From 083f4740db6b26eb36a8c00c8501ea07dfc96997 Mon Sep 17 00:00:00 2001 From: holzi1005 Date: Sun, 8 Dec 2024 07:17:28 +0100 Subject: [PATCH] add https versin --- docker-compose.https.yml | 131 +++++++++++++++++++++++++++++++++++++++ docker-compose.yml | 52 ++-------------- setup.sh | 3 + 3 files changed, 140 insertions(+), 46 deletions(-) create mode 100644 docker-compose.https.yml diff --git a/docker-compose.https.yml b/docker-compose.https.yml new file mode 100644 index 0000000..e525336 --- /dev/null +++ b/docker-compose.https.yml @@ -0,0 +1,131 @@ +version: '3.8' + +services: + traefik-odc: + image: "traefik:v2.5" + + command: + - "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--api.dashboard=true" + + - "--providers.docker.exposedbydefault=false" + + - "--entrypoints.web.address=:80" + # Global HTTPS + # - "--entrypoints.web.address=:443" + # - "--entrypoints.unsecure.http.redirections.entryPoint.to=web" + # - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https" + # SSL configuration + # - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" + # - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure" + # - "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}" + # - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" + + labels: + - "traefik.enable=true" + - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" + - "traefik.http.routers.http-catchall.entrypoints=unsecure" + - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker" + # - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" + + - "traefik.http.routers.traefik-odc.rule=Host(`traefik.`)" + - "traefik.http.routers.traefik-odc.entrypoints=web" + - "traefik.http.routers.traefik-odc.tls.certresolver=letsencrypt" + - "traefik.http.routers.traefik-odc.service=api@internal" + - "traefik.http.routers.traefik-odc.middlewares=traefik-auth" + - "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test + + ports: + - "80:80" + - "443:443" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - ./data/letsencrypt:/letsencrypt + - ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro + + #Here is the ODC app + app-odc: + image: git.h2-invent.com/datenschutzcenter/application:3.0.4 + depends_on: + db-odc: + condition: service_healthy + restart: unless-stopped + + environment: + DATABASE_URL: mysql://odc:@db-odc:3306/odc + OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter + OAUTH_KEYCLOAK_CLIENT_SECRET: + OAUTH_KEYCLOAK_SERVER: /keycloak + OAUTH_KEYCLOAK_REALM: opendatenschutzcenter + MAILER_DSN: smtp://null + laF_version: 3.0.4 + demo_installation: demo + labels: + - "traefik.enable=true" + #- "traefik.http.routers.app-odc.tls=true" + - "traefik.http.routers.app-odc.rule=Host(``)" + - "traefik.http.routers.app-odc.entrypoints=web" + - "traefik.http.services.app-odc.loadbalancer.server.port=8080" + #- "traefik.http.routers.app-odc.tls.certresolver=letsencrypt" + - "traefik.http.services.app-odc.loadbalancer.sticky=true" + - "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc" + - "traefik.http.services.app-odc.loadbalancer.sticky.cookie.secure=true" + extra_hosts: + - ":" + volumes: + - datenschutzcenter_uploads:/var/www/html/public/uploads:rw + - datenschutzcenter_secret_storage:/var/www/html/secretStorage:rw + - datenschutzcenter_data:/var/www/html/data:rw + + db-odc: + image: mariadb:latest + hostname: db-odc + healthcheck: + test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ] + timeout: 20s + retries: 10 + restart: unless-stopped + environment: + MARIADB_ROOT_PASSWORD: test + volumes: + - mariadb:/var/lib/mysql + - ./mysql-initdb:/docker-entrypoint-initdb.d + + keycloak-odc: + image: quay.io/keycloak/keycloak:22.0.3 + depends_on: + app-odc: + condition: service_healthy + environment: + KEYCLOAK_ADMIN: admin + KEYCLOAK_ADMIN_PASSWORD: + KC_DB: mariadb + KC_DB_PASSWORD: + KC_DB_URL: jdbc:mariadb://db-odc:3306/keycloak + KC_DB_USERNAME: keycloak + KC_HOSTNAME_URL: :///keycloak + KC_HOSTNAME_PATH: :///keycloak + KC_HOSTNAME_ADMIN_URL: :///keycloak + KC_HTTP_RELATIVE_PATH: /keycloak + KC_PROXY: passthrough + command: + - start-dev + - --import-realm + labels: + - "traefik.enable=true" + - "traefik.http.routers.keycloak-odc.tls=true" + - "traefik.http.routers.keycloak-odc.rule=Host(``) && PathPrefix(`/keycloak`)" + - "traefik.http.routers.keycloak-odc.entrypoints=web" + - "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080" + - "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt" + volumes: + - ./keycloak/:/opt/keycloak/data/import + + +volumes: + mariadb: + datenschutzcenter_uploads: + datenschutzcenter_data: + datenschutzcenter_secret_storage: diff --git a/docker-compose.yml b/docker-compose.yml index 11dde5d..8c7b0be 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,47 +3,17 @@ version: '3.8' services: traefik-odc: image: "traefik:v2.5" - command: - - "--log.level=DEBUG" + # - "--log.level=DEBUG" - "--api.insecure=true" - "--providers.docker=true" - - "--api.dashboard=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - # Global HTTPS - # - "--entrypoints.web.address=:443" - # - "--entrypoints.unsecure.http.redirections.entryPoint.to=web" - # - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https" - # SSL configuration - # - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" - # - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure" - # - "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}" - # - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" - - labels: - - "traefik.enable=true" - - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" - - "traefik.http.routers.http-catchall.entrypoints=unsecure" - - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker" - # - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - - - "traefik.http.routers.traefik-odc.rule=Host(`traefik.`)" - - "traefik.http.routers.traefik-odc.entrypoints=web" - - "traefik.http.routers.traefik-odc.tls.certresolver=letsencrypt" - - "traefik.http.routers.traefik-odc.service=api@internal" - - "traefik.http.routers.traefik-odc.middlewares=traefik-auth" - - "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test - ports: - "80:80" - "443:443" volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - - ./data/letsencrypt:/letsencrypt - - ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro #Here is the ODC app app-odc: @@ -54,30 +24,26 @@ services: restart: unless-stopped environment: + APP_ENV: dev DATABASE_URL: mysql://odc:@db-odc:3306/odc OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter OAUTH_KEYCLOAK_CLIENT_SECRET: - OAUTH_KEYCLOAK_SERVER: /keycloak + OAUTH_KEYCLOAK_SERVER: :///keycloak OAUTH_KEYCLOAK_REALM: opendatenschutzcenter MAILER_DSN: smtp://null laF_version: 3.0.4 + demo_installation: demo labels: - "traefik.enable=true" - #- "traefik.http.routers.app-odc.tls=true" - "traefik.http.routers.app-odc.rule=Host(``)" - "traefik.http.routers.app-odc.entrypoints=web" - "traefik.http.services.app-odc.loadbalancer.server.port=8080" - #- "traefik.http.routers.app-odc.tls.certresolver=letsencrypt" - - "traefik.http.services.app-odc.loadbalancer.sticky=true" - - "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc" - - "traefik.http.services.app-odc.loadbalancer.sticky.cookie.secure=true" - ports: - - "8080:8080" + extra_hosts: + - ":" volumes: - datenschutzcenter_uploads:/var/www/html/public/uploads:rw - datenschutzcenter_secret_storage:/var/www/html/secretStorage:rw - datenschutzcenter_data:/var/www/html/data:rw - db-odc: image: mariadb:latest hostname: db-odc @@ -109,23 +75,17 @@ services: KC_HOSTNAME_ADMIN_URL: :///keycloak KC_HTTP_RELATIVE_PATH: /keycloak KC_PROXY: passthrough - ports: - - "8081:8080" command: - start-dev - --import-realm labels: - "traefik.enable=true" - - "traefik.http.routers.keycloak-odc.tls=true" - "traefik.http.routers.keycloak-odc.rule=Host(``) && PathPrefix(`/keycloak`)" - "traefik.http.routers.keycloak-odc.entrypoints=web" - "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080" - - "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt" - volumes: - ./keycloak/:/opt/keycloak/data/import - volumes: mariadb: datenschutzcenter_uploads: diff --git a/setup.sh b/setup.sh index 427f779..3d56837 100644 --- a/setup.sh +++ b/setup.sh @@ -37,6 +37,8 @@ fi echo "PUBLIC_URL=$PUBLIC_URL" >> $FILE +HOST_IP=$(ip a | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | head -n 1) + echo ------------------------------------------------------------ echo ----------------- Build the Keycloak ----------------------- echo ------------------------------------------------------------ @@ -61,3 +63,4 @@ sed -i "s||$OAUTH_KEYCLOAK_CLIENT_ID|g" docker-compose.yml sed -i "s||$PUBLIC_URL|g" docker-compose.yml sed -i "s||$HTTP_METHOD|g" docker-compose.yml sed -i "s||$ODC_DB_PW|g" docker-compose.yml +sed -i "s||$HOST_IP|g" docker-compose.yml \ No newline at end of file