deploy_traefik.sh
· 2.7 KiB · Bash
Eredeti
#!/bin/bash
DOCKER_BASE=/srv/docker
mkdir -p ${DOCKER_BASE}/traefik/container.conf
cat > ${DOCKER_BASE}/traefik/container.conf/docker-compose.yml <<EOF
version: '3.7'
services:
traefik:
image: traefik:1.7-alpine
environment:
- LC_ALL=C.UTF-8
- TZ=Europe/Berlin
labels:
- traefik.enable=true
- traefik.backend=traefik
- traefik.port=8080
ports:
- "80:80"
- "443:443"
- "8080:8080"
restart: always
volumes:
- "./config/:/etc/traefik/"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
EOF
ln -s container.conf/docker-compose.yml ${DOCKER_BASE}/traefik/
cat > ${DOCKER_BASE}/traefik/container.conf/production.yml <<EOF
version: '3.3'
services:
traefik:
labels:
- traefik.frontend.rule=Host:traefik.test.org
- com.centurylinklabs.watchtower.enable=true
EOF
cat > ${DOCKER_BASE}/traefik/container.conf/traefik.service <<EOF
[Unit]
Description=Traefik Proxy Service
After=network.target docker.service
Requires=docker.service
[Service]
Type=oneshot
RemainAfterExit=yes
Environment="WORK_DIR=/srv/docker/traefik/"
WorkingDirectory=/srv/docker/traefik/
ExecStartPre=-/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down
ExecStart=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" up -d
ExecStop=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down
[Install]
WantedBy=docker.service
EOF
ln -s ${DOCKER_BASE}/traefik/container.conf/traefik.service /etc/systemd/system/
mkdir -p ${DOCKER_BASE}/traefik/config
cat > ${DOCKER_BASE}/traefik/config/traefik.toml <<EOF
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations
[web]
address = ":8080"
[web.auth.basic]
users = ["admin:$apr1$AAbCdQpX$ajolS9mMfKRG.lqcY/uXU/"]
# Connection to docker host system (docker.sock)
[docker]
domain = "test.org"
watch = true
# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Let's encrypt configuration
[acme]
email="ssladmin@test.org"
storage="/etc/traefik/acme.json"
entryPoint="https"
acmeLogging=true
onDemand=false
OnHostRule=true
[acme.httpChallenge]
entryPoint = "http"
EOF
systemctl daemon-reload && systemctl enable traefik && systemctl start traefik
| 1 | #!/bin/bash |
| 2 | DOCKER_BASE=/srv/docker |
| 3 | |
| 4 | mkdir -p ${DOCKER_BASE}/traefik/container.conf |
| 5 | |
| 6 | cat > ${DOCKER_BASE}/traefik/container.conf/docker-compose.yml <<EOF |
| 7 | version: '3.7' |
| 8 | |
| 9 | services: |
| 10 | |
| 11 | traefik: |
| 12 | image: traefik:1.7-alpine |
| 13 | environment: |
| 14 | - LC_ALL=C.UTF-8 |
| 15 | - TZ=Europe/Berlin |
| 16 | labels: |
| 17 | - traefik.enable=true |
| 18 | - traefik.backend=traefik |
| 19 | - traefik.port=8080 |
| 20 | ports: |
| 21 | - "80:80" |
| 22 | - "443:443" |
| 23 | - "8080:8080" |
| 24 | restart: always |
| 25 | volumes: |
| 26 | - "./config/:/etc/traefik/" |
| 27 | - "/var/run/docker.sock:/var/run/docker.sock:ro" |
| 28 | EOF |
| 29 | ln -s container.conf/docker-compose.yml ${DOCKER_BASE}/traefik/ |
| 30 | |
| 31 | cat > ${DOCKER_BASE}/traefik/container.conf/production.yml <<EOF |
| 32 | version: '3.3' |
| 33 | |
| 34 | services: |
| 35 | |
| 36 | traefik: |
| 37 | labels: |
| 38 | - traefik.frontend.rule=Host:traefik.test.org |
| 39 | - com.centurylinklabs.watchtower.enable=true |
| 40 | EOF |
| 41 | |
| 42 | cat > ${DOCKER_BASE}/traefik/container.conf/traefik.service <<EOF |
| 43 | [Unit] |
| 44 | Description=Traefik Proxy Service |
| 45 | After=network.target docker.service |
| 46 | Requires=docker.service |
| 47 | |
| 48 | [Service] |
| 49 | Type=oneshot |
| 50 | RemainAfterExit=yes |
| 51 | |
| 52 | Environment="WORK_DIR=/srv/docker/traefik/" |
| 53 | WorkingDirectory=/srv/docker/traefik/ |
| 54 | ExecStartPre=-/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down |
| 55 | ExecStart=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" up -d |
| 56 | ExecStop=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down |
| 57 | |
| 58 | [Install] |
| 59 | WantedBy=docker.service |
| 60 | EOF |
| 61 | ln -s ${DOCKER_BASE}/traefik/container.conf/traefik.service /etc/systemd/system/ |
| 62 | |
| 63 | mkdir -p ${DOCKER_BASE}/traefik/config |
| 64 | |
| 65 | cat > ${DOCKER_BASE}/traefik/config/traefik.toml <<EOF |
| 66 | logLevel = "DEBUG" |
| 67 | defaultEntryPoints = ["http", "https"] |
| 68 | |
| 69 | # WEB interface of Traefik - it will show web page with overview of frontend and backend configurations |
| 70 | [web] |
| 71 | address = ":8080" |
| 72 | [web.auth.basic] |
| 73 | users = ["admin:$apr1$AAbCdQpX$ajolS9mMfKRG.lqcY/uXU/"] |
| 74 | |
| 75 | # Connection to docker host system (docker.sock) |
| 76 | [docker] |
| 77 | domain = "test.org" |
| 78 | watch = true |
| 79 | # This will hide all docker containers that don't have explicitly |
| 80 | # set label to "enable" |
| 81 | exposedbydefault = false |
| 82 | |
| 83 | # Force HTTPS |
| 84 | [entryPoints] |
| 85 | [entryPoints.http] |
| 86 | address = ":80" |
| 87 | [entryPoints.http.redirect] |
| 88 | entryPoint = "https" |
| 89 | [entryPoints.https] |
| 90 | address = ":443" |
| 91 | [entryPoints.https.tls] |
| 92 | |
| 93 | # Let's encrypt configuration |
| 94 | [acme] |
| 95 | email="ssladmin@test.org" |
| 96 | storage="/etc/traefik/acme.json" |
| 97 | entryPoint="https" |
| 98 | acmeLogging=true |
| 99 | onDemand=false |
| 100 | OnHostRule=true |
| 101 | |
| 102 | [acme.httpChallenge] |
| 103 | entryPoint = "http" |
| 104 | EOF |
| 105 | |
| 106 | systemctl daemon-reload && systemctl enable traefik && systemctl start traefik |