Revise traefik for swarm

2021-11-28 23:46:28 -08:00 · 2021-11-28 23:46:28 -08:00 · a83433c1ce
commit a83433c1ce
parent b7f062684a
2 changed files with 14 additions and 9 deletions
--- a/traefik/deploy.sh
+++ b/traefik/deploy.sh
@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+docker network create --driver=overlay traefik-public
+export NODE_ID=$(docker info -f '{{.Swarm.NodeID}}')
+docker node update --label-add traefik-public.traefik-public-certificates=true $NODE_ID
+export EMAIL=thejimnicholson@gmail.com
+export DOMAIN=traefik.swarm.thejimnicholson.com
+export USERNAME=jim
+export PASSWORD=Call1_advent
+export HASHED_PASSWORD=$(openssl passwd -apr1 $PASSWORD)
+docker stack deploy -c traefik.yml traefik
--- a/traefik/traefik.yml
+++ b/traefik/traefik.yml
@ -4,15 +4,12 @@ services:

  traefik:
    # Use the latest v2.2.x Traefik image available
-    image: traefik:v2.5.4
+    image: traefik:v2.2
    ports:
      # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
      - 80:80
      # Listen on port 443, default for HTTPS
      - 443:443
-    environment:
-      - "AWS_ACCESS_KEY_ID=AKIATUPHA7LDOZY3RRG3"
-      - "AWS_SECRET_ACCESS_KEY=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"
    deploy:
      placement:
        constraints:
@ -46,11 +43,11 @@ services:
        - traefik.http.routers.traefik-public-https.entrypoints=https
        - traefik.http.routers.traefik-public-https.tls=true
        # Use the special Traefik service api@internal with the web UI/Dashboard
-        - traefik.http.routers.traefik-public-http.service=api@internal
+        - traefik.http.routers.traefik-public-https.service=api@internal
        # Use the "le" (Let's Encrypt) resolver created below
        - traefik.http.routers.traefik-public-https.tls.certresolver=le
        # Enable HTTP Basic auth, using the middleware created above
-        - traefik.http.routers.traefik-public-http.middlewares=admin-auth
+        - traefik.http.routers.traefik-public-https.middlewares=admin-auth
        # Define the port inside of the Docker service to use
        - traefik.http.services.traefik-public.loadbalancer.server.port=8080
    volumes:
@ -76,9 +73,7 @@ services:
      # Store the Let's Encrypt certificates in the mounted volume
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      # Use the TLS Challenge for Let's Encrypt
-      # - --certificatesresolvers.le.acme.tlschallenge=true
-      - --certificatesresolvers.le.acme.dnschallenge=true
-      - --certificatesresolvers.le.acme.dnschallenge.provider=route53
+      - --certificatesresolvers.le.acme.tlschallenge=true
      # Enable the access log, with HTTP requests
      - --accesslog
      # Enable the Traefik log, for configurations and errors