deploy_traefik.sh
· 6.2 KiB · Bash
Raw
#!/bin/bash
DOCKER_BASE="${DOCKER_BASE:-/srv/docker}"
TRAEFIK_DIR="${TRAEFIK_DIR:-traefik}"
mkdir -p ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf
touch ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/.env
ln -s container.conf/.env ${DOCKER_BASE}/${TRAEFIK_DIR}/
cat > ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/docker-compose.yml <<EOF
# Inspired by https://containo.us/blog/traefik-2-0-docker-101-fc2893944b9d/
version: '3'
services:
traefik:
image: traefik:2.11
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- "--log.level=INFO"
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --api=true
- --certificatesresolvers.default.acme.caserver=\${LEAPI:-https://acme-v02.api.letsencrypt.org/directory}
- --certificatesresolvers.default.acme.email=\${LEMAIL:-ssladmin@test.org}
- --certificatesresolvers.default.acme.storage=/etc/traefik/acme.json
- --certificatesresolvers.default.acme.tlschallenge=true
- --providers.file.filename=/etc/traefik/traefik_providers.yaml
- --providers.file.watch=true
logging:
options:
max-size: "100M"
max-file: "10"
networks:
- system_traefik
environment:
- LC_ALL=C.UTF-8
- TZ=Europe/Berlin
labels:
# Enable Traefik for it's own backend
- traefik.enable=true
# Dashboard
- traefik.http.routers.traefik.rule=Host(\`traefik.test.org\`)
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.tls.certresolver=default
- traefik.http.routers.traefik.service=api@internal
# Basic auth for dashboard
- traefik.http.routers.traefik.middlewares=authtraefik@docker,default-security-headers@file
# middleware authtraefik
- traefik.http.middlewares.authtraefik.basicauth.users=\${DASHBOARD_USERS:-admin:\$\$apr1\$\$AAbCdQpX\$\$ajelS9mMisKRG.lqcY/uXU/} # user/password
ports:
- "80:80"
- "443:443"
restart: always
volumes:
- "./config/:/etc/traefik/"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
system_traefik:
external: true
EOF
ln -s container.conf/docker-compose.yml ${DOCKER_BASE}/${TRAEFIK_DIR}/
cat > ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/production.yml <<EOF
version: '3'
services:
traefik:
labels:
# Allow watchtower to update this image
- com.centurylinklabs.watchtower.enable=true
# See https://docs.traefik.io/migration/v1-to-v2/#strip-and-rewrite-path-prefixes
- traefik.http.routers.traefik.rule=Host(\`$(hostname -f)\`) && (PathPrefix(\`/traefik\`) || PathPrefix(\`/api\`))
# Redefine middleware for router 'traefik' as we add more middlewares
- traefik.http.routers.traefik.middlewares=authtraefik@docker,traefik-dashboard-stripprefix@file,default-security-headers@file
EOF
cat > ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/traefik.service <<EOF
[Unit]
Description=Traefik Proxy Service
After=network.target docker.service
Requires=docker.service
[Service]
Type=oneshot
RemainAfterExit=yes
Environment="WORK_DIR=/srv/docker/traefik/"
WorkingDirectory=/srv/docker/traefik/
ExecStartPre=/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null || /usr/bin/docker network create --driver bridge system_traefik"
ExecStartPre=-/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down
ExecStart=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" up -d
ExecStop=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down
[Install]
WantedBy=docker.service
EOF
ln -s ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/traefik.service /etc/systemd/system/
mkdir -p ${DOCKER_BASE}/${TRAEFIK_DIR}/config
cat > ${DOCKER_BASE}/${TRAEFIK_DIR}/config/traefik_providers.yaml <<EOF
---
tls:
options:
default:
minVersion: VersionTLS12
sniStrict: true
cipherSuites:
# TLS 1.2 cipher suites.
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
# IE 11 and Safari < 9 + iOS <9, OSX < 10.11
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
# TLS 1.3 cipher suites.
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
# TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator that the client is doing version fallback. See RFC 7507.
- TLS_FALLBACK_SCSV
curvePreferences:
- CurveP521
- CurveP384
http:
middlewares:
redirect-web-to-websecure:
redirectScheme:
scheme: https
permanent: true
default-security-headers:
headers:
accessControlAllowMethods:
- GET
- POST
- DELETE
- OPTIONS
accessControlAllowOriginList: ["<origin>"]
accessControlMaxAge: 100
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
# frameDeny: true
# sslRedirect: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 315360000
# contentSecurityPolicy: "default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data:;font-src 'self' data:;connect-src 'self' ws: wss:"
# customRequestHeaders:
# X-Frame-Options: "SAMEORIGIN"
# customFrameOptionsValue: "SAMEORIGIN"
referrerPolicy: "same-origin"
permissionsPolicy: "vibrate=(self)"
traefik-dashboard-stripprefix:
stripPrefix:
prefixes:
- "/traefik"
services:
redirect-dummy:
loadBalancer:
servers:
- url: ""
routers:
# global redirect to https
# per domain see https://doc.traefik.io/traefik/migration/v1-to-v2/#http-to-https-redirection-is-now-configured-on-routers
web-to-websecure:
rule: "hostregexp(\`{host:.+}\`)"
service: "redirect-dummy@file"
entryPoints:
- "web"
middlewares:
- redirect-web-to-websecure@file
EOF
systemctl daemon-reload && systemctl enable traefik && systemctl start traefik
| 1 | #!/bin/bash |
| 2 | DOCKER_BASE="${DOCKER_BASE:-/srv/docker}" |
| 3 | TRAEFIK_DIR="${TRAEFIK_DIR:-traefik}" |
| 4 | |
| 5 | mkdir -p ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf |
| 6 | |
| 7 | touch ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/.env |
| 8 | ln -s container.conf/.env ${DOCKER_BASE}/${TRAEFIK_DIR}/ |
| 9 | |
| 10 | cat > ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/docker-compose.yml <<EOF |
| 11 | # Inspired by https://containo.us/blog/traefik-2-0-docker-101-fc2893944b9d/ |
| 12 | |
| 13 | version: '3' |
| 14 | |
| 15 | services: |
| 16 | traefik: |
| 17 | image: traefik:2.11 |
| 18 | command: |
| 19 | - --entrypoints.web.address=:80 |
| 20 | - --entrypoints.websecure.address=:443 |
| 21 | - "--log.level=INFO" |
| 22 | - --providers.docker=true |
| 23 | - --providers.docker.exposedbydefault=false |
| 24 | - --api=true |
| 25 | - --certificatesresolvers.default.acme.caserver=\${LEAPI:-https://acme-v02.api.letsencrypt.org/directory} |
| 26 | - --certificatesresolvers.default.acme.email=\${LEMAIL:-ssladmin@test.org} |
| 27 | - --certificatesresolvers.default.acme.storage=/etc/traefik/acme.json |
| 28 | - --certificatesresolvers.default.acme.tlschallenge=true |
| 29 | - --providers.file.filename=/etc/traefik/traefik_providers.yaml |
| 30 | - --providers.file.watch=true |
| 31 | logging: |
| 32 | options: |
| 33 | max-size: "100M" |
| 34 | max-file: "10" |
| 35 | networks: |
| 36 | - system_traefik |
| 37 | environment: |
| 38 | - LC_ALL=C.UTF-8 |
| 39 | - TZ=Europe/Berlin |
| 40 | labels: |
| 41 | # Enable Traefik for it's own backend |
| 42 | - traefik.enable=true |
| 43 | # Dashboard |
| 44 | - traefik.http.routers.traefik.rule=Host(\`traefik.test.org\`) |
| 45 | - traefik.http.routers.traefik.entrypoints=websecure |
| 46 | - traefik.http.routers.traefik.tls=true |
| 47 | - traefik.http.routers.traefik.tls.certresolver=default |
| 48 | - traefik.http.routers.traefik.service=api@internal |
| 49 | # Basic auth for dashboard |
| 50 | - traefik.http.routers.traefik.middlewares=authtraefik@docker,default-security-headers@file |
| 51 | # middleware authtraefik |
| 52 | - traefik.http.middlewares.authtraefik.basicauth.users=\${DASHBOARD_USERS:-admin:\$\$apr1\$\$AAbCdQpX\$\$ajelS9mMisKRG.lqcY/uXU/} # user/password |
| 53 | ports: |
| 54 | - "80:80" |
| 55 | - "443:443" |
| 56 | restart: always |
| 57 | volumes: |
| 58 | - "./config/:/etc/traefik/" |
| 59 | - "/var/run/docker.sock:/var/run/docker.sock:ro" |
| 60 | |
| 61 | networks: |
| 62 | system_traefik: |
| 63 | external: true |
| 64 | EOF |
| 65 | ln -s container.conf/docker-compose.yml ${DOCKER_BASE}/${TRAEFIK_DIR}/ |
| 66 | |
| 67 | cat > ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/production.yml <<EOF |
| 68 | version: '3' |
| 69 | |
| 70 | services: |
| 71 | |
| 72 | traefik: |
| 73 | labels: |
| 74 | # Allow watchtower to update this image |
| 75 | - com.centurylinklabs.watchtower.enable=true |
| 76 | # See https://docs.traefik.io/migration/v1-to-v2/#strip-and-rewrite-path-prefixes |
| 77 | - traefik.http.routers.traefik.rule=Host(\`$(hostname -f)\`) && (PathPrefix(\`/traefik\`) || PathPrefix(\`/api\`)) |
| 78 | # Redefine middleware for router 'traefik' as we add more middlewares |
| 79 | - traefik.http.routers.traefik.middlewares=authtraefik@docker,traefik-dashboard-stripprefix@file,default-security-headers@file |
| 80 | EOF |
| 81 | |
| 82 | cat > ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/traefik.service <<EOF |
| 83 | [Unit] |
| 84 | Description=Traefik Proxy Service |
| 85 | After=network.target docker.service |
| 86 | Requires=docker.service |
| 87 | |
| 88 | [Service] |
| 89 | Type=oneshot |
| 90 | RemainAfterExit=yes |
| 91 | |
| 92 | Environment="WORK_DIR=/srv/docker/traefik/" |
| 93 | WorkingDirectory=/srv/docker/traefik/ |
| 94 | ExecStartPre=/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null || /usr/bin/docker network create --driver bridge system_traefik" |
| 95 | ExecStartPre=-/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down |
| 96 | ExecStart=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" up -d |
| 97 | ExecStop=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down |
| 98 | |
| 99 | [Install] |
| 100 | WantedBy=docker.service |
| 101 | EOF |
| 102 | ln -s ${DOCKER_BASE}/${TRAEFIK_DIR}/container.conf/traefik.service /etc/systemd/system/ |
| 103 | |
| 104 | mkdir -p ${DOCKER_BASE}/${TRAEFIK_DIR}/config |
| 105 | |
| 106 | cat > ${DOCKER_BASE}/${TRAEFIK_DIR}/config/traefik_providers.yaml <<EOF |
| 107 | --- |
| 108 | tls: |
| 109 | options: |
| 110 | default: |
| 111 | minVersion: VersionTLS12 |
| 112 | sniStrict: true |
| 113 | cipherSuites: |
| 114 | # TLS 1.2 cipher suites. |
| 115 | - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| 116 | - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| 117 | - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 |
| 118 | # IE 11 and Safari < 9 + iOS <9, OSX < 10.11 |
| 119 | - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
| 120 | # TLS 1.3 cipher suites. |
| 121 | - TLS_AES_128_GCM_SHA256 |
| 122 | - TLS_AES_256_GCM_SHA384 |
| 123 | - TLS_CHACHA20_POLY1305_SHA256 |
| 124 | # TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator that the client is doing version fallback. See RFC 7507. |
| 125 | - TLS_FALLBACK_SCSV |
| 126 | curvePreferences: |
| 127 | - CurveP521 |
| 128 | - CurveP384 |
| 129 | |
| 130 | http: |
| 131 | middlewares: |
| 132 | redirect-web-to-websecure: |
| 133 | redirectScheme: |
| 134 | scheme: https |
| 135 | permanent: true |
| 136 | default-security-headers: |
| 137 | headers: |
| 138 | accessControlAllowMethods: |
| 139 | - GET |
| 140 | - POST |
| 141 | - DELETE |
| 142 | - OPTIONS |
| 143 | accessControlAllowOriginList: ["<origin>"] |
| 144 | accessControlMaxAge: 100 |
| 145 | browserXssFilter: true |
| 146 | contentTypeNosniff: true |
| 147 | forceSTSHeader: true |
| 148 | # frameDeny: true |
| 149 | # sslRedirect: true |
| 150 | stsIncludeSubdomains: true |
| 151 | stsPreload: true |
| 152 | stsSeconds: 315360000 |
| 153 | # contentSecurityPolicy: "default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data:;font-src 'self' data:;connect-src 'self' ws: wss:" |
| 154 | # customRequestHeaders: |
| 155 | # X-Frame-Options: "SAMEORIGIN" |
| 156 | # customFrameOptionsValue: "SAMEORIGIN" |
| 157 | referrerPolicy: "same-origin" |
| 158 | permissionsPolicy: "vibrate=(self)" |
| 159 | traefik-dashboard-stripprefix: |
| 160 | stripPrefix: |
| 161 | prefixes: |
| 162 | - "/traefik" |
| 163 | services: |
| 164 | redirect-dummy: |
| 165 | loadBalancer: |
| 166 | servers: |
| 167 | - url: "" |
| 168 | routers: |
| 169 | # global redirect to https |
| 170 | # per domain see https://doc.traefik.io/traefik/migration/v1-to-v2/#http-to-https-redirection-is-now-configured-on-routers |
| 171 | web-to-websecure: |
| 172 | rule: "hostregexp(\`{host:.+}\`)" |
| 173 | service: "redirect-dummy@file" |
| 174 | entryPoints: |
| 175 | - "web" |
| 176 | middlewares: |
| 177 | - redirect-web-to-websecure@file |
| 178 | EOF |
| 179 | |
| 180 | systemctl daemon-reload && systemctl enable traefik && systemctl start traefik |
| 181 |
migrate_system_traefik_network.sh
· 566 B · Bash
Raw
#!/bin/bash
sed -i '/^WorkingDirectory/a ExecStartPre=/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null || /usr/bin/docker network create --driver bridge system_traefik"' /srv/docker/traefik/container.conf/traefik.service && systemctl daemon-reload
sed -i '/image: traefik/a\ networks:\n - system_traefik' /srv/docker/traefik/container.conf/docker-compose.yml
sed -i s/traefik_default/system_traefik/g /srv/docker/*/container.conf/*.yml
sed -i s/traefik_default/system_traefik/g /srv/docker/portainer/data/compose/*/docker-compose.yml
| 1 | #!/bin/bash |
| 2 | sed -i '/^WorkingDirectory/a ExecStartPre=/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null || /usr/bin/docker network create --driver bridge system_traefik"' /srv/docker/traefik/container.conf/traefik.service && systemctl daemon-reload |
| 3 | sed -i '/image: traefik/a\ networks:\n - system_traefik' /srv/docker/traefik/container.conf/docker-compose.yml |
| 4 | sed -i s/traefik_default/system_traefik/g /srv/docker/*/container.conf/*.yml |
| 5 | sed -i s/traefik_default/system_traefik/g /srv/docker/portainer/data/compose/*/docker-compose.yml |
| 6 |
migrate_to_v2.sh
· 1.5 KiB · Bash
Raw
#!/bin/bash
BASEPATH="/srv/docker/traefik2/"
export TRAEFIK_DIR="traefik2"
# Download deployment script
wget -q https://gist.githubusercontent.com/waja/37202007b10837a7fc2e6eacacd9b335/raw/deploy_traefik.sh \
-O /tmp/deploy_traefik.sh && \
# Remove auto start of the traefik daemon
sed '/^systemctl/d' -i /tmp/deploy_traefik.sh && \
sed -i '/etc\/systemd\/system\/$/d' /tmp/deploy_traefik.sh && \
# Run deployment
bash /tmp/deploy_traefik.sh
# Migrate settings from old toml config
ADMIN_CRED="$(grep users ${BASEPATH}/../traefik/config/traefik.toml | cut -d \" -f2)"
EMAIL="$(grep email ${BASEPATH}/../traefik/config/traefik.toml | cut -d \" -f2)"
echo "LEMAIL=${EMAIL}" > ${BASEPATH}/.env
echo "#LEAPI=https://acme-staging-v02.api.letsencrypt.org/directory" >> ${BASEPATH}/.env
echo "DASHBOARD_USERS=${ADMIN_CRED}" >> ${BASEPATH}/.env
# Migrate old acme store to the new once
wget -q https://github.com/traefik/traefik-migration-tool/releases/download/v0.13.1/traefik-migration-tool_v0.13.1_linux_amd64.tar.gz -P /tmp
tar -xf /tmp/traefik-migration-tool_v0.13.1_linux_amd64.tar.gz -C /tmp
/tmp/traefik-migration-tool acme -i /srv/docker/traefik/config/acme.json -o /srv/docker/traefik2/config/acme-new.json
echo -e "You might want to the following:\nmv traefik traefik1 && mv traefik2 traefik && systemctl daemon-reload\ncd /srv/docker/traefik\ndocker-compose -f docker-compose.yml -f container.conf/production.yml pull\nsystemctl restart traefik && docker-compose -f docker-compose.yml -f container.conf/production.yml logs -f"
| 1 | #!/bin/bash |
| 2 | BASEPATH="/srv/docker/traefik2/" |
| 3 | |
| 4 | export TRAEFIK_DIR="traefik2" |
| 5 | |
| 6 | # Download deployment script |
| 7 | wget -q https://gist.githubusercontent.com/waja/37202007b10837a7fc2e6eacacd9b335/raw/deploy_traefik.sh \ |
| 8 | -O /tmp/deploy_traefik.sh && \ |
| 9 | # Remove auto start of the traefik daemon |
| 10 | sed '/^systemctl/d' -i /tmp/deploy_traefik.sh && \ |
| 11 | sed -i '/etc\/systemd\/system\/$/d' /tmp/deploy_traefik.sh && \ |
| 12 | # Run deployment |
| 13 | bash /tmp/deploy_traefik.sh |
| 14 | |
| 15 | # Migrate settings from old toml config |
| 16 | ADMIN_CRED="$(grep users ${BASEPATH}/../traefik/config/traefik.toml | cut -d \" -f2)" |
| 17 | EMAIL="$(grep email ${BASEPATH}/../traefik/config/traefik.toml | cut -d \" -f2)" |
| 18 | echo "LEMAIL=${EMAIL}" > ${BASEPATH}/.env |
| 19 | echo "#LEAPI=https://acme-staging-v02.api.letsencrypt.org/directory" >> ${BASEPATH}/.env |
| 20 | echo "DASHBOARD_USERS=${ADMIN_CRED}" >> ${BASEPATH}/.env |
| 21 | |
| 22 | # Migrate old acme store to the new once |
| 23 | wget -q https://github.com/traefik/traefik-migration-tool/releases/download/v0.13.1/traefik-migration-tool_v0.13.1_linux_amd64.tar.gz -P /tmp |
| 24 | tar -xf /tmp/traefik-migration-tool_v0.13.1_linux_amd64.tar.gz -C /tmp |
| 25 | /tmp/traefik-migration-tool acme -i /srv/docker/traefik/config/acme.json -o /srv/docker/traefik2/config/acme-new.json |
| 26 | |
| 27 | echo -e "You might want to the following:\nmv traefik traefik1 && mv traefik2 traefik && systemctl daemon-reload\ncd /srv/docker/traefik\ndocker-compose -f docker-compose.yml -f container.conf/production.yml pull\nsystemctl restart traefik && docker-compose -f docker-compose.yml -f container.conf/production.yml logs -f" |
| 28 |
migrate_to_v25.sh
· 616 B · Bash
Raw
#!/bin/bash
BASEPATH="/srv/docker/traefik/"
sed -i "s/^ sslRedirect: true/# sslRedirect: true/" ${BASEPATH}/config/traefik_providers.yaml && \
sed -i "s/^ featurePolicy: \"vibrate 'self'\"/ permissionsPolicy: \"vibrate=\(self\)\"/" ${BASEPATH}/config/traefik_providers.yaml && \
sed -i "s/image: traefik:2.4/image: traefik:2.5/" ${BASEPATH}/container.conf/docker-compose.yml && \
cd ${BASEPATH} && \
docker-compose -f docker-compose.yml -f container.conf/production.yml pull && \
systemctl restart traefik && docker-compose -f docker-compose.yml -f container.conf/production.yml logs -f
| 1 | #!/bin/bash |
| 2 | BASEPATH="/srv/docker/traefik/" |
| 3 | |
| 4 | sed -i "s/^ sslRedirect: true/# sslRedirect: true/" ${BASEPATH}/config/traefik_providers.yaml && \ |
| 5 | sed -i "s/^ featurePolicy: \"vibrate 'self'\"/ permissionsPolicy: \"vibrate=\(self\)\"/" ${BASEPATH}/config/traefik_providers.yaml && \ |
| 6 | sed -i "s/image: traefik:2.4/image: traefik:2.5/" ${BASEPATH}/container.conf/docker-compose.yml && \ |
| 7 | cd ${BASEPATH} && \ |
| 8 | docker-compose -f docker-compose.yml -f container.conf/production.yml pull && \ |
| 9 | systemctl restart traefik && docker-compose -f docker-compose.yml -f container.conf/production.yml logs -f |
| 10 |
migrate_traefik_TLS11.sh
· 152 B · Bash
Raw
#!/bin/bash
sed -i '/\[entryPoints.https.tls\]/a \ minVersion = "VersionTLS11"' /srv/docker/traefik/config/traefik.toml && systemctl restart traefik
| 1 | #!/bin/bash |
| 2 | sed -i '/\[entryPoints.https.tls\]/a \ minVersion = "VersionTLS11"' /srv/docker/traefik/config/traefik.toml && systemctl restart traefik |
| 3 |
migrate_traefik_TLS12.sh
· 117 B · Bash
Raw
#!/bin/bash
sed -i s/VersionTLS11/VersionTLS12/ /srv/docker/traefik/config/traefik.toml && systemctl restart traefik
| 1 | #!/bin/bash |
| 2 | sed -i s/VersionTLS11/VersionTLS12/ /srv/docker/traefik/config/traefik.toml && systemctl restart traefik |
| 3 |
socat.sh
· 503 B · Bash
Raw
#!/bin/bash
if [ $(ip -6 route | grep -c ^default) -eq 0 ]; then exit; fi
apt install socat || exit
cat > /etc/systemd/system/socat\@.service <<EOF
[Unit]
Description=ipv6 to ipv4 port forwarding
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/socat TCP6-LISTEN:%i,ipv6only=1,reuseaddr,fork TCP4:127.0.0.1:%i
[Install]
WantedBy=docker.service
EOF
systemctl daemon-reload
for PROTO in http https; do
systemctl enable socat@${PROTO}.service
systemctl start socat@${PROTO}.service
done
| 1 | #!/bin/bash |
| 2 | |
| 3 | if [ $(ip -6 route | grep -c ^default) -eq 0 ]; then exit; fi |
| 4 | apt install socat || exit |
| 5 | |
| 6 | cat > /etc/systemd/system/socat\@.service <<EOF |
| 7 | [Unit] |
| 8 | Description=ipv6 to ipv4 port forwarding |
| 9 | After=network.target |
| 10 | |
| 11 | [Service] |
| 12 | Type=simple |
| 13 | ExecStart=/usr/bin/socat TCP6-LISTEN:%i,ipv6only=1,reuseaddr,fork TCP4:127.0.0.1:%i |
| 14 | |
| 15 | [Install] |
| 16 | WantedBy=docker.service |
| 17 | EOF |
| 18 | systemctl daemon-reload |
| 19 | for PROTO in http https; do |
| 20 | systemctl enable socat@${PROTO}.service |
| 21 | systemctl start socat@${PROTO}.service |
| 22 | done |
| 23 |