deploy_traefik.sh
· 2.9 KiB · Bash
原始文件
#!/bin/bash
DOCKER_BASE=/srv/docker
mkdir -p ${DOCKER_BASE}/traefik/container.conf
cat > ${DOCKER_BASE}/traefik/container.conf/docker-compose.yml <<EOF
version: '3.7'
services:
traefik:
image: traefik:1.7-alpine
networks:
- system_traefik
environment:
- LC_ALL=C.UTF-8
- TZ=Europe/Berlin
labels:
- traefik.enable=true
- traefik.backend=traefik
- traefik.port=8080
ports:
- "80:80"
- "443:443"
- "8080:8080"
restart: always
volumes:
- "./config/:/etc/traefik/"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
system_traefik:
external: true
EOF
ln -s container.conf/docker-compose.yml ${DOCKER_BASE}/traefik/
cat > ${DOCKER_BASE}/traefik/container.conf/production.yml <<EOF
version: '3.7'
services:
traefik:
labels:
- traefik.frontend.rule=Host:host.test.org;PathPrefixStrip:/traefik
- com.centurylinklabs.watchtower.enable=true
EOF
cat > ${DOCKER_BASE}/traefik/container.conf/traefik.service <<EOF
[Unit]
Description=Traefik Proxy Service
After=network.target docker.service
Requires=docker.service
[Service]
Type=oneshot
RemainAfterExit=yes
Environment="WORK_DIR=/srv/docker/traefik/"
WorkingDirectory=/srv/docker/traefik/
ExecStartPre=/usr/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null || /usr/bin/docker network create --driver bridge system_traefik"
ExecStartPre=-/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down
ExecStart=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" up -d
ExecStop=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down
[Install]
WantedBy=docker.service
EOF
ln -s ${DOCKER_BASE}/traefik/container.conf/traefik.service /etc/systemd/system/
mkdir -p ${DOCKER_BASE}/traefik/config
cat > ${DOCKER_BASE}/traefik/config/traefik.toml <<EOF
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations
[web]
address = ":8080"
[web.auth.basic]
users = ["admin:$apr1$AAbCdQpX$ajolS9mMfKRG.lqcY/uXU/"]
# Connection to docker host system (docker.sock)
[docker]
domain = "test.org"
watch = true
# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Let's encrypt configuration
[acme]
email="ssladmin@test.org"
storage="/etc/traefik/acme.json"
entryPoint="https"
acmeLogging=true
onDemand=false
OnHostRule=true
[acme.httpChallenge]
entryPoint = "http"
EOF
systemctl daemon-reload && systemctl enable traefik && systemctl start traefik
| 1 | #!/bin/bash |
| 2 | DOCKER_BASE=/srv/docker |
| 3 | |
| 4 | mkdir -p ${DOCKER_BASE}/traefik/container.conf |
| 5 | |
| 6 | cat > ${DOCKER_BASE}/traefik/container.conf/docker-compose.yml <<EOF |
| 7 | version: '3.7' |
| 8 | |
| 9 | services: |
| 10 | traefik: |
| 11 | image: traefik:1.7-alpine |
| 12 | networks: |
| 13 | - system_traefik |
| 14 | environment: |
| 15 | - LC_ALL=C.UTF-8 |
| 16 | - TZ=Europe/Berlin |
| 17 | labels: |
| 18 | - traefik.enable=true |
| 19 | - traefik.backend=traefik |
| 20 | - traefik.port=8080 |
| 21 | ports: |
| 22 | - "80:80" |
| 23 | - "443:443" |
| 24 | - "8080:8080" |
| 25 | restart: always |
| 26 | volumes: |
| 27 | - "./config/:/etc/traefik/" |
| 28 | - "/var/run/docker.sock:/var/run/docker.sock:ro" |
| 29 | |
| 30 | networks: |
| 31 | system_traefik: |
| 32 | external: true |
| 33 | EOF |
| 34 | ln -s container.conf/docker-compose.yml ${DOCKER_BASE}/traefik/ |
| 35 | |
| 36 | cat > ${DOCKER_BASE}/traefik/container.conf/production.yml <<EOF |
| 37 | version: '3.7' |
| 38 | |
| 39 | services: |
| 40 | |
| 41 | traefik: |
| 42 | labels: |
| 43 | - traefik.frontend.rule=Host:host.test.org;PathPrefixStrip:/traefik |
| 44 | - com.centurylinklabs.watchtower.enable=true |
| 45 | EOF |
| 46 | |
| 47 | cat > ${DOCKER_BASE}/traefik/container.conf/traefik.service <<EOF |
| 48 | [Unit] |
| 49 | Description=Traefik Proxy Service |
| 50 | After=network.target docker.service |
| 51 | Requires=docker.service |
| 52 | |
| 53 | [Service] |
| 54 | Type=oneshot |
| 55 | RemainAfterExit=yes |
| 56 | |
| 57 | Environment="WORK_DIR=/srv/docker/traefik/" |
| 58 | WorkingDirectory=/srv/docker/traefik/ |
| 59 | ExecStartPre=/usr/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null || /usr/bin/docker network create --driver bridge system_traefik" |
| 60 | ExecStartPre=-/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down |
| 61 | ExecStart=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" up -d |
| 62 | ExecStop=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down |
| 63 | |
| 64 | [Install] |
| 65 | WantedBy=docker.service |
| 66 | EOF |
| 67 | ln -s ${DOCKER_BASE}/traefik/container.conf/traefik.service /etc/systemd/system/ |
| 68 | |
| 69 | mkdir -p ${DOCKER_BASE}/traefik/config |
| 70 | |
| 71 | cat > ${DOCKER_BASE}/traefik/config/traefik.toml <<EOF |
| 72 | logLevel = "DEBUG" |
| 73 | defaultEntryPoints = ["http", "https"] |
| 74 | |
| 75 | # WEB interface of Traefik - it will show web page with overview of frontend and backend configurations |
| 76 | [web] |
| 77 | address = ":8080" |
| 78 | [web.auth.basic] |
| 79 | users = ["admin:$apr1$AAbCdQpX$ajolS9mMfKRG.lqcY/uXU/"] |
| 80 | |
| 81 | # Connection to docker host system (docker.sock) |
| 82 | [docker] |
| 83 | domain = "test.org" |
| 84 | watch = true |
| 85 | # This will hide all docker containers that don't have explicitly |
| 86 | # set label to "enable" |
| 87 | exposedbydefault = false |
| 88 | |
| 89 | # Force HTTPS |
| 90 | [entryPoints] |
| 91 | [entryPoints.http] |
| 92 | address = ":80" |
| 93 | [entryPoints.http.redirect] |
| 94 | entryPoint = "https" |
| 95 | [entryPoints.https] |
| 96 | address = ":443" |
| 97 | [entryPoints.https.tls] |
| 98 | |
| 99 | # Let's encrypt configuration |
| 100 | [acme] |
| 101 | email="ssladmin@test.org" |
| 102 | storage="/etc/traefik/acme.json" |
| 103 | entryPoint="https" |
| 104 | acmeLogging=true |
| 105 | onDemand=false |
| 106 | OnHostRule=true |
| 107 | |
| 108 | [acme.httpChallenge] |
| 109 | entryPoint = "http" |
| 110 | EOF |
| 111 | |
| 112 | systemctl daemon-reload && systemctl enable traefik && systemctl start traefik |
| 113 |
migrate_system_traefik_network.sh
· 574 B · Bash
原始文件
#!/bin/bash
sed -i '/^WorkingDirectory/a ExecStartPre=/usr/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null || /usr/bin/docker network create --driver bridge system_traefik"' /srv/docker/traefik/container.conf/traefik.service && systemctl daemon-reload
sed -i '/image: traefik/a\ networks:\n - system_traefik' /srv/docker/traefik/container.conf/docker-compose.yml
sed -i s/traefik_default/system_traefik/g /srv/docker/*/container.conf/*.yml
sed -i s/traefik_default/system_traefik/g /srv/docker/portainer/data/compose/*/docker-compose.yml
| 1 | #!/bin/bash |
| 2 | sed -i '/^WorkingDirectory/a ExecStartPre=/usr/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null || /usr/bin/docker network create --driver bridge system_traefik"' /srv/docker/traefik/container.conf/traefik.service && systemctl daemon-reload |
| 3 | sed -i '/image: traefik/a\ networks:\n - system_traefik' /srv/docker/traefik/container.conf/docker-compose.yml |
| 4 | sed -i s/traefik_default/system_traefik/g /srv/docker/*/container.conf/*.yml |
| 5 | sed -i s/traefik_default/system_traefik/g /srv/docker/portainer/data/compose/*/docker-compose.yml |
| 6 |