From 68307a9f52c10c307e758323a66e913fa77b5266 Mon Sep 17 00:00:00 2001 From: Tobias Manske Date: Mon, 22 Jan 2024 18:56:17 +0100 Subject: [PATCH] Traefik define routing networks --- ansible/plays/services/blog/docker-compose.yaml | 1 + ansible/plays/services/caddy/docker-compose.yaml | 1 + ansible/plays/services/gitea/docker-compose.yaml | 2 ++ .../plays/services/gotosocial/docker-compose.yaml | 1 + ansible/plays/services/grafana/docker-compose.yaml | 1 + ansible/plays/services/hedgedoc/docker-compose.yaml | 1 + ansible/plays/services/keycloak/docker-compose.yaml | 1 + ansible/plays/services/kuma/docker-compose.yaml | 1 + ansible/plays/services/linktree/docker-compose.yaml | 1 + ansible/plays/services/loki/docker-compose.yaml | 1 + ansible/plays/services/matrix/docker-compose.yaml | 12 ++++++++---- ansible/plays/services/mimir/docker-compose.yaml | 3 +++ ansible/plays/services/miniflux/docker-compose.yaml | 1 + ansible/plays/services/minio/docker-compose.yaml | 1 + ansible/plays/services/radicale/docker-compose.yaml | 1 + ansible/plays/services/registry/docker-compose.yaml | 2 ++ .../plays/services/repo_proxy/docker-compose.yaml | 1 + ansible/plays/services/search/docker-compose.yaml | 1 + ansible/plays/services/thelounge/docker-compose.yaml | 1 + ansible/plays/services/traefik/docker-compose.yaml | 2 ++ ansible/plays/services/wallabag/docker-compose.yaml | 1 + ansible/plays/services/wkd/docker-compose.yaml | 1 + ansible/plays/services/youtrack/docker-compose.yaml | 1 + 23 files changed, 35 insertions(+), 4 deletions(-) diff --git a/ansible/plays/services/blog/docker-compose.yaml b/ansible/plays/services/blog/docker-compose.yaml index b1c5d6f..ff8b73e 100644 --- a/ansible/plays/services/blog/docker-compose.yaml +++ b/ansible/plays/services/blog/docker-compose.yaml @@ -6,6 +6,7 @@ services: image: registry.tobiasmanske.de/tobiasmanske.de:latest labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.tobiasmanskede.rule=(Host(`tobiasmanske.de`) || Host(`www.tobiasmanske.de`)) && !PathPrefix(`/{path:(_matrix|_synapse|.well-known/matrix|.well-known/openpgpkey)}/`)" - "traefik.http.routers.tobiasmanskede.entryPoints=websecure" - "traefik.http.services.tobiasmanskede.loadbalancer.server.port=80" diff --git a/ansible/plays/services/caddy/docker-compose.yaml b/ansible/plays/services/caddy/docker-compose.yaml index 068d68b..1ac30fe 100644 --- a/ansible/plays/services/caddy/docker-compose.yaml +++ b/ansible/plays/services/caddy/docker-compose.yaml @@ -8,6 +8,7 @@ services: - ./Caddyfile:/etc/caddy/Caddyfile:ro,z labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.caddyredir.rule={{ redirect.hosts | map(attribute='from') | map('regex_replace', '^(.*)$', 'Host(`\\1`)') | join(' || ') }}" - "traefik.http.routers.caddyredir.entryPoints=websecure" - "traefik.http.services.caddyredir.loadbalancer.server.port=80" diff --git a/ansible/plays/services/gitea/docker-compose.yaml b/ansible/plays/services/gitea/docker-compose.yaml index cce73b5..517f8b9 100644 --- a/ansible/plays/services/gitea/docker-compose.yaml +++ b/ansible/plays/services/gitea/docker-compose.yaml @@ -26,6 +26,7 @@ services: - /etc/localtime:/etc/localtime:ro labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.gitea.rule=Host(`git.tobiasmanske.de`)" - "traefik.http.routers.gitea.entryPoints=websecure" - "traefik.http.services.gitea.loadbalancer.server.port=3000" @@ -72,6 +73,7 @@ services: - drone_data:/data labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.drone.rule=Host(`drone.tobiasmanske.de`)" - "traefik.http.routers.drone.entryPoints=websecure" - "traefik.http.services.drone.loadbalancer.server.port=80" diff --git a/ansible/plays/services/gotosocial/docker-compose.yaml b/ansible/plays/services/gotosocial/docker-compose.yaml index 296b082..d3883af 100644 --- a/ansible/plays/services/gotosocial/docker-compose.yaml +++ b/ansible/plays/services/gotosocial/docker-compose.yaml @@ -41,6 +41,7 @@ services: TZ: "Europe/Berlin" labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.gotosocial.rule=(Host(`social.unruhig.eu`) || (Host(`unruhig.eu`) && Path(`/.well-known/{a:(webfinger|nodeinfo|host-meta)}`)))" - "traefik.http.routers.gotosocial.entryPoints=websecure" - "traefik.http.services.gotosocial.loadbalancer.server.port=8080" diff --git a/ansible/plays/services/grafana/docker-compose.yaml b/ansible/plays/services/grafana/docker-compose.yaml index d0f5e82..d7288bc 100644 --- a/ansible/plays/services/grafana/docker-compose.yaml +++ b/ansible/plays/services/grafana/docker-compose.yaml @@ -5,6 +5,7 @@ services: restart: unless-stopped labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.grafana.rule=Host(`grafana.tobiasmanske.de`)" - "traefik.http.routers.grafana.entryPoints=websecure" - "traefik.http.services.grafana.loadbalancer.server.port=3000" diff --git a/ansible/plays/services/hedgedoc/docker-compose.yaml b/ansible/plays/services/hedgedoc/docker-compose.yaml index 84fcd13..1652c80 100644 --- a/ansible/plays/services/hedgedoc/docker-compose.yaml +++ b/ansible/plays/services/hedgedoc/docker-compose.yaml @@ -55,6 +55,7 @@ services: restart: always labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.hedgedoc.rule=Host(`doc.tobiasmanske.de`)" - "traefik.http.routers.hedgedoc.middlewares=deny-metrics@file" - "traefik.http.routers.hedgedoc.entryPoints=websecure" diff --git a/ansible/plays/services/keycloak/docker-compose.yaml b/ansible/plays/services/keycloak/docker-compose.yaml index 81712fb..5531900 100644 --- a/ansible/plays/services/keycloak/docker-compose.yaml +++ b/ansible/plays/services/keycloak/docker-compose.yaml @@ -37,6 +37,7 @@ services: - "KC_HOSTNAME=auth.tobiasmanske.de" labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.keycloak.rule=Host(`auth.tobiasmanske.de`)" - "traefik.http.routers.keycloak.entryPoints=websecure" - "traefik.http.services.keycloak.loadbalancer.server.port=8080" diff --git a/ansible/plays/services/kuma/docker-compose.yaml b/ansible/plays/services/kuma/docker-compose.yaml index 0808c5e..0900983 100644 --- a/ansible/plays/services/kuma/docker-compose.yaml +++ b/ansible/plays/services/kuma/docker-compose.yaml @@ -9,6 +9,7 @@ services: - data:/app/data labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.kuma-{{ _name }}.rule={{ _urls | map('regex_replace', '^(.*)$', 'Host(`\\1`)') | join(' || ') }}" - "traefik.http.routers.kuma-{{ _name }}.entryPoints=websecure" - "traefik.http.services.kuma-{{ _name }}.loadbalancer.server.port=3001" diff --git a/ansible/plays/services/linktree/docker-compose.yaml b/ansible/plays/services/linktree/docker-compose.yaml index 2fa7795..3299bc3 100644 --- a/ansible/plays/services/linktree/docker-compose.yaml +++ b/ansible/plays/services/linktree/docker-compose.yaml @@ -6,6 +6,7 @@ services: image: registry.tobiasmanske.de/unruhig.eu:latest labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.unruhigeu.rule=(Host(`unruhig.eu`) || Host(`www.unruhig.eu`))" - "traefik.http.routers.unruhigeu.entryPoints=websecure" - "traefik.http.services.unruhigeu.loadbalancer.server.port=80" diff --git a/ansible/plays/services/loki/docker-compose.yaml b/ansible/plays/services/loki/docker-compose.yaml index 7a1fff1..d180035 100644 --- a/ansible/plays/services/loki/docker-compose.yaml +++ b/ansible/plays/services/loki/docker-compose.yaml @@ -9,6 +9,7 @@ services: - loki_data:/loki labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.loki.rule=Host(`loki.tobiasmanske.de`)" - "traefik.http.middlewares.loki-auth.basicauth.users={{ common.loki.username }}:{{ common.loki.password_hash | mandatory }}" - "traefik.http.routers.loki.entryPoints=websecure" diff --git a/ansible/plays/services/matrix/docker-compose.yaml b/ansible/plays/services/matrix/docker-compose.yaml index 49f6fb1..221a616 100644 --- a/ansible/plays/services/matrix/docker-compose.yaml +++ b/ansible/plays/services/matrix/docker-compose.yaml @@ -34,6 +34,7 @@ services: - metrics labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.http-synapse.rule=Host(`synapse.{{ matrix.baseurl }}`)" - "traefik.http.routers.http-synapse.entryPoints=websecure" - "traefik.http.routers.http-synapse.service=matrix-synapse" @@ -70,6 +71,7 @@ services: restart: unless-stopped labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.matrix-well-known.rule=Host(`{{ matrix.baseurl }}`) && PathPrefix(`/.well-known/matrix/`)" - "traefik.http.routers.matrix-well-known.entrypoints=websecure" - "traefik.http.services.matrix-well-known.loadbalancer.server.port=80" @@ -78,10 +80,11 @@ services: image: registry.tobiasmanske.de/cinnyapp/cinny:latest restart: unless-stopped labels: - - "traefik.enable=true" - - "traefik.http.routers.matrix-cinny.rule=Host(`cinny.{{ matrix.baseurl }}`)" - - "traefik.http.routers.matrix-cinny.entryPoints=websecure" - - "traefik.http.services.matrix-cinny.loadbalancer.server.port=80" + - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" + - "traefik.http.routers.matrix-cinny.rule=Host(`cinny.{{ matrix.baseurl }}`)" + - "traefik.http.routers.matrix-cinny.entryPoints=websecure" + - "traefik.http.services.matrix-cinny.loadbalancer.server.port=80" volumes: - ./cinny-config.json:/app/config.json:ro,Z networks: @@ -124,6 +127,7 @@ services: - "SYNCV3_DB=user={{ matrix.syncv3.user }} dbname={{ matrix.syncv3.database }} sslmode=disable host=syncv3-db password='{{ matrix.syncv3.password }}'" labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.matrix-syncv3-proxy.rule=Host(`syncv3.{{ matrix.baseurl }}`)" - "traefik.http.routers.matrix-syncv3-proxy.entrypoints=websecure" - "traefik.http.services.matrix-syncv3-proxy.loadbalancer.server.port=8008" diff --git a/ansible/plays/services/mimir/docker-compose.yaml b/ansible/plays/services/mimir/docker-compose.yaml index 66c42e6..347914e 100644 --- a/ansible/plays/services/mimir/docker-compose.yaml +++ b/ansible/plays/services/mimir/docker-compose.yaml @@ -17,6 +17,7 @@ services: - "prometheus-scrape.enabled=true" - "prometheus-scrape.port=8080" - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.mimir.rule=Host(`mimir.tobiasmanske.de`)" - "traefik.http.middlewares.mimir-auth.basicauth.users={{ common.mimir.username }}:{{ common.mimir.password_hash | mandatory }}" - "traefik.http.routers.mimir.entryPoints=websecure" @@ -30,6 +31,7 @@ services: image: prom/alertmanager:latest labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.alertmanager.rule=Host(`alertmanager.tobiasmanske.de`)" - "traefik.http.routers.alertmanager.entryPoints=websecure" - "traefik.http.services.alertmanager.loadbalancer.server.port=9093" @@ -53,6 +55,7 @@ services: restart: unless-stopped labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.alertmanager-matrix.rule=Host(`alertmanager.tobiasmanske.de`) && PathPrefix(`/matrix/`)" - "traefik.http.routers.alertmanager-matrix.middlewares=matrix-strip" - "traefik.http.middlewares.matrix-strip.stripprefix.prefixes=/matrix" diff --git a/ansible/plays/services/miniflux/docker-compose.yaml b/ansible/plays/services/miniflux/docker-compose.yaml index 35ae68e..47fba21 100644 --- a/ansible/plays/services/miniflux/docker-compose.yaml +++ b/ansible/plays/services/miniflux/docker-compose.yaml @@ -26,6 +26,7 @@ services: - METRICS_ALLOWED_NETWORKS=0.0.0.0/0 labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.miniflux.rule=Host(`rss.tobiasmanske.de`)" - "traefik.http.routers.miniflux.entryPoints=websecure" - "traefik.http.routers.miniflux.middlewares=deny-metrics@file" diff --git a/ansible/plays/services/minio/docker-compose.yaml b/ansible/plays/services/minio/docker-compose.yaml index aee1625..9e6ea5b 100644 --- a/ansible/plays/services/minio/docker-compose.yaml +++ b/ansible/plays/services/minio/docker-compose.yaml @@ -19,6 +19,7 @@ services: - data:/data labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.minio.rule=Host(`${MINIO_URL}`)||Host(`s3.unruhig.eu`)" - "traefik.http.routers.minio.entryPoints=websecure" - "traefik.http.services.minio.loadbalancer.server.port=9000" diff --git a/ansible/plays/services/radicale/docker-compose.yaml b/ansible/plays/services/radicale/docker-compose.yaml index affe0f4..d2fb87c 100644 --- a/ansible/plays/services/radicale/docker-compose.yaml +++ b/ansible/plays/services/radicale/docker-compose.yaml @@ -26,6 +26,7 @@ services: - TAKE_FILE_OWNERSHIP=false labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.radicale.rule=Host(`calendar.tobiasmanske.de`)" - "traefik.http.routers.radicale.entryPoints=websecure" - "traefik.http.services.radicale.loadbalancer.server.port=5232" diff --git a/ansible/plays/services/registry/docker-compose.yaml b/ansible/plays/services/registry/docker-compose.yaml index 1f1167d..3410799 100644 --- a/ansible/plays/services/registry/docker-compose.yaml +++ b/ansible/plays/services/registry/docker-compose.yaml @@ -5,6 +5,7 @@ services: restart: always labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.registry.rule=Host(`registry.tobiasmanske.de`)" - "traefik.http.routers.registry.entryPoints=websecure" - "traefik.http.services.registry.loadbalancer.server.port=5000" @@ -24,6 +25,7 @@ services: - '/config/auth_config.yaml' labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.registry-auth.rule=Host(`registry-auth.tobiasmanske.de`)" - "traefik.http.routers.registry-auth.entryPoints=websecure" - "traefik.http.services.registry-auth.loadbalancer.server.port=5001" diff --git a/ansible/plays/services/repo_proxy/docker-compose.yaml b/ansible/plays/services/repo_proxy/docker-compose.yaml index 679301b..dc9a211 100644 --- a/ansible/plays/services/repo_proxy/docker-compose.yaml +++ b/ansible/plays/services/repo_proxy/docker-compose.yaml @@ -9,6 +9,7 @@ services: - ./www:/var/www:ro,Z labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.repoproxy.rule=Host(`repo.tobiasmanske.de`)" - "traefik.http.routers.repoproxy.entryPoints=websecure" - "traefik.http.services.repoproxy.loadbalancer.server.port=80" diff --git a/ansible/plays/services/search/docker-compose.yaml b/ansible/plays/services/search/docker-compose.yaml index d7bab1b..56162d1 100644 --- a/ansible/plays/services/search/docker-compose.yaml +++ b/ansible/plays/services/search/docker-compose.yaml @@ -15,6 +15,7 @@ services: - ./limiter.toml:/etc/searxng/limiter.toml:ro,z labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.searxng.rule=Host(`search.tobiasmanske.de`)" - "traefik.http.routers.searxng.entryPoints=websecure" - "traefik.http.services.searxng.loadbalancer.server.port=8080" diff --git a/ansible/plays/services/thelounge/docker-compose.yaml b/ansible/plays/services/thelounge/docker-compose.yaml index 5ec6e0d..a67984b 100644 --- a/ansible/plays/services/thelounge/docker-compose.yaml +++ b/ansible/plays/services/thelounge/docker-compose.yaml @@ -8,6 +8,7 @@ services: - data:/var/opt/thelounge labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.thelounge.rule=Host(`lounge.tobiasmanske.de`)" - "traefik.http.routers.thelounge.entryPoints=websecure" - "traefik.http.services.thelounge.loadbalancer.server.port=9000" diff --git a/ansible/plays/services/traefik/docker-compose.yaml b/ansible/plays/services/traefik/docker-compose.yaml index 8c8f1fe..0c4b70f 100644 --- a/ansible/plays/services/traefik/docker-compose.yaml +++ b/ansible/plays/services/traefik/docker-compose.yaml @@ -33,6 +33,7 @@ services: - traefik labels: traefik.enable: 'true' + traefik.docker.network: '${COMPOSE_PROJECT_NAME}_default' traefik.http.routers.oauth.entrypoints: websecure traefik.http.routers.oauth.rule: Host(`traefik-fa.tobiasmanske.de`) || (PathPrefix(`/oauth2`) && !Host(`rss.tobiasmanske.de`)) traefik.http.services.oauth.loadbalancer.server.port: '4180' @@ -62,6 +63,7 @@ services: image: containous/whoami labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.services.whoami.loadbalancer.server.port=80" - "traefik.http.routers.whoami.rule=Host(`test.tobiasmanske.de`)" - "traefik.http.routers.whoami.entryPoints=websecure" diff --git a/ansible/plays/services/wallabag/docker-compose.yaml b/ansible/plays/services/wallabag/docker-compose.yaml index a356d3c..c3bc62d 100644 --- a/ansible/plays/services/wallabag/docker-compose.yaml +++ b/ansible/plays/services/wallabag/docker-compose.yaml @@ -21,6 +21,7 @@ services: - "SYMFONY__ENV__FOSUSER_REGISTRATION=true" labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.wallabag.rule=Host(`wallabag.tobiasmanske.de`)" - "traefik.http.routers.wallabag.entryPoints=websecure" - "traefik.http.services.wallabag.loadbalancer.server.port=80" diff --git a/ansible/plays/services/wkd/docker-compose.yaml b/ansible/plays/services/wkd/docker-compose.yaml index 69261ad..987dbeb 100644 --- a/ansible/plays/services/wkd/docker-compose.yaml +++ b/ansible/plays/services/wkd/docker-compose.yaml @@ -6,6 +6,7 @@ services: image: caddy:2 labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.wkd.rule=(Host(`tobiasmanske.de`) && PathPrefix(`/{path:.well-known/openpgpkey}/`))" - "traefik.http.routers.wkd.entryPoints=websecure" - "traefik.http.routers.wkd.priority=100" diff --git a/ansible/plays/services/youtrack/docker-compose.yaml b/ansible/plays/services/youtrack/docker-compose.yaml index e49766f..e320790 100644 --- a/ansible/plays/services/youtrack/docker-compose.yaml +++ b/ansible/plays/services/youtrack/docker-compose.yaml @@ -11,6 +11,7 @@ services: - backups:/opt/youtrack/backups labels: - "traefik.enable=true" + - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default" - "traefik.http.routers.youtrack.rule=Host(`youtrack.tobiasmanske.de`)" - "traefik.http.routers.youtrack.entryPoints=websecure" - "traefik.http.services.youtrack.loadbalancer.server.port=8080"