add https versin
This commit is contained in:
parent
f0558471df
commit
083f4740db
3 changed files with 140 additions and 46 deletions
131
docker-compose.https.yml
Normal file
131
docker-compose.https.yml
Normal file
|
@ -0,0 +1,131 @@
|
|||
version: '3.8'
|
||||
|
||||
services:
|
||||
traefik-odc:
|
||||
image: "traefik:v2.5"
|
||||
|
||||
command:
|
||||
- "--log.level=DEBUG"
|
||||
- "--api.insecure=true"
|
||||
- "--providers.docker=true"
|
||||
- "--api.dashboard=true"
|
||||
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
|
||||
- "--entrypoints.web.address=:80"
|
||||
# Global HTTPS
|
||||
# - "--entrypoints.web.address=:443"
|
||||
# - "--entrypoints.unsecure.http.redirections.entryPoint.to=web"
|
||||
# - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https"
|
||||
# SSL configuration
|
||||
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
|
||||
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure"
|
||||
# - "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}"
|
||||
# - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
|
||||
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
||||
- "traefik.http.routers.http-catchall.entrypoints=unsecure"
|
||||
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
|
||||
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
|
||||
- "traefik.http.routers.traefik-odc.rule=Host(`traefik.<clientUrl>`)"
|
||||
- "traefik.http.routers.traefik-odc.entrypoints=web"
|
||||
- "traefik.http.routers.traefik-odc.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.routers.traefik-odc.service=api@internal"
|
||||
- "traefik.http.routers.traefik-odc.middlewares=traefik-auth"
|
||||
- "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test
|
||||
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
- ./data/letsencrypt:/letsencrypt
|
||||
- ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro
|
||||
|
||||
#Here is the ODC app
|
||||
app-odc:
|
||||
image: git.h2-invent.com/datenschutzcenter/application:3.0.4
|
||||
depends_on:
|
||||
db-odc:
|
||||
condition: service_healthy
|
||||
restart: unless-stopped
|
||||
|
||||
environment:
|
||||
DATABASE_URL: mysql://odc:<odcMySqlPw>@db-odc:3306/odc
|
||||
OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter
|
||||
OAUTH_KEYCLOAK_CLIENT_SECRET: <clientsecret>
|
||||
OAUTH_KEYCLOAK_SERVER: <clientUrl>/keycloak
|
||||
OAUTH_KEYCLOAK_REALM: opendatenschutzcenter
|
||||
MAILER_DSN: smtp://null
|
||||
laF_version: 3.0.4
|
||||
demo_installation: demo
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
#- "traefik.http.routers.app-odc.tls=true"
|
||||
- "traefik.http.routers.app-odc.rule=Host(`<clientUrl>`)"
|
||||
- "traefik.http.routers.app-odc.entrypoints=web"
|
||||
- "traefik.http.services.app-odc.loadbalancer.server.port=8080"
|
||||
#- "traefik.http.routers.app-odc.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.services.app-odc.loadbalancer.sticky=true"
|
||||
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc"
|
||||
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.secure=true"
|
||||
extra_hosts:
|
||||
- "<clientUrl>:<hostIp>"
|
||||
volumes:
|
||||
- datenschutzcenter_uploads:/var/www/html/public/uploads:rw
|
||||
- datenschutzcenter_secret_storage:/var/www/html/secretStorage:rw
|
||||
- datenschutzcenter_data:/var/www/html/data:rw
|
||||
|
||||
db-odc:
|
||||
image: mariadb:latest
|
||||
hostname: db-odc
|
||||
healthcheck:
|
||||
test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ]
|
||||
timeout: 20s
|
||||
retries: 10
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
MARIADB_ROOT_PASSWORD: test
|
||||
volumes:
|
||||
- mariadb:/var/lib/mysql
|
||||
- ./mysql-initdb:/docker-entrypoint-initdb.d
|
||||
|
||||
keycloak-odc:
|
||||
image: quay.io/keycloak/keycloak:22.0.3
|
||||
depends_on:
|
||||
app-odc:
|
||||
condition: service_healthy
|
||||
environment:
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: <keycloakAdminPw>
|
||||
KC_DB: mariadb
|
||||
KC_DB_PASSWORD: <keycloak-pw>
|
||||
KC_DB_URL: jdbc:mariadb://db-odc:3306/keycloak
|
||||
KC_DB_USERNAME: keycloak
|
||||
KC_HOSTNAME_URL: <httpMethod>://<clientUrl>/keycloak
|
||||
KC_HOSTNAME_PATH: <httpMethod>://<clientUrl>/keycloak
|
||||
KC_HOSTNAME_ADMIN_URL: <httpMethod>://<clientUrl>/keycloak
|
||||
KC_HTTP_RELATIVE_PATH: /keycloak
|
||||
KC_PROXY: passthrough
|
||||
command:
|
||||
- start-dev
|
||||
- --import-realm
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.keycloak-odc.tls=true"
|
||||
- "traefik.http.routers.keycloak-odc.rule=Host(`<clientUrl>`) && PathPrefix(`/keycloak`)"
|
||||
- "traefik.http.routers.keycloak-odc.entrypoints=web"
|
||||
- "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt"
|
||||
volumes:
|
||||
- ./keycloak/:/opt/keycloak/data/import
|
||||
|
||||
|
||||
volumes:
|
||||
mariadb:
|
||||
datenschutzcenter_uploads:
|
||||
datenschutzcenter_data:
|
||||
datenschutzcenter_secret_storage:
|
|
@ -3,47 +3,17 @@ version: '3.8'
|
|||
services:
|
||||
traefik-odc:
|
||||
image: "traefik:v2.5"
|
||||
|
||||
command:
|
||||
- "--log.level=DEBUG"
|
||||
# - "--log.level=DEBUG"
|
||||
- "--api.insecure=true"
|
||||
- "--providers.docker=true"
|
||||
- "--api.dashboard=true"
|
||||
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
|
||||
- "--entrypoints.web.address=:80"
|
||||
# Global HTTPS
|
||||
# - "--entrypoints.web.address=:443"
|
||||
# - "--entrypoints.unsecure.http.redirections.entryPoint.to=web"
|
||||
# - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https"
|
||||
# SSL configuration
|
||||
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
|
||||
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure"
|
||||
# - "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}"
|
||||
# - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
|
||||
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
||||
- "traefik.http.routers.http-catchall.entrypoints=unsecure"
|
||||
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
|
||||
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
|
||||
- "traefik.http.routers.traefik-odc.rule=Host(`traefik.<clientUrl>`)"
|
||||
- "traefik.http.routers.traefik-odc.entrypoints=web"
|
||||
- "traefik.http.routers.traefik-odc.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.routers.traefik-odc.service=api@internal"
|
||||
- "traefik.http.routers.traefik-odc.middlewares=traefik-auth"
|
||||
- "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test
|
||||
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
- ./data/letsencrypt:/letsencrypt
|
||||
- ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro
|
||||
|
||||
#Here is the ODC app
|
||||
app-odc:
|
||||
|
@ -54,30 +24,26 @@ services:
|
|||
restart: unless-stopped
|
||||
|
||||
environment:
|
||||
APP_ENV: dev
|
||||
DATABASE_URL: mysql://odc:<odcMySqlPw>@db-odc:3306/odc
|
||||
OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter
|
||||
OAUTH_KEYCLOAK_CLIENT_SECRET: <clientsecret>
|
||||
OAUTH_KEYCLOAK_SERVER: <clientUrl>/keycloak
|
||||
OAUTH_KEYCLOAK_SERVER: <httpMethod>://<clientUrl>/keycloak
|
||||
OAUTH_KEYCLOAK_REALM: opendatenschutzcenter
|
||||
MAILER_DSN: smtp://null
|
||||
laF_version: 3.0.4
|
||||
demo_installation: demo
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
#- "traefik.http.routers.app-odc.tls=true"
|
||||
- "traefik.http.routers.app-odc.rule=Host(`<clientUrl>`)"
|
||||
- "traefik.http.routers.app-odc.entrypoints=web"
|
||||
- "traefik.http.services.app-odc.loadbalancer.server.port=8080"
|
||||
#- "traefik.http.routers.app-odc.tls.certresolver=letsencrypt"
|
||||
- "traefik.http.services.app-odc.loadbalancer.sticky=true"
|
||||
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc"
|
||||
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.secure=true"
|
||||
ports:
|
||||
- "8080:8080"
|
||||
extra_hosts:
|
||||
- "<clientUrl>:<hostIp>"
|
||||
volumes:
|
||||
- datenschutzcenter_uploads:/var/www/html/public/uploads:rw
|
||||
- datenschutzcenter_secret_storage:/var/www/html/secretStorage:rw
|
||||
- datenschutzcenter_data:/var/www/html/data:rw
|
||||
|
||||
db-odc:
|
||||
image: mariadb:latest
|
||||
hostname: db-odc
|
||||
|
@ -109,23 +75,17 @@ services:
|
|||
KC_HOSTNAME_ADMIN_URL: <httpMethod>://<clientUrl>/keycloak
|
||||
KC_HTTP_RELATIVE_PATH: /keycloak
|
||||
KC_PROXY: passthrough
|
||||
ports:
|
||||
- "8081:8080"
|
||||
command:
|
||||
- start-dev
|
||||
- --import-realm
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.keycloak-odc.tls=true"
|
||||
- "traefik.http.routers.keycloak-odc.rule=Host(`<clientUrl>`) && PathPrefix(`/keycloak`)"
|
||||
- "traefik.http.routers.keycloak-odc.entrypoints=web"
|
||||
- "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080"
|
||||
- "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt"
|
||||
|
||||
volumes:
|
||||
- ./keycloak/:/opt/keycloak/data/import
|
||||
|
||||
|
||||
volumes:
|
||||
mariadb:
|
||||
datenschutzcenter_uploads:
|
||||
|
|
3
setup.sh
3
setup.sh
|
@ -37,6 +37,8 @@ fi
|
|||
echo "PUBLIC_URL=$PUBLIC_URL" >> $FILE
|
||||
|
||||
|
||||
HOST_IP=$(ip a | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | head -n 1)
|
||||
|
||||
echo ------------------------------------------------------------
|
||||
echo ----------------- Build the Keycloak -----------------------
|
||||
echo ------------------------------------------------------------
|
||||
|
@ -61,3 +63,4 @@ sed -i "s|<clientsecret>|$OAUTH_KEYCLOAK_CLIENT_ID|g" docker-compose.yml
|
|||
sed -i "s|<clientUrl>|$PUBLIC_URL|g" docker-compose.yml
|
||||
sed -i "s|<httpMethod>|$HTTP_METHOD|g" docker-compose.yml
|
||||
sed -i "s|<odcMySqlPw>|$ODC_DB_PW|g" docker-compose.yml
|
||||
sed -i "s|<hostIp>|$HOST_IP|g" docker-compose.yml
|
Loading…
Reference in a new issue