add https versin

This commit is contained in:
holzi1005 2024-12-08 07:17:28 +01:00
parent f0558471df
commit 083f4740db
3 changed files with 140 additions and 46 deletions

131
docker-compose.https.yml Normal file
View file

@ -0,0 +1,131 @@
version: '3.8'
services:
traefik-odc:
image: "traefik:v2.5"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--api.dashboard=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
# Global HTTPS
# - "--entrypoints.web.address=:443"
# - "--entrypoints.unsecure.http.redirections.entryPoint.to=web"
# - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https"
# SSL configuration
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure"
# - "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}"
# - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=unsecure"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.traefik-odc.rule=Host(`traefik.<clientUrl>`)"
- "traefik.http.routers.traefik-odc.entrypoints=web"
- "traefik.http.routers.traefik-odc.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik-odc.service=api@internal"
- "traefik.http.routers.traefik-odc.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- ./data/letsencrypt:/letsencrypt
- ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro
#Here is the ODC app
app-odc:
image: git.h2-invent.com/datenschutzcenter/application:3.0.4
depends_on:
db-odc:
condition: service_healthy
restart: unless-stopped
environment:
DATABASE_URL: mysql://odc:<odcMySqlPw>@db-odc:3306/odc
OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter
OAUTH_KEYCLOAK_CLIENT_SECRET: <clientsecret>
OAUTH_KEYCLOAK_SERVER: <clientUrl>/keycloak
OAUTH_KEYCLOAK_REALM: opendatenschutzcenter
MAILER_DSN: smtp://null
laF_version: 3.0.4
demo_installation: demo
labels:
- "traefik.enable=true"
#- "traefik.http.routers.app-odc.tls=true"
- "traefik.http.routers.app-odc.rule=Host(`<clientUrl>`)"
- "traefik.http.routers.app-odc.entrypoints=web"
- "traefik.http.services.app-odc.loadbalancer.server.port=8080"
#- "traefik.http.routers.app-odc.tls.certresolver=letsencrypt"
- "traefik.http.services.app-odc.loadbalancer.sticky=true"
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc"
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.secure=true"
extra_hosts:
- "<clientUrl>:<hostIp>"
volumes:
- datenschutzcenter_uploads:/var/www/html/public/uploads:rw
- datenschutzcenter_secret_storage:/var/www/html/secretStorage:rw
- datenschutzcenter_data:/var/www/html/data:rw
db-odc:
image: mariadb:latest
hostname: db-odc
healthcheck:
test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ]
timeout: 20s
retries: 10
restart: unless-stopped
environment:
MARIADB_ROOT_PASSWORD: test
volumes:
- mariadb:/var/lib/mysql
- ./mysql-initdb:/docker-entrypoint-initdb.d
keycloak-odc:
image: quay.io/keycloak/keycloak:22.0.3
depends_on:
app-odc:
condition: service_healthy
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: <keycloakAdminPw>
KC_DB: mariadb
KC_DB_PASSWORD: <keycloak-pw>
KC_DB_URL: jdbc:mariadb://db-odc:3306/keycloak
KC_DB_USERNAME: keycloak
KC_HOSTNAME_URL: <httpMethod>://<clientUrl>/keycloak
KC_HOSTNAME_PATH: <httpMethod>://<clientUrl>/keycloak
KC_HOSTNAME_ADMIN_URL: <httpMethod>://<clientUrl>/keycloak
KC_HTTP_RELATIVE_PATH: /keycloak
KC_PROXY: passthrough
command:
- start-dev
- --import-realm
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak-odc.tls=true"
- "traefik.http.routers.keycloak-odc.rule=Host(`<clientUrl>`) && PathPrefix(`/keycloak`)"
- "traefik.http.routers.keycloak-odc.entrypoints=web"
- "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt"
volumes:
- ./keycloak/:/opt/keycloak/data/import
volumes:
mariadb:
datenschutzcenter_uploads:
datenschutzcenter_data:
datenschutzcenter_secret_storage:

View file

@ -3,47 +3,17 @@ version: '3.8'
services:
traefik-odc:
image: "traefik:v2.5"
command:
- "--log.level=DEBUG"
# - "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--api.dashboard=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
# Global HTTPS
# - "--entrypoints.web.address=:443"
# - "--entrypoints.unsecure.http.redirections.entryPoint.to=web"
# - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https"
# SSL configuration
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
# - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure"
# - "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}"
# - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=unsecure"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
# - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.traefik-odc.rule=Host(`traefik.<clientUrl>`)"
- "traefik.http.routers.traefik-odc.entrypoints=web"
- "traefik.http.routers.traefik-odc.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik-odc.service=api@internal"
- "traefik.http.routers.traefik-odc.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- ./data/letsencrypt:/letsencrypt
- ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro
#Here is the ODC app
app-odc:
@ -54,30 +24,26 @@ services:
restart: unless-stopped
environment:
APP_ENV: dev
DATABASE_URL: mysql://odc:<odcMySqlPw>@db-odc:3306/odc
OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter
OAUTH_KEYCLOAK_CLIENT_SECRET: <clientsecret>
OAUTH_KEYCLOAK_SERVER: <clientUrl>/keycloak
OAUTH_KEYCLOAK_SERVER: <httpMethod>://<clientUrl>/keycloak
OAUTH_KEYCLOAK_REALM: opendatenschutzcenter
MAILER_DSN: smtp://null
laF_version: 3.0.4
demo_installation: demo
labels:
- "traefik.enable=true"
#- "traefik.http.routers.app-odc.tls=true"
- "traefik.http.routers.app-odc.rule=Host(`<clientUrl>`)"
- "traefik.http.routers.app-odc.entrypoints=web"
- "traefik.http.services.app-odc.loadbalancer.server.port=8080"
#- "traefik.http.routers.app-odc.tls.certresolver=letsencrypt"
- "traefik.http.services.app-odc.loadbalancer.sticky=true"
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc"
- "traefik.http.services.app-odc.loadbalancer.sticky.cookie.secure=true"
ports:
- "8080:8080"
extra_hosts:
- "<clientUrl>:<hostIp>"
volumes:
- datenschutzcenter_uploads:/var/www/html/public/uploads:rw
- datenschutzcenter_secret_storage:/var/www/html/secretStorage:rw
- datenschutzcenter_data:/var/www/html/data:rw
db-odc:
image: mariadb:latest
hostname: db-odc
@ -109,23 +75,17 @@ services:
KC_HOSTNAME_ADMIN_URL: <httpMethod>://<clientUrl>/keycloak
KC_HTTP_RELATIVE_PATH: /keycloak
KC_PROXY: passthrough
ports:
- "8081:8080"
command:
- start-dev
- --import-realm
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak-odc.tls=true"
- "traefik.http.routers.keycloak-odc.rule=Host(`<clientUrl>`) && PathPrefix(`/keycloak`)"
- "traefik.http.routers.keycloak-odc.entrypoints=web"
- "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080"
- "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt"
volumes:
- ./keycloak/:/opt/keycloak/data/import
volumes:
mariadb:
datenschutzcenter_uploads:

View file

@ -37,6 +37,8 @@ fi
echo "PUBLIC_URL=$PUBLIC_URL" >> $FILE
HOST_IP=$(ip a | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | head -n 1)
echo ------------------------------------------------------------
echo ----------------- Build the Keycloak -----------------------
echo ------------------------------------------------------------
@ -61,3 +63,4 @@ sed -i "s|<clientsecret>|$OAUTH_KEYCLOAK_CLIENT_ID|g" docker-compose.yml
sed -i "s|<clientUrl>|$PUBLIC_URL|g" docker-compose.yml
sed -i "s|<httpMethod>|$HTTP_METHOD|g" docker-compose.yml
sed -i "s|<odcMySqlPw>|$ODC_DB_PW|g" docker-compose.yml
sed -i "s|<hostIp>|$HOST_IP|g" docker-compose.yml