Remove unused certificates and update Traefik configuration

H1B0B0 · Jan 31, 2024 · 22e3007 · 22e3007
1 parent 5a19586
commit 22e3007
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 98 deletions.
diff --git a/cert.pem b/cert.pem
diff --git a/certificates.yml b/certificates.yml
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,24 +1,19 @@
 version: "2"
 services:
   traefik:
-    image: traefik
+    restart: unless-stopped
     container_name: traefik
-    command:
-      - "--api.insecure=true"
-      - "--providers.docker=true"
-      - "--providers.docker.exposedbydefault=false"
-      - "--entrypoints.web.address=:80"
-      - "--entrypoints.websecure.address=:443"
-      - "--providers.file.filename=/etc/traefik/certificates.yml"
+    image: traefik:v2.0.2
     ports:
       - "80:80"
       - "443:443"
-      - "8080:8080"
+    labels:
+      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
     volumes:
+      - ./traefik/traefik.yml:/etc/traefik/traefik.yml
+      - ./traefik/tls.yml:/etc/traefik/tls.yml
       - /var/run/docker.sock:/var/run/docker.sock
-      - ./certificates.yml:/etc/traefik/certificates.yml
-      - ./key.pem:/certs/key.pem
-      - ./cert.pem:/certs/cert.pem
+      - certs:/etc/ssl/traefik
     networks:
       - web
 
@@ -57,13 +52,24 @@ services:
     volumes:
       - ./front:/app/src
     labels:
-      - "traefik.enable=true"
       - "traefik.http.routers.front.rule=HostRegexp(`{any:.*}`)"
-      - "traefik.http.routers.front.entrypoints=websecure"
       - "traefik.http.routers.front.tls=true"
       - "traefik.http.services.front.loadbalancer.server.port=3000"
     networks:
       - web
 
+  reverse-proxy-https-helper:
+    image: alpine
+    command: sh -c "cd /etc/ssl/traefik
+      && wget traefik.me/cert.pem -O cert.pem
+      && wget traefik.me/privkey.pem -O privkey.pem"
+    volumes:
+      - certs:/etc/ssl/traefik
+    networks:
+      - web
+
 networks:
   web:
+
+volumes:
+  certs:
diff --git a/key.pem b/key.pem
diff --git a/traefik/tls.yml b/traefik/tls.yml
@@ -0,0 +1,9 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /etc/ssl/traefik/cert.pem
+        keyFile: /etc/ssl/traefik/privkey.pem
+  certificates:
+    - certFile: /etc/ssl/traefik/cert.pem
+      keyFile: /etc/ssl/traefik/privkey.pem
diff --git a/traefik/traefik.yml b/traefik/traefik.yml
@@ -0,0 +1,20 @@
+logLevel: INFO
+
+api:
+  insecure: true
+  dashboard: true
+
+entryPoints:
+  http:
+    address: ":80"
+  https:
+    address: ":443"
+
+providers:
+  file:
+    filename: /etc/traefik/tls.yml
+  docker:
+    endpoint: unix:///var/run/docker.sock
+    watch: true
+    exposedByDefault: true
+    defaultRule: 'HostRegexp(`{{ index .Labels "com.docker.compose.service"}}.traefik.me`,`{{ index .Labels "com.docker.compose.service"}}-{dashed-ip:.*}.traefik.me`)'