Traefik define routing networks

2024-01-22 18:56:17 +01:00 · 2024-01-22 18:56:17 +01:00 · 68307a9f52
parent 437ba4f04c
commit 68307a9f52
23 changed files with 35 additions and 4 deletions
--- a/ansible/plays/services/blog/docker-compose.yaml
+++ b/ansible/plays/services/blog/docker-compose.yaml
@ -6,6 +6,7 @@ services:
    image: registry.tobiasmanske.de/tobiasmanske.de:latest
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.tobiasmanskede.rule=(Host(`tobiasmanske.de`) || Host(`www.tobiasmanske.de`)) && !PathPrefix(`/{path:(_matrix|_synapse|.well-known/matrix|.well-known/openpgpkey)}/`)"
      - "traefik.http.routers.tobiasmanskede.entryPoints=websecure"
      - "traefik.http.services.tobiasmanskede.loadbalancer.server.port=80"
--- a/ansible/plays/services/caddy/docker-compose.yaml
+++ b/ansible/plays/services/caddy/docker-compose.yaml
@ -8,6 +8,7 @@ services:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro,z
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.caddyredir.rule={{ redirect.hosts | map(attribute='from') | map('regex_replace', '^(.*)$', 'Host(`\\1`)') | join(' || ') }}"
      - "traefik.http.routers.caddyredir.entryPoints=websecure"
      - "traefik.http.services.caddyredir.loadbalancer.server.port=80"
--- a/ansible/plays/services/gitea/docker-compose.yaml
+++ b/ansible/plays/services/gitea/docker-compose.yaml
@ -26,6 +26,7 @@ services:
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.gitea.rule=Host(`git.tobiasmanske.de`)"
      - "traefik.http.routers.gitea.entryPoints=websecure"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
@ -72,6 +73,7 @@ services:
      - drone_data:/data
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.drone.rule=Host(`drone.tobiasmanske.de`)"
      - "traefik.http.routers.drone.entryPoints=websecure"
      - "traefik.http.services.drone.loadbalancer.server.port=80"
--- a/ansible/plays/services/gotosocial/docker-compose.yaml
+++ b/ansible/plays/services/gotosocial/docker-compose.yaml
@ -41,6 +41,7 @@ services:
      TZ: "Europe/Berlin"
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.gotosocial.rule=(Host(`social.unruhig.eu`) || (Host(`unruhig.eu`) && Path(`/.well-known/{a:(webfinger|nodeinfo|host-meta)}`)))"
      - "traefik.http.routers.gotosocial.entryPoints=websecure"
      - "traefik.http.services.gotosocial.loadbalancer.server.port=8080"
--- a/ansible/plays/services/grafana/docker-compose.yaml
+++ b/ansible/plays/services/grafana/docker-compose.yaml
@ -5,6 +5,7 @@ services:
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)"
      - "traefik.http.routers.grafana.entryPoints=websecure"
      - "traefik.http.services.grafana.loadbalancer.server.port=3000"
--- a/ansible/plays/services/hedgedoc/docker-compose.yaml
+++ b/ansible/plays/services/hedgedoc/docker-compose.yaml
@ -55,6 +55,7 @@ services:
    restart: always
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.hedgedoc.rule=Host(`doc.tobiasmanske.de`)"
      - "traefik.http.routers.hedgedoc.middlewares=deny-metrics@file"
      - "traefik.http.routers.hedgedoc.entryPoints=websecure"
--- a/ansible/plays/services/keycloak/docker-compose.yaml
+++ b/ansible/plays/services/keycloak/docker-compose.yaml
@ -37,6 +37,7 @@ services:
      - "KC_HOSTNAME=auth.tobiasmanske.de"
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.keycloak.rule=Host(`auth.tobiasmanske.de`)"
      - "traefik.http.routers.keycloak.entryPoints=websecure"
      - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
--- a/ansible/plays/services/kuma/docker-compose.yaml
+++ b/ansible/plays/services/kuma/docker-compose.yaml
@ -9,6 +9,7 @@ services:
      - data:/app/data
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.kuma-{{ _name }}.rule={{ _urls | map('regex_replace', '^(.*)$', 'Host(`\\1`)') | join(' || ') }}"
      - "traefik.http.routers.kuma-{{ _name }}.entryPoints=websecure"
      - "traefik.http.services.kuma-{{ _name }}.loadbalancer.server.port=3001"
--- a/ansible/plays/services/linktree/docker-compose.yaml
+++ b/ansible/plays/services/linktree/docker-compose.yaml
@ -6,6 +6,7 @@ services:
    image: registry.tobiasmanske.de/unruhig.eu:latest
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.unruhigeu.rule=(Host(`unruhig.eu`) || Host(`www.unruhig.eu`))"
      - "traefik.http.routers.unruhigeu.entryPoints=websecure"
      - "traefik.http.services.unruhigeu.loadbalancer.server.port=80"
--- a/ansible/plays/services/loki/docker-compose.yaml
+++ b/ansible/plays/services/loki/docker-compose.yaml
@ -9,6 +9,7 @@ services:
      - loki_data:/loki
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.loki.rule=Host(`loki.tobiasmanske.de`)"
      - "traefik.http.middlewares.loki-auth.basicauth.users={{ common.loki.username }}:{{ common.loki.password_hash | mandatory }}"
      - "traefik.http.routers.loki.entryPoints=websecure"
--- a/ansible/plays/services/matrix/docker-compose.yaml
+++ b/ansible/plays/services/matrix/docker-compose.yaml
@ -34,6 +34,7 @@ services:
      - metrics
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.http-synapse.rule=Host(`synapse.{{ matrix.baseurl }}`)"
      - "traefik.http.routers.http-synapse.entryPoints=websecure"
      - "traefik.http.routers.http-synapse.service=matrix-synapse"
@ -70,6 +71,7 @@ services:
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.matrix-well-known.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/.well-known/matrix/`)"
      - "traefik.http.routers.matrix-well-known.entrypoints=websecure"
      - "traefik.http.services.matrix-well-known.loadbalancer.server.port=80"
@ -78,10 +80,11 @@ services:
    image: registry.tobiasmanske.de/cinnyapp/cinny:latest
    restart: unless-stopped
    labels:
-    - "traefik.enable=true"
-    - "traefik.http.routers.matrix-cinny.rule=Host(`cinny.{{ matrix.baseurl }}`)"
-    - "traefik.http.routers.matrix-cinny.entryPoints=websecure"
-    - "traefik.http.services.matrix-cinny.loadbalancer.server.port=80"
+      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
+      - "traefik.http.routers.matrix-cinny.rule=Host(`cinny.{{ matrix.baseurl }}`)"
+      - "traefik.http.routers.matrix-cinny.entryPoints=websecure"
+      - "traefik.http.services.matrix-cinny.loadbalancer.server.port=80"
    volumes:
      - ./cinny-config.json:/app/config.json:ro,Z
    networks:
@ -124,6 +127,7 @@ services:
      - "SYNCV3_DB=user={{ matrix.syncv3.user }} dbname={{ matrix.syncv3.database }} sslmode=disable host=syncv3-db password='{{ matrix.syncv3.password }}'"
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.matrix-syncv3-proxy.rule=Host(`syncv3.{{ matrix.baseurl }}`)"
      - "traefik.http.routers.matrix-syncv3-proxy.entrypoints=websecure"
      - "traefik.http.services.matrix-syncv3-proxy.loadbalancer.server.port=8008"
--- a/ansible/plays/services/mimir/docker-compose.yaml
+++ b/ansible/plays/services/mimir/docker-compose.yaml
@ -17,6 +17,7 @@ services:
      - "prometheus-scrape.enabled=true"
      - "prometheus-scrape.port=8080"
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.mimir.rule=Host(`mimir.tobiasmanske.de`)"
      - "traefik.http.middlewares.mimir-auth.basicauth.users={{ common.mimir.username }}:{{ common.mimir.password_hash | mandatory }}"
      - "traefik.http.routers.mimir.entryPoints=websecure"
@ -30,6 +31,7 @@ services:
    image: prom/alertmanager:latest
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.alertmanager.rule=Host(`alertmanager.tobiasmanske.de`)"
      - "traefik.http.routers.alertmanager.entryPoints=websecure"
      - "traefik.http.services.alertmanager.loadbalancer.server.port=9093"
@ -53,6 +55,7 @@ services:
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.alertmanager-matrix.rule=Host(`alertmanager.tobiasmanske.de`) && PathPrefix(`/matrix/`)"
      - "traefik.http.routers.alertmanager-matrix.middlewares=matrix-strip"
      - "traefik.http.middlewares.matrix-strip.stripprefix.prefixes=/matrix"
--- a/ansible/plays/services/miniflux/docker-compose.yaml
+++ b/ansible/plays/services/miniflux/docker-compose.yaml
@ -26,6 +26,7 @@ services:
      - METRICS_ALLOWED_NETWORKS=0.0.0.0/0
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.miniflux.rule=Host(`rss.tobiasmanske.de`)"
      - "traefik.http.routers.miniflux.entryPoints=websecure"
      - "traefik.http.routers.miniflux.middlewares=deny-metrics@file"
--- a/ansible/plays/services/minio/docker-compose.yaml
+++ b/ansible/plays/services/minio/docker-compose.yaml
@ -19,6 +19,7 @@ services:
      - data:/data
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.minio.rule=Host(`${MINIO_URL}`)||Host(`s3.unruhig.eu`)"
      - "traefik.http.routers.minio.entryPoints=websecure"
      - "traefik.http.services.minio.loadbalancer.server.port=9000"
--- a/ansible/plays/services/radicale/docker-compose.yaml
+++ b/ansible/plays/services/radicale/docker-compose.yaml
@ -26,6 +26,7 @@ services:
      - TAKE_FILE_OWNERSHIP=false
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.radicale.rule=Host(`calendar.tobiasmanske.de`)"
      - "traefik.http.routers.radicale.entryPoints=websecure"
      - "traefik.http.services.radicale.loadbalancer.server.port=5232"
--- a/ansible/plays/services/registry/docker-compose.yaml
+++ b/ansible/plays/services/registry/docker-compose.yaml
@ -5,6 +5,7 @@ services:
    restart: always
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.registry.rule=Host(`registry.tobiasmanske.de`)"
      - "traefik.http.routers.registry.entryPoints=websecure"
      - "traefik.http.services.registry.loadbalancer.server.port=5000"
@ -24,6 +25,7 @@ services:
      - '/config/auth_config.yaml'
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.registry-auth.rule=Host(`registry-auth.tobiasmanske.de`)"
      - "traefik.http.routers.registry-auth.entryPoints=websecure"
      - "traefik.http.services.registry-auth.loadbalancer.server.port=5001"
--- a/ansible/plays/services/repo_proxy/docker-compose.yaml
+++ b/ansible/plays/services/repo_proxy/docker-compose.yaml
@ -9,6 +9,7 @@ services:
      - ./www:/var/www:ro,Z
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.repoproxy.rule=Host(`repo.tobiasmanske.de`)"
      - "traefik.http.routers.repoproxy.entryPoints=websecure"
      - "traefik.http.services.repoproxy.loadbalancer.server.port=80"
--- a/ansible/plays/services/search/docker-compose.yaml
+++ b/ansible/plays/services/search/docker-compose.yaml
@ -15,6 +15,7 @@ services:
      - ./limiter.toml:/etc/searxng/limiter.toml:ro,z
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.searxng.rule=Host(`search.tobiasmanske.de`)"
      - "traefik.http.routers.searxng.entryPoints=websecure"
      - "traefik.http.services.searxng.loadbalancer.server.port=8080"
--- a/ansible/plays/services/thelounge/docker-compose.yaml
+++ b/ansible/plays/services/thelounge/docker-compose.yaml
@ -8,6 +8,7 @@ services:
      - data:/var/opt/thelounge
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.thelounge.rule=Host(`lounge.tobiasmanske.de`)"
      - "traefik.http.routers.thelounge.entryPoints=websecure"
      - "traefik.http.services.thelounge.loadbalancer.server.port=9000"
--- a/ansible/plays/services/traefik/docker-compose.yaml
+++ b/ansible/plays/services/traefik/docker-compose.yaml
@ -33,6 +33,7 @@ services:
      - traefik
    labels:
      traefik.enable: 'true'
+      traefik.docker.network: '${COMPOSE_PROJECT_NAME}_default'
      traefik.http.routers.oauth.entrypoints: websecure
      traefik.http.routers.oauth.rule: Host(`traefik-fa.tobiasmanske.de`) || (PathPrefix(`/oauth2`) && !Host(`rss.tobiasmanske.de`))
      traefik.http.services.oauth.loadbalancer.server.port: '4180'
@ -62,6 +63,7 @@ services:
    image: containous/whoami
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.services.whoami.loadbalancer.server.port=80"
      - "traefik.http.routers.whoami.rule=Host(`test.tobiasmanske.de`)"
      - "traefik.http.routers.whoami.entryPoints=websecure"
--- a/ansible/plays/services/wallabag/docker-compose.yaml
+++ b/ansible/plays/services/wallabag/docker-compose.yaml
@ -21,6 +21,7 @@ services:
      - "SYMFONY__ENV__FOSUSER_REGISTRATION=true"
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.wallabag.rule=Host(`wallabag.tobiasmanske.de`)"
      - "traefik.http.routers.wallabag.entryPoints=websecure"
      - "traefik.http.services.wallabag.loadbalancer.server.port=80"
--- a/ansible/plays/services/wkd/docker-compose.yaml
+++ b/ansible/plays/services/wkd/docker-compose.yaml
@ -6,6 +6,7 @@ services:
    image: caddy:2
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.wkd.rule=(Host(`tobiasmanske.de`) && PathPrefix(`/{path:.well-known/openpgpkey}/`))"
      - "traefik.http.routers.wkd.entryPoints=websecure"
      - "traefik.http.routers.wkd.priority=100"
--- a/ansible/plays/services/youtrack/docker-compose.yaml
+++ b/ansible/plays/services/youtrack/docker-compose.yaml
@ -11,6 +11,7 @@ services:
      - backups:/opt/youtrack/backups
    labels:
      - "traefik.enable=true"
+      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.youtrack.rule=Host(`youtrack.tobiasmanske.de`)"
      - "traefik.http.routers.youtrack.entryPoints=websecure"
      - "traefik.http.services.youtrack.loadbalancer.server.port=8080"