaml +++ b/apps/redash/compose.yaml @@ -64,8 +64,6 @@ services: - "traefik.enable=true" - "traefik.http.services.redash-nginx.loadbalancer.server.port=80" - "traefik.http.routers.redash-nginx.rule=Host(`redash.dataforchange.org.il`)" - - "traefik.http.routers.redash-nginx.tls=true" - - "traefik.http.routers.redash-nginx.tls.certresolver=dfc" # pulled Nov 1, 2021 image: redash/nginx:latest@sha256:4eaaa7af6476b0422058b0022661ad6129dfbf9065c506fb0904bbf0a16f2007 restart: unless-stopped diff --git a/apps/selenium/compose.yaml b/apps/selenium/compose.yaml index 16e71e8..80719c6 100644 --- a/apps/selenium/compose.yaml +++ b/apps/selenium/compose.yaml @@ -20,8 +20,7 @@ services: - "traefik.enable=true" - "traefik.http.services.selenium-chrome-node-nginx.loadbalancer.server.port=80" - "traefik.http.routers.selenium-chrome-node-nginx.rule=Host(`selenium.dataforchange.org.il`)" - - "traefik.http.routers.selenium-chrome-node-nginx.tls=true" - - "traefik.http.routers.selenium-chrome-node-nginx.tls.certresolver=dfc" + - "traefik.http.routers.selenium-chrome-node-nginx.middlewares=selenium-auth@file" image: nginx@sha256:63b44e8ddb83d5dd8020327c1f40436e37a6fffd3ef2498a6204df23be6e7e94 restart: unless-stopped volumes: @@ -37,8 +36,7 @@ services: - "traefik.enable=true" - "traefik.http.services.selenium-hub.loadbalancer.server.port=4444" - "traefik.http.routers.selenium-hub.rule=Host(`selenium-hub.dataforchange.org.il`)" - - "traefik.http.routers.selenium-hub.tls=true" - - "traefik.http.routers.selenium-hub.tls.certresolver=dfc" + - "traefik.http.routers.selenium-hub.middlewares=selenium-auth@file" networks: dfc: diff --git a/apps/traefik/.gitignore b/apps/traefik/.gitignore new file mode 100644 index 0000000..490334e --- /dev/null +++ b/apps/traefik/.gitignore @@ -0,0 +1 @@ +dynamic_conf diff --git a/apps/traefik/dynamic_conf/anyway_redirects.yaml b/apps/traefik/anyway_redirects.yaml similarity index 77% rename from apps/traefik/dynamic_conf/anyway_redirects.yaml rename to apps/traefik/anyway_redirects.yaml index cacb1b2..efa7624 100644 --- a/apps/traefik/dynamic_conf/anyway_redirects.yaml +++ b/apps/traefik/anyway_redirects.yaml @@ -1,12 +1,9 @@ http: routers: - my-router: + anyway-redirects: rule: "Host(`anyway.co.il`, `www.oway.org.il`, `oway.org.il`)" - middlewares: - - redirect-to-anyway + middlewares: [redirect-to-anyway] service: dummy-service - tls: - certResolver: letsencrypt middlewares: redirect-to-anyway: diff --git a/apps/traefik/compose.yaml b/apps/traefik/compose.yaml index 65824c6..e50b507 100644 --- a/apps/traefik/compose.yaml +++ b/apps/traefik/compose.yaml @@ -16,14 +16,22 @@ networks: dfc: external: true +x-pre-deploy: + - cp secrets/selenium_auth.yaml dynamic_conf/selenium_auth.yaml + x-on-file-change: - docker compose restart traefik x-files: - dynamic_conf/anyway_redirects.yaml: {} + anyway_redirects.yaml: + target: dynamic_conf/anyway_redirects.yaml x-secrets: files: traefik.yaml: values: ACME_EMAIL: "vault:projects/iac/letsencrypt:acme_email" + selenium_auth.yaml: + values: + SELENIUM_USERNAME: "vault:projects/k8s/selenium/secrets:hub-username" + SELENIUM_HASHED_PASSWORD: "vault:projects/k8s/selenium/secrets:hub-password-htpasswd" diff --git a/apps/traefik/selenium_auth.yaml.template b/apps/traefik/selenium_auth.yaml.template new file mode 100644 index 0000000..326ca05 --- /dev/null +++ b/apps/traefik/selenium_auth.yaml.template @@ -0,0 +1,5 @@ +http: + middlewares: + selenium-auth: + basicAuth: + users: "~SELENIUM_USERNAME~:~SELENIUM_HASHED_PASSWORD~" diff --git a/apps/traefik/traefik.yaml.template b/apps/traefik/traefik.yaml.template index 83d2852..d1a5585 100644 --- a/apps/traefik/traefik.yaml.template +++ b/apps/traefik/traefik.yaml.template @@ -7,8 +7,17 @@ providers: entryPoints: web: address: ":80" + http: + redirections: + entryPoint: + to: "websecure" + scheme: "https" + permanent: true websecure: address: ":443" + http: + tls: + certResolver: dfc log: level: INFO diff --git a/apps/vault/compose.yaml b/apps/vault/compose.yaml index ab1dc4f..366e97c 100644 --- a/apps/vault/compose.yaml +++ b/apps/vault/compose.yaml @@ -16,8 +16,6 @@ services: - "traefik.enable=true" - "traefik.http.services.vault.loadbalancer.server.port=8200" - "traefik.http.routers.vault.rule=Host(`vault.dataforchange.org.il`)" - - "traefik.http.routers.vault.tls=true" - - "traefik.http.routers.vault.tls.certresolver=dfc" healthcheck: start_period: 60s start_interval: 10s