diff --git a/.env.example b/.env.example index c737eac..db0ad29 100644 --- a/.env.example +++ b/.env.example @@ -1,2 +1,2 @@ -DEV_URL=localhost +DEV_URL=dev.linuxak.com EXTERNAL_NETWORK=traefiknet \ No newline at end of file diff --git a/.gitignore b/.gitignore index 68852af..c7c40c2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ +.idea .env portainer/* !portainer/.gitkeep traefik/logs/* -!traefik/logs/.gitkeep \ No newline at end of file +!traefik/logs/.gitkeep +certificates \ No newline at end of file diff --git a/README.md b/README.md index 9a2403a..b2cc2fc 100644 --- a/README.md +++ b/README.md @@ -9,29 +9,60 @@ Docker stack s reverse proxy (Traefik) a webovým rozhraním pro správu kontejn ## Instalace -1. **Konfigurace prostředí** - ```bash - # Přejmenujte soubor .env.example na .env - mv .env.example .env +### 1. Konfigurace prostředí +```bash +# Přejmenujte soubor .env.example na .env +mv .env.example .env - # Upravte .env soubor dle svých nastavení - DEV_URL=dev.linuxak.com - EXTERNAL_NETWORK=traefiknet - ``` +# Upravte .env soubor dle svých nastavení +DEV_URL=dev.linuxak.com +EXTERNAL_NETWORK=traefiknet +``` -2. **Spuštění** - ```bash - ./run up # Spustit stack - ./run restart # Restartovat stack - ./run down # Zastavit stack - ``` +> **Poznámka:** +> +> Doménu `dev.linuxak.com` můžete ponechat, směřuje na `127.0.0.1` tedy na váš lokální počítač. Pokud chcete použít +> jinou doménu, nezapomeňte ji přidat do vašeho `/etc/hosts` souboru a vygenerovat novou sadu certifikátů pro tuto doménu. + +### 2. Import CA do systému + +Traefik používá vlastní certifikát pro HTTPS komunikaci. Pro správné fungování je potřeba importovat `rootCA.pem` do důvěryhodných certifikátů vašeho operačního systému. + +#### MacOS +```bash +sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain traefik/certs/rootCA.pem +``` + +#### Linux (Ubuntu/Debian) +```bash +sudo cp traefik/certs/rootCA.pem /usr/local/share/ca-certificates/linuxak-dev-ca.crt +sudo update-ca-certificates +``` + +#### Linux (CentOS/RHEL/Fedora) +```bash +sudo cp traefik/certs/rootCA.pem /etc/pki/ca-trust/source/anchors/linuxak-dev-ca.crt +sudo update-ca-trust +``` + +#### Windows (PowerShell jako Admin) +```bash +Import-Certificate -FilePath "traefik/certs/rootCA.pem" -CertStoreLocation Cert:\LocalMachine\Root +``` + +### 3. Spuštění +```bash +./run up # Spustit stack +./run restart # Restartovat stack +./run down # Zastavit stack +``` ## Přístup ke službám -| Služba | URL | -|--------|-----| -| Traefik Dashboard | http://traefik.dev.linuxak.com | -| Portainer | http://portainer.dev.linuxak.com | +| Služba | URL | +|--------|-----------------------------------| +| Traefik Dashboard | https://traefik.dev.linuxak.com | +| Portainer | https://portainer.dev.linuxak.com | ## Struktura @@ -40,26 +71,29 @@ Stack/ ├── docker-compose.yml # Definice služeb ├── run # Skript pro správu ├── .env # Konfigurace prostředí -├── traefik/ # Traefik konfigurace a logy -└── portainer/ # Portainer data +├── traefik/ # Traefik konfigurace, certifikáty a logy +└── portainer/ # Portainer data ``` ## Persistence Složka `portainer` je persistentním úložištěm pro službu Portainer a všechna data této služby zůstanou uložená i po vypnutí stacku, dokud je ručně nesmažete. -## Přidání nové služby +## Připojení vaší služby do Traefiku Do vašeho `docker-compose.yml` přidejte Traefik labels: -Hodnotu `` nahraďte skutečným portem své služby. +> Hodnotu `` nahraďte skutečnou doménou své služby. +> Hodnotu `` nahraďte skutečným portem své služby. +> Hodnotu `` nahraďte skutečným náyvem své externí sítě. ```yaml labels: - "traefik.enable=true" - - "traefik.http.routers.myapp.rule=Host(`myapp.${DEV_URL}`)" - - "traefik.http.routers.myapp.entrypoints=web" - - "traefik.http.services.myapp.loadbalancer.server.port=" + - "traefik.http.routers.myapp.rule=Host(`myapp.`)" + - "traefik.http.routers.myapp.entrypoints=websecure" + - "traefik.http.routers.myapp.tls=true" + - "traefik.http.services.myapp.loadbalancer.server.port=" networks: - - ${EXTERNAL_NETWORK} + - ``` \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 3bda3de..3ed83ce 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,3 +1,8 @@ +networks: + external-net: + name: ${EXTERNAL_NETWORK:-traefiknet} + external: true + services: traefik: image: traefik:latest @@ -11,12 +16,15 @@ services: - "--accesslog.filepath=/logs/access.log" - "--entrypoints.web.address=:80" - "--entrypoints.web.forwardedheaders.trustedips=0.0.0.0/0" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + - "--entrypoints.web.http.redirections.entrypoint.permanent=true" - "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.forwardedheaders.trustedips=0.0.0.0/0" - "--api.dashboard=true" - "--providers.docker=true" - "--providers.docker.endpoint=unix:///var/run/docker.sock" - - "--providers.docker.network=${EXTERNAL_NETWORK}" + - "--providers.docker.network=${EXTERNAL_NETWORK:-traefiknet}" - "--providers.docker.exposedbydefault=false" - "--providers.docker.watch=true" - "--providers.file.filename=/etc/traefik/traefik_dynamic.yml" @@ -24,17 +32,19 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.${DEV_URL}`)" - - "traefik.http.routers.traefik-dashboard.entrypoints=web" + - "traefik.http.routers.traefik-dashboard.entrypoints=websecure" - "traefik.http.routers.traefik-dashboard.service=api@internal" + - "traefik.http.routers.traefik-dashboard.tls=true" ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro + - ./traefik/certs:/certs:ro - ./traefik/traefik_dynamic.yml:/etc/traefik/traefik_dynamic.yml:ro - ./traefik/logs:/logs networks: - - ${EXTERNAL_NETWORK} + - external-net portainer: image: portainer/portainer-ce:latest @@ -46,13 +56,9 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.portainer.rule=Host(`portainer.${DEV_URL}`)" - - "traefik.http.routers.portainer.entrypoints=web" + - "traefik.http.routers.portainer.entrypoints=websecure" - "traefik.http.routers.portainer.service=portainer" + - "traefik.http.routers.portainer.tls=true" - "traefik.http.services.portainer.loadbalancer.server.port=9000" networks: - - ${EXTERNAL_NETWORK} - -networks: - traefiknet: - name: ${EXTERNAL_NETWORK} - external: true \ No newline at end of file + - external-net diff --git a/run b/run index 4292d55..e9f7b7a 100755 --- a/run +++ b/run @@ -20,6 +20,11 @@ case "$ACTION" in "up") docker network create $EXTERNAL_NETWORK > /dev/null 2>&1 || true docker compose up -d + echo "\nServices are starting up..." + sleep 2 + echo "\nAvailable services:" + echo "Traefik: https://traefik.${DEV_URL}" + echo "Portainer: https://portainer.${DEV_URL}" ;; "restart") docker compose restart diff --git a/traefik/certs/dev.linuxak.com+1-key.pem b/traefik/certs/dev.linuxak.com+1-key.pem new file mode 100644 index 0000000..44676a9 --- /dev/null +++ b/traefik/certs/dev.linuxak.com+1-key.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDMByTfe8cZC6Mr +/F59ewhgg6VFLlgmOO0whq9X/MvfKEsBNlSFKX5zqaaxPfzurE2IBOeJYNVehDoJ +E72C5wBpftwaEpizyLvPRz9IKKOab+kjNAI2vlW3jJWgPct/Ye2DSsjX3hpZ3Xyu +woOjXfpzPDZBokh9bpD81evx6DdHhYRRIsPYfKEc1njBTZ684JBEmi4e70q1tgFq +3srFcPhwio/O5vQFfKZ1BqYppRhWUfV7+ABCE+v24sPyUEA4fWbH0OYcGVSYMA/s +KfS8Lzrh4+/601/9b+53JJ0iuC1H+UVwOLLbE1rI3/PP25cMP0U+8dOCVRb7/PEb +POjvWvLvzcHTnb05wTlw4N2t0sOii7boBnm8TtRU816soYlBUs90QRI+kGTIPE27 +H/kAIUtnP0qQaTGX5i9MBt59uiZ3v76Ph8GZ2vymNu5bKU1a8+vjPuIxYBemI/++ +bWSQvsq60XW0DKnOlJ56TBVzlhbOzMDP2kkcMFTNdxFbBsJ1WSsQsg1KyWC3DT/T +VGN6EMswHVansoSVCC6ppUv+SJnWv90GBJT8Uc+rkO1xGjnwfSmXsr4+cfR5I6uR +MEyk7vOxnwG8hiBN9lUB9biv5J8s8jb4AxCNcQOrbQG5YWoaNokbRoPICPrbfgHP +1F319sk+NJr+2TNbCrcwXSdm6wDttQIDAQABAoICAC7ChGTjzWGkFSWDlXRUujrE +cSBF2tYHvfSdKZqUyXS/m1EPzpcmR2DixN1iQ5G/05UU6qvFkaEz1Mk3yPszThjf +hjpDgNPTcZez0IENL1G5zEjRJqC9Ro/mnHQ5NWZgXzrz7Mvsj0WBSY4T7m+GnlvC +tPyd4Nc+e+Q2cvjiK6kspIKj4RbAmXwue0ZyL6tCHE5ct61HUmwK5pBDt11A4u+I +EiVtMQgA5XV0rKhmugkuh4B9+jEqt63Bkv75/X3035Vz/wj5lTW77ipGA10NxgT3 +ZIyr3RgMiy6rKYhHhbk1HAD4PaWP7gKTsSE2Rov8BDbE3aDFN5tRAUEo2Ini4kJC +fpDDpfzbjDlmN0KyUKorlHWfIwP3YCBpaSQRzCdLbCVSd/euhYV2FIhQ0mLe9nkJ +imJtrUpQ29+ybLVZLLp86r+jqOQi/yk6VMHmxvRyM8O07aY7QLrFey/5RItRkPrX +P21Qu+TXRK+c7xdoGWjlfnSDWfGYmflMZWBXse7HyGjrMaCfWNN8wrMH5pUA+AXt +qFdC6eiOG5Nr3yk/I+zP/ueo8dQvU88srT7rBu2fyDodhPAOcuSJVnch7jBYqLVB +5X8j+dx5N81NZpBO6QTxW5uTgPVxuBCOfy73pke5fEDM92D5xCYMo7rF0fEi0icT +c39yQvjQ0Bqf+1QMVzARAoIBAQDz/vveNWzrPBGg4UVaBOfkbbKLmMLQfqr4Nc6p +8h99UjnMowncLylv5s4hqtm6Ff+qgxY/LLe598WBNHo9ocjzjk2OQqM8ZqwfkmEx +mo7zm3OCHg4KKiWoNmNErcY8Zr3Q5Qes1AfJSi+6bdK33/ghtqgpjvfPWjQxUbpC +0L88EPZlvmyzM1FY67E5ch08G4j9znP07NRr7df4bKAi+MLcRYreUB119LWdZrGM +IAJz1RRFpiA+lgxoBbXmjdl8nuBiho4qboVhup0HAxAMqCG+XO0Icf0kax2z7Z7S +lJBElwGdNX9wtZcUQl6oVdGuTxtTYQsnCFKBmpSSHbrYayq3AoIBAQDWEMfB3qW+ +uS4fLqNZQjtdeZfdUFImP/zbS4sVYR5LyJ44NpVVsoTDGJ5//2mIhg55p7U0C7GA +/X+Y4f1i/DNfFhGY0EzukWfCuCVnSZ1q3oznoCfR45T3ff9AFuis2+cLtRHRMNUg +HSf56ul9L6nCTHSyuwMiQ7gMKaDzoOGDLMVbmq6eo/mM9DamZyepTxEKJ4Nh8dJV +9jVtBBhuoB/AwjuuL6YMdvjxVmsmGg4Z3YOrSWHXausPCznXUubfdnanidI6RXHO +9PT3pI0jabfIdywPMwjJzx+kxD62A5FyzFwuG+/PeUnajGNxN9B7aqDF6YX4nuEz +q/3lhl14ua7zAoIBAEsE3P/nQUPaRjlGygHxfDL5n2nYYB2mtH54XMBX12K6w1at +0jxGq+DiAALN+v+CAAe3IkHuR9b/3VPqhKMqeRSZbjMNPg82KjnS0dtkgAtagltB +TmPFrapYfpEBNPAhTr9Ji+CRmItFKgOR/LXYQPxsoquUb5DrVRzM2g3tDL81H+0M +bXNzldFXNjhJY7+1X5tZvMFTh8RfboXNMDdQcOk04IuV6lj4ElcA2hoRRW/D1eXM +PCHCFLJu/wySFIqCds8UO+XD8XKo49riEC80CpvzClYMZh6qaImHx8tLLkhIfZCO +gE5xJrBt75imOj/zxp0OO1WW83cxxfhe97HO0WUCggEAJdFNGQj2ix038rZQkWJM +DpV+qNCZ0rwXNb7A0YQY0BafLRsngr5JChZ9WeuLf1z/jap9LraqIzmloyK5mxUn +FjNV5INYNAVoKVRS905gCxNKHVmD72afWKHfyDjD3lXzGXRhs21HGadM+q/vk/gp +q3PKYhD72r/P8gYgsynG7V+pdid7lfcuDSLPzNIIhba8MekNIu6P1DPs+Fdy4YhU +U798v6cXVLhn/mrf/xk3SIaDzmzmZiIzaLL5AvtYYj4RdEO66iR+mKtZ464kaQ8y +Mq4rEHxZnx2CX59z3MAAoCFOX677zNGGpJ+MqeHMaSFLSeuZiXS4IGLQNg5o0P0s +1QKCAQEAqxH1CBklRS8N2qyCoZM9Z3FDaEeSnDcc0RKzxJdl5nzmp+oCI3Q9YmUp +7pwUsoIDlP5mTv1ZaeKGoEnsSzHqK78Pz2x1EMFBT7WblOHhLGTiKtKIDP1DE/zF +qB63fg8IpM7XffybLeoFN6cMiYUnsdBrQ90gBVo1jx8fmd8YpDihQKDxAajVx3EY +lC7N2noGmN+cyeBri34pvARwdtDC1fQEkHlrcYyKsAlCYulFMNOe7nY0FNNJkCir +8E2BOpjZXehU7wkbowpDfa+8Bpr1+HrQTUA1aQYMM9PUIr8GMiQalXi3l+tof+cM +gT0Pm/C+wmvW8vz3JzUP6lorpLwuWQ== +-----END PRIVATE KEY----- diff --git a/traefik/certs/dev.linuxak.com+1.pem b/traefik/certs/dev.linuxak.com+1.pem new file mode 100644 index 0000000..f601296 --- /dev/null +++ b/traefik/certs/dev.linuxak.com+1.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIFzTCCA7WgAwIBAgIUBnaccxGlwm24NDrZf19qkoCrnBgwDQYJKoZIhvcNAQEL +BQAwVTEXMBUGA1UECgwOTGludXhhayBzLnIuby4xGTAXBgNVBAsMEERldmVsb3Bt +ZW50IFRlYW0xHzAdBgNVBAMMFkxpbnV4YWsgRGV2ZWxvcG1lbnQgQ0EwHhcNMjYw +MzAxMjEyOTQwWhcNMzYwMjI3MjEyOTQwWjBOMRcwFQYDVQQKDA5MaW51eGFrIHMu +ci5vLjEZMBcGA1UECwwQRGV2ZWxvcG1lbnQgVGVhbTEYMBYGA1UEAwwPZGV2Lmxp +bnV4YWsuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzAck33vH +GQujK/xefXsIYIOlRS5YJjjtMIavV/zL3yhLATZUhSl+c6mmsT387qxNiATniWDV +XoQ6CRO9gucAaX7cGhKYs8i7z0c/SCijmm/pIzQCNr5Vt4yVoD3Lf2Htg0rI194a +Wd18rsKDo136czw2QaJIfW6Q/NXr8eg3R4WEUSLD2HyhHNZ4wU2evOCQRJouHu9K +tbYBat7KxXD4cIqPzub0BXymdQamKaUYVlH1e/gAQhPr9uLD8lBAOH1mx9DmHBlU +mDAP7Cn0vC864ePv+tNf/W/udySdIrgtR/lFcDiy2xNayN/zz9uXDD9FPvHTglUW ++/zxGzzo71ry783B0529OcE5cODdrdLDoou26AZ5vE7UVPNerKGJQVLPdEESPpBk +yDxNux/5ACFLZz9KkGkxl+YvTAbefbomd7++j4fBmdr8pjbuWylNWvPr4z7iMWAX +piP/vm1kkL7KutF1tAypzpSeekwVc5YWzszAz9pJHDBUzXcRWwbCdVkrELINSslg +tw0/01RjehDLMB1Wp7KElQguqaVL/kiZ1r/dBgSU/FHPq5DtcRo58H0pl7K+PnH0 +eSOrkTBMpO7zsZ8BvIYgTfZVAfW4r+SfLPI2+AMQjXEDq20BuWFqGjaJG0aDyAj6 +234Bz9Rd9fbJPjSa/tkzWwq3MF0nZusA7bUCAwEAAaOBmzCBmDAJBgNVHRMEAjAA +MAsGA1UdDwQEAwIFoDA+BgNVHREENzA1gg9kZXYubGludXhhay5jb22CESouZGV2 +LmxpbnV4YWsuY29tgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0OBBYEFA6ToYeHe+Op +jTN++uk7Fro7wXHrMB8GA1UdIwQYMBaAFBFJ7aCOprxOULdjBrB1Cd88FkRYMA0G +CSqGSIb3DQEBCwUAA4ICAQCfX6iDWxzqaQfmF7j9GoaNuVa2vToHFdNRWMcEVIyx +BmPUG5d7UqVPhKGcs8EgYo5uXCy422WKPU2D+nxMmcpkRuXaxmoUK0c2wy0QH5xb +9Z7bakAW3dmLipNUySdc4VKyqRzDGdqfClLynM+3+UiCa3chA4mEkiptZgcaJVpF +7t4IVB+r4xFs1lkve/tecDyBABsNUmxNiPHBddYxXMvC3NMvG+EMTp/dbCGsHr0m +3Odbw8n16EuFmdQbJw3MLfFm2YnE7CT7t1qJzBCE7Tzxt/n5lk6xVHp6H7GGn0IF +ZF9rD+6S2IsJkER7AE43pkDDcPTpgOb1lioxkuIkAIcsUIg5MRNyzSPIpTVpQGHa +Tl/MXnktX0HN1CVN2Q7KSJBBl7LscUHE69avGvfRggRNHk0Y6bC7fiDsPL6wA3yN +n8pCmAHXRWq5ssnBftTxyqOdVNlWkUgGQwE3UAauB5oVm7H8Rt+vzBjGV29lkEcE +G0drlzX5b78HCX79u7Jo/pbG8eWNjCpGiM1D8/mXQxgQWavHsNGdjNgF8ghaQcQt +0zs7dfUNRy7ylwoUaqu8lD0mPHUZ/4hrUO/eaCIt4wZWBE+nLB1yp6YJvTWBvnU2 +dLulonqDMtWoM4WnBcFcpuuhpOqNgplyrxFKn38fd2C8nKwPgi9LS2/1N+M2W/yp +EQ== +-----END CERTIFICATE----- diff --git a/traefik/certs/rootCA.pem b/traefik/certs/rootCA.pem new file mode 100644 index 0000000..5906dc7 --- /dev/null +++ b/traefik/certs/rootCA.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFlTCCA32gAwIBAgIULLksopGuwUuUc+OMyV0whPx7EI8wDQYJKoZIhvcNAQEL +BQAwVTEXMBUGA1UECgwOTGludXhhayBzLnIuby4xGTAXBgNVBAsMEERldmVsb3Bt +ZW50IFRlYW0xHzAdBgNVBAMMFkxpbnV4YWsgRGV2ZWxvcG1lbnQgQ0EwHhcNMjYw +MzAxMjEyOTQwWhcNMzYwMjI3MjEyOTQwWjBVMRcwFQYDVQQKDA5MaW51eGFrIHMu +ci5vLjEZMBcGA1UECwwQRGV2ZWxvcG1lbnQgVGVhbTEfMB0GA1UEAwwWTGludXhh +ayBEZXZlbG9wbWVudCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AOar3Rv1Mflr9m7mgrGU9FGyjaTILe8iUmF7Tl4dCTozfKPnOEmdTvW3KZABzNCJ +elX/4tgRTFklIowpgAkO9DTrc6JUK7fJ0QDLWP35Z0go0Rel/7lp/2LCW8dRypep +v0D9en9p7dEKaZu1oFmGVdHEwcTru45gtjV13MdhJD5DPWt+WRtlnI5EpzDbMi9N +f2v600NokTR/v6rfaPoFqGxVdbxWAfczl3oIrWAD7MCW7czHa3ke15Rsip6iLq0O +sHKPFTFpVjS7FmE5RgT82TRwnknYmmvJeaLQFQgOueS67IqTVtlshZtCWz04owKy +9Y0dXyxVJIZOprmH3nUcybvkB3hI5KiPD4NUbCx83kchmWJ05wtL+wIKCqUPtpfL +6qziQtkGoxM8uMzOjyXNXZvRtjLSy9JQEdmqVQklFR5rK1C33ESVm7VtW5eYd83R +sM5Saqs6CmfB1A/aG6S3SGB049qglBqGJ7e9nK37NINdHyAW7Ud8l3dsFVX4QEg8 +BUnB7WBSmsXy4maEs7vCVr27a+RVqo/G32SJisKi29MUnRWKQ4yB4opi4hb8gReR +IA9SbK44wMCckFSLkMkMX7YDDWEpJOoNSlMmMg1O+9VNSef1qn5U37cELkJUBLQ2 +uTi4Y69sk2NMBKqMfx2nbG9TyhKJlqRtQCLBolH2g+71AgMBAAGjXTBbMAwGA1Ud +EwQFMAMBAf8wCwYDVR0PBAQDAgKkMB0GA1UdDgQWBBQRSe2gjqa8TlC3YwawdQnf +PBZEWDAfBgNVHSMEGDAWgBQRSe2gjqa8TlC3YwawdQnfPBZEWDANBgkqhkiG9w0B +AQsFAAOCAgEAWiJTvYXGgwc8TpbQL7A3xrj1nI9YrCx6MbiYXFPef6uknU8IMncQ +AinuV/qtiwdvtQHMhjqVzQ2QTj+pBsTwAJZwyYpxtRVLBPgtsH1P2pUjVTbPiRXd +na9yvtAaK+Wezf9mxmgA6iZVhbv6izcDgv9UODyQlqFvnFelTYKFvRxws9VwoNAx +YwXk8acS+VJv1sNVm7Lrb/Vucsnq/2POOuqKGLiO64VA1m8A7I2jyYw0hRPD2Qo+ +HlckvYjfMq37YpMZbORd77kz/SLg91u3HdITdQJGrvC1ASytFAYk7IxfkLLMw6qy +jRndCxx/KoUCEr1PpxUlmWqh5R6YB+KCPwkNaP82xATsXxVzJGq4G9HfjyfGb2OF +iiFPSzeKHIhfAu5OnralkbbxcM43rW8YCSgoHj9qQeUMaKEeBO+zkyAOcInEXoYn +vqjwmkqTVu1doP+qJ89sSvFvo97IYfKgDRzeqrtYmbWkaZ3pO6Q6Yfy84cEzJacz +oA1txjc94UOZeo33F/OJTBRA2Ic5XVkoLR0iv2/L5spEq+eN+qICO0MFc1k90XU7 +g/9LYJdmvw4JNgpx4eOaXJZqwqXBWiPJY5hiso5xF4jO0BzJdIMCpxqrXNHneF47 +qfzGA5QN+XRqwAfoGl4eAEkiXnVEll/9rWbNiiXqPj0XfRJB31lVzTU= +-----END CERTIFICATE----- diff --git a/traefik/traefik_dynamic.yml b/traefik/traefik_dynamic.yml index e69de29..c86b529 100644 --- a/traefik/traefik_dynamic.yml +++ b/traefik/traefik_dynamic.yml @@ -0,0 +1,22 @@ +http: + middlewares: + redirect-to-https: + redirectScheme: + scheme: https + permanent: true + +tls: + options: + modern: + minVersion: VersionTLS12 + sniStrict: true + certificates: + - certFile: /certs/dev.linuxak.com+1.pem + keyFile: /certs/dev.linuxak.com+1-key.pem + stores: + - default + stores: + default: + defaultCertificate: + certFile: /certs/dev.linuxak.com+1.pem + keyFile: /certs/dev.linuxak.com+1-key.pem \ No newline at end of file