first working version

2022-01-13 13:45:14 +01:00 · 2022-01-13 13:45:14 +01:00 · 4091c9a8f0
commit 4091c9a8f0
8 changed files with 116 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+certs
--- a/README.md
+++ b/README.md
@ -0,0 +1,6 @@
+# Some config examples for learning Traefik
+
+## Seafile behind Traefik with HTTPS
+* Handle HTTP to HTTPS redirection
+* Handle /seafhttp path to 8082
+
--- a/demo/index.php
+++ b/demo/index.php
@ -0,0 +1,3 @@
+demo
+<?php
+var_dump($_SERVER);
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,50 @@
+version: '3'
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:v2.5
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./traefik:/etc/traefik:ro
+      - ./certs:/certs:ro
+  fake-seafile:
+    image: php:apache-buster
+    volumes:
+      - ./fake-seafile:/var/www/html:ro
+    labels:
+      - traefik.http.routers.seafile.entrypoints=websecure
+      - traefik.http.routers.seafile.rule=Host(`seafile.local`)
+      - traefik.http.routers.seafile.tls=true
+      - traefik.http.services.seafile.loadbalancer.server.port=80
+      - traefik.http.routers.seafile.service=seafile
+#      - traefik.http.routers.seafile.tls.certresolver=letsencrypt
+
+      - traefik.http.routers.seafile-http.entrypoints=web
+      - traefik.http.routers.seafile-http.rule=Host(`seafile.local`)
+      - traefik.http.routers.seafile-http.middlewares=mid-to-https
+      - traefik.http.middlewares.mid-to-https.redirectscheme.scheme=https
+      - traefik.http.routers.seafile-http.service=seafile
+
+      - traefik.http.routers.seafhttp.entrypoints=websecure
+      - traefik.http.routers.seafhttp.rule=Host(`seafile.local`) && PathPrefix(`/seafhttp`)
+      - traefik.http.routers.seafhttp.tls=true
+      - traefik.http.services.seafhttp.loadbalancer.server.port=8082
+      - traefik.http.routers.seafhttp.service=seafhttp
+      - traefik.http.routers.seafhttp.middlewares=sf-strippath
+      - traefik.http.middlewares.sf-strippath.stripprefix.prefixes=/seafhttp
+  demo:
+    image: php:apache-buster
+    volumes:
+      - ./demo:/var/www/html:ro
+    ports:
+      - "8081:80"
--- a/fake-seafile/index.php
+++ b/fake-seafile/index.php
@ -0,0 +1,3 @@
+Fake Seafile
+<?php
+var_dump($_SERVER);
--- a/gen-certs.sh
+++ b/gen-certs.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+MKCERT_VERSION=1.4.3
+CERT_HOSTNAMES="seafile.local"
+
+mkdir -p certs
+cd certs
+wget --no-clobber "https://github.com/FiloSottile/mkcert/releases/download/v$MKCERT_VERSION/mkcert-v$MKCERT_VERSION-linux-amd64"
+chmod +x "mkcert-v$MKCERT_VERSION-linux-amd64"
+./mkcert-v$MKCERT_VERSION-linux-amd64 -install $CERT_HOSTNAMES
+echo "You need to add $CERT_HOSTNAMES in your /etc/hosts"
--- a/traefik/config.yml
+++ b/traefik/config.yml
@ -0,0 +1,16 @@
+tls:
+  certificates:
+    - certFile: /certs/seafile.local.pem
+      keyFile: /certs/seafile.local-key.pem
+
+http:
+  services:
+    demo:
+      loadBalancer:
+        servers:
+          - url: "http://demo/"
+  routers:
+    demo:
+      rule: "Host(`demo.local`)"
+      service: demo
+      tls: true
--- a/traefik/traefik.yml
+++ b/traefik/traefik.yml
@ -0,0 +1,27 @@
+api:
+  insecure: true
+providers:
+  docker: {}
+entryPoints:
+  web:
+    address: ":80"
+    forwardedHeaders:
+      insecure: true
+  websecure:
+    address: ":443"
+    forwardedHeaders:
+      insecure: true
+
+providers:
+  file:
+    filename: "/etc/traefik/config.yml"
+  docker: {}
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: gabi@youpi.local
+      storage: acme.json
+      httpChallenge:
+        # used during the challenge
+        entryPoint: web