gist:8d508fc7e16242858a3e47e28ada52a2

Версія c647a6f9c05f187695cf48bbccef1437e4dc4f7a

deploy_traefik.sh · 2.9 KiB · Bash Неформатований

#!/bin/bash DOCKER_BASE=/srv/docker mkdir -p ${DOCKER_BASE}/traefik/container.conf cat > ${DOCKER_BASE}/traefik/container.conf/docker-compose.yml <<EOF version: '3.7' services: traefik: image: traefik:1.7-alpine networks: - system_traefik environment: - LC_ALL=C.UTF-8 - TZ=Europe/Berlin labels: - traefik.enable=true - traefik.backend=traefik - traefik.port=8080 ports: - "80:80" - "443:443" - "8080:8080" restart: always volumes: - "./config/:/etc/traefik/" - "/var/run/docker.sock:/var/run/docker.sock:ro" networks: system_traefik: external: true EOF ln -s container.conf/docker-compose.yml ${DOCKER_BASE}/traefik/ cat > ${DOCKER_BASE}/traefik/container.conf/production.yml <<EOF version: '3.7' services: traefik: labels: - traefik.frontend.rule=Host:traefik.test.org - com.centurylinklabs.watchtower.enable=true EOF cat > ${DOCKER_BASE}/traefik/container.conf/traefik.service <<EOF [Unit] Description=Traefik Proxy Service After=network.target docker.service Requires=docker.service [Service] Type=oneshot RemainAfterExit=yes Environment="WORK_DIR=/srv/docker/traefik/" WorkingDirectory=/srv/docker/traefik/ ExecStartPre=/usr/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null || /usr/bin/docker network create --driver bridge system_traefik" ExecStartPre=-/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down ExecStart=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" up -d ExecStop=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down [Install] WantedBy=docker.service EOF ln -s ${DOCKER_BASE}/traefik/container.conf/traefik.service /etc/systemd/system/ mkdir -p ${DOCKER_BASE}/traefik/config cat > ${DOCKER_BASE}/traefik/config/traefik.toml <<EOF logLevel = "DEBUG" defaultEntryPoints = ["http", "https"] # WEB interface of Traefik - it will show web page with overview of frontend and backend configurations [web] address = ":8080" [web.auth.basic] users = ["admin:$apr1$AAbCdQpX$ajolS9mMfKRG.lqcY/uXU/"] # Connection to docker host system (docker.sock) [docker] domain = "test.org" watch = true # This will hide all docker containers that don't have explicitly # set label to "enable" exposedbydefault = false # Force HTTPS [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] # Let's encrypt configuration [acme] email="ssladmin@test.org" storage="/etc/traefik/acme.json" entryPoint="https" acmeLogging=true onDemand=false OnHostRule=true [acme.httpChallenge] entryPoint = "http" EOF systemctl daemon-reload && systemctl enable traefik && systemctl start traefik

1	#!/bin/bash
2	DOCKER_BASE=/srv/docker
3
4	mkdir -p ${DOCKER_BASE}/traefik/container.conf
5
6	cat > ${DOCKER_BASE}/traefik/container.conf/docker-compose.yml <<EOF
7	version: '3.7'
8
9	services:
10	traefik:
11	image: traefik:1.7-alpine
12	networks:
13	- system_traefik
14	environment:
15	- LC_ALL=C.UTF-8
16	- TZ=Europe/Berlin
17	labels:
18	- traefik.enable=true
19	- traefik.backend=traefik
20	- traefik.port=8080
21	ports:
22	- "80:80"
23	- "443:443"
24	- "8080:8080"
25	restart: always
26	volumes:
27	- "./config/:/etc/traefik/"
28	- "/var/run/docker.sock:/var/run/docker.sock:ro"
29
30	networks:
31	system_traefik:
32	external: true
33	EOF
34	ln -s container.conf/docker-compose.yml ${DOCKER_BASE}/traefik/
35
36	cat > ${DOCKER_BASE}/traefik/container.conf/production.yml <<EOF
37	version: '3.7'
38
39	services:
40
41	traefik:
42	labels:
43	- traefik.frontend.rule=Host:traefik.test.org
44	- com.centurylinklabs.watchtower.enable=true
45	EOF
46
47	cat > ${DOCKER_BASE}/traefik/container.conf/traefik.service <<EOF
48	[Unit]
49	Description=Traefik Proxy Service
50	After=network.target docker.service
51	Requires=docker.service
52
53	[Service]
54	Type=oneshot
55	RemainAfterExit=yes
56
57	Environment="WORK_DIR=/srv/docker/traefik/"
58	WorkingDirectory=/srv/docker/traefik/
59	ExecStartPre=/usr/bin/bash -c "/usr/bin/docker network inspect system_traefik &>/dev/null \|\| /usr/bin/docker network create --driver bridge system_traefik"
60	ExecStartPre=-/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down
61	ExecStart=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" up -d
62	ExecStop=/usr/local/bin/docker-compose -f "\${WORK_DIR}/docker-compose.yml" -f "\${WORK_DIR}/container.conf/production.yml" down
63
64	[Install]
65	WantedBy=docker.service
66	EOF
67	ln -s ${DOCKER_BASE}/traefik/container.conf/traefik.service /etc/systemd/system/
68
69	mkdir -p ${DOCKER_BASE}/traefik/config
70
71	cat > ${DOCKER_BASE}/traefik/config/traefik.toml <<EOF
72	logLevel = "DEBUG"
73	defaultEntryPoints = ["http", "https"]
74
75	# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations
76	[web]
77	address = ":8080"
78	[web.auth.basic]
79	users = ["admin:$apr1$AAbCdQpX$ajolS9mMfKRG.lqcY/uXU/"]
80
81	# Connection to docker host system (docker.sock)
82	[docker]
83	domain = "test.org"
84	watch = true
85	# This will hide all docker containers that don't have explicitly
86	# set label to "enable"
87	exposedbydefault = false
88
89	# Force HTTPS
90	[entryPoints]
91	[entryPoints.http]
92	address = ":80"
93	[entryPoints.http.redirect]
94	entryPoint = "https"
95	[entryPoints.https]
96	address = ":443"
97	[entryPoints.https.tls]
98
99	# Let's encrypt configuration
100	[acme]
101	email="ssladmin@test.org"
102	storage="/etc/traefik/acme.json"
103	entryPoint="https"
104	acmeLogging=true
105	onDemand=false
106	OnHostRule=true
107
108	[acme.httpChallenge]
109	entryPoint = "http"
110	EOF
111
112	systemctl daemon-reload && systemctl enable traefik && systemctl start traefik
113