Add a traefik frontend with basic features

2017-09-10 18:07:19 +02:00
parent 856d6176ca
commit 9fc3ef4dd1
7 changed files with 107 additions and 4 deletions
--- a/traefik/Dockerfile
+++ b/traefik/Dockerfile
@@ -0,0 +1,8 @@
+FROM traefik:alpine
+
+RUN apk add --no-cache bash
+
+COPY conf /conf
+COPY start.sh /start.sh
+
+CMD /start.sh
--- a/traefik/conf/cert.toml
+++ b/traefik/conf/cert.toml
@@ -0,0 +1,31 @@
+defaultEntryPoints = ["http", "https"]
+logLevel = "ERROR"
+accessLogsFile = "/dev/stdout"
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      MinVersion = "VersionTLS11"
+      CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"]
+    [[entryPoints.https.tls.certificates]]
+    CertFile = "/certs/cert.pem"
+    KeyFile = "/certs/key.pem"
+
+[docker]
+endpoint = "unix:///docker.sock"
+domain = "{{ DOMAIN }}"
+watch = true
+exposedbydefault = false
+
+[acme]
+email = "{{ POSTMASTER }}@{{ DOMAIN }}"
+storageFile = "/certs/acme.json"
+onDemand = true
+entryPoint = "https"
+
+
--- a/traefik/conf/letsencrypt.toml
+++ b/traefik/conf/letsencrypt.toml
@@ -0,0 +1,28 @@
+defaultEntryPoints = ["http", "https"]
+logLevel = "ERROR"
+accessLogsFile = "/dev/stdout"
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      MinVersion = "VersionTLS11"
+      CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"]
+
+[docker]
+endpoint = "unix:///docker.sock"
+domain = "{{ DOMAIN }}"
+watch = true
+exposedbydefault = false
+
+[acme]
+email = "{{ POSTMASTER }}@{{ DOMAIN }}"
+storageFile = "/certs/acme.json"
+onDemand = true
+entryPoint = "https"
+
+
--- a/traefik/conf/notls.toml
+++ b/traefik/conf/notls.toml
@@ -0,0 +1,14 @@
+defaultEntryPoints = ["http"]
+logLevel = "ERROR"
+accessLogsFile = "/dev/stdout"
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+
+[docker]
+endpoint = "unix:///docker.sock"
+domain = "{{ DOMAIN }}"
+watch = true
+exposedbydefault = false
+
--- a/traefik/start.sh
+++ b/traefik/start.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# Substitute configuration
+for VARIABLE in `env | cut -f1 -d=`; do
+  sed -i "s={{ $VARIABLE }}=${!VARIABLE}=g" /conf/*.toml
+done
+
+# Select the proper configuration
+cp /conf/$TLS_FLAVOR.toml /conf/traefik.toml
+
+exec traefik -c /conf/traefik.toml
+