diff --git a/config/workspace/global.yml b/config/workspace/global.yml index 5f574c5a..2f269566 100644 --- a/config/workspace/global.yml +++ b/config/workspace/global.yml @@ -15,6 +15,12 @@ command('global service proxy (enable|disable|restart)', 'global service proxy') #!bash|= ws.service proxy ={input.command(4)} +command('global service proxy2 (enable|disable|restart)', 'global service proxy2'): + description: Actions for Traefik proxy2 (my127.site) + exec: | + #!bash|= + ws.service proxy2 ={input.command(4)} + command('global service tracing (start|stop|restart)', 'global service tracing'): | #!bash|= ws.service tracing ={input.command(4)} diff --git a/home/service/proxy2/.env b/home/service/proxy2/.env new file mode 100644 index 00000000..b2cce8c1 --- /dev/null +++ b/home/service/proxy2/.env @@ -0,0 +1 @@ +TRAEFIK_NETWORK=my127ws diff --git a/home/service/proxy2/docker-compose.yml b/home/service/proxy2/docker-compose.yml new file mode 100644 index 00000000..c7bbd2c7 --- /dev/null +++ b/home/service/proxy2/docker-compose.yml @@ -0,0 +1,27 @@ +version: '3' +services: + traefik: + container_name: my127ws-proxy2 + build: traefik + restart: unless-stopped + ports: + - 80:80 + - 443:443 + labels: + - traefik.enable=true + - traefik.http.routers.traefik.rule=Host(`my127.site`) + - traefik.http.services.traefik.loadbalancer.server.port=8080 + - co.elastic.logs/module=traefik + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ~/.config/my127ws/proxy:/config + - ./traefik/root/tls:/tls + networks: + - private + - shared +networks: + private: + external: false + shared: + external: + name: $TRAEFIK_NETWORK diff --git a/home/service/proxy2/init.sh b/home/service/proxy2/init.sh new file mode 100755 index 00000000..0bbe1c48 --- /dev/null +++ b/home/service/proxy2/init.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +set -e + +DIR="" + +main() +{ + if [ "$1" = "enable" ]; then + enable + exit + fi + + if [ "$1" = "disable" ]; then + disable + exit + fi + + if [ "$1" = "restart" ]; then + restart + exit + fi +} + +enable() +( + cd "$DIR" + + if ! docker ps | grep my127ws-proxy2 > /dev/null; then + + if [ ! -d "traefik/root/tls" ]; then + run mkdir -p traefik/root/tls + fi + + run curl --fail --location --output traefik/root/tls/my127.site.crt "$(ws global config get global.service.proxy.https.crt)" + run curl --fail --location --output traefik/root/tls/my127.site.key "$(ws global config get global.service.proxy.https.key)" + run docker-compose -p my127ws-proxy2 up --force-recreate --build -d traefik + fi +) + +disable() +( + cd "$DIR" + + if docker ps | grep my127ws-proxy2 > /dev/null; then + run docker-compose -p my127ws-proxy2 rm --stop --force traefik + fi +) + +restart() +{ + disable + enable +} + +bootstrap() +{ + DIR="$(cd "$(dirname "$0")" && pwd)" + # shellcheck source=../../lib/sidekick.sh + source "$DIR/../../lib/sidekick.sh" +} + +bootstrap +main "$@" diff --git a/home/service/proxy2/traefik/Dockerfile b/home/service/proxy2/traefik/Dockerfile new file mode 100644 index 00000000..2c091efe --- /dev/null +++ b/home/service/proxy2/traefik/Dockerfile @@ -0,0 +1,3 @@ +FROM traefik:2.7 + +COPY root / diff --git a/home/service/proxy2/traefik/root/config/.gitkeep b/home/service/proxy2/traefik/root/config/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/home/service/proxy2/traefik/root/config/tls.yaml b/home/service/proxy2/traefik/root/config/tls.yaml new file mode 100644 index 00000000..25eb10bb --- /dev/null +++ b/home/service/proxy2/traefik/root/config/tls.yaml @@ -0,0 +1,6 @@ +tls: + stores: + default: + defaultCertificate: + certFile: /tls/my127.site.crt + keyFile: /tls/my127.site.key diff --git a/home/service/proxy2/traefik/root/tls/.gitkeep b/home/service/proxy2/traefik/root/tls/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/home/service/proxy2/traefik/root/traefik.yaml b/home/service/proxy2/traefik/root/traefik.yaml new file mode 100644 index 00000000..f05ddd1e --- /dev/null +++ b/home/service/proxy2/traefik/root/traefik.yaml @@ -0,0 +1,26 @@ +providers: + file: + directory: /config + watch: true + docker: + exposedByDefault: false + +api: + dashboard: true + insecure: true + +accessLog: {} +log: {} + +entryPoints: + http: + address: ":80" + https: + address: ":443" + http: + tls: {} + +inactive.tracing: + jaeger: + samplingServerURL: http://jaeger:5778/sampling + localAgentHostPort: jaeger:6831