From bf3a47016d7963405be02b3cdc9c0745eff0f5f2 Mon Sep 17 00:00:00 2001 From: Simon Milvert Date: Tue, 29 Oct 2019 20:45:42 +0100 Subject: [PATCH 1/7] First working https --- docker-compose.yml | 17 ++++++++++++----- traefik.yml | 10 +++++++--- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ec492ff..270bb03 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -79,8 +79,9 @@ services: - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)" - "traefik.http.routers.whoami.entrypoints=web" - - "traefik.http.routers.whoami.entrypoints=web-secure" - - "traefik.http.routers.whoami.tls.certresolver=sample" + - "traefik.http.routers.whoami-secure.entrypoints=web-secure" + - "traefik.http.routers.whoami-secure.rule=Host(`whoami.${DOMAIN}`)" + - "traefik.http.routers.whoami-secure.tls.certresolver=default" mqtt: image: eclipse-mosquitto:1.6.7 @@ -157,19 +158,25 @@ services: ports: # The HTTP port - "80:80" + - "443:443" - "8080:8080" volumes: # So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock - ./traefik.yml:/etc/traefik/traefik.yml - ./static_config.yml:/etc/traefik/static_config.yml - - ./acme.json:/acme.json - - "./letsencrypt:/letsencrypt" - + # - "./log.json:/etc/traefik/log.json" + # - "./traefik/acme.json:/acme.json" + dns: + - 8.8.8.8 labels: - "traefik.http.routers.traefik.rule=Host(`tr.${DOMAIN}`)" - "traefik.http.routers.traefik.entrypoints=web" + - "traefik.http.routers.traefik-secure.entrypoints=web-secure" + - "traefik.http.routers.traefik-secure.rule=Host(`tr.${DOMAIN}`)" + - "traefik.http.routers.traefik-secure.tls.certresolver=default" + - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.services.traefik-service.loadbalancer.server.port=8080" - "traefik.enable=true" diff --git a/traefik.yml b/traefik.yml index c6702f0..a781b02 100644 --- a/traefik.yml +++ b/traefik.yml @@ -15,12 +15,16 @@ providers: filename: "/etc/traefik/static_config.yml" watch: true +log: + level: DEBUG + # filePath: /etc/traefik/log.json + # format: json certificatesResolvers: - sample: + default: acme: email: simon@milvert.com - storage: acme.json + storage: "acme.json" httpChallenge: # used during the challenge entryPoint: web @@ -29,7 +33,7 @@ certificatesResolvers: entryPoints: web: address: ":80" - web-sercure: + web-secure: address: ":443" mqtt: address: ":9001" From ee6265aefc32191e94907fe64265127470731fa5 Mon Sep 17 00:00:00 2001 From: Simon Milvert Date: Fri, 6 Dec 2019 21:11:32 +0100 Subject: [PATCH 2/7] Added working traefik config but a draft with gitea --- docker-compose.yml | 32 ++++++++++++++++++++------------ static_config.yml | 25 ++++++++++++++++++++----- traefik.yml | 16 +++++++++------- 3 files changed, 49 insertions(+), 24 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 270bb03..cd6eec2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -62,12 +62,13 @@ services: volumes: - ${DIR}/gitea:/data ports: - - "2221:22" + - "127.0.0.1:2222:22" labels: - "traefik.enable=true" - - "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)" - - "traefik.http.routers.gitea.entrypoints=web" - "traefik.http.services.gitea-service.loadbalancer.server.port=3000" + - "traefik.http.routers.gitea-secure.entrypoints=web-secure" + - "traefik.http.routers.gitea-secure.rule=Host(`gitea.${DOMAIN}`)" + - "traefik.http.routers.gitea-secure.tls.certresolver=milvert" whoami: @@ -81,7 +82,7 @@ services: - "traefik.http.routers.whoami.entrypoints=web" - "traefik.http.routers.whoami-secure.entrypoints=web-secure" - "traefik.http.routers.whoami-secure.rule=Host(`whoami.${DOMAIN}`)" - - "traefik.http.routers.whoami-secure.tls.certresolver=default" + - "traefik.http.routers.whoami-secure.tls.certresolver=milvert" mqtt: image: eclipse-mosquitto:1.6.7 @@ -89,12 +90,12 @@ services: networks: - frontend - backend - + restart: always ports: - "1885:1883" - "9001:9001" volumes: - - "${DIR}/mosquitto/config:/mosquitto/config" + #- ${DIR}/mosquitto/config:/mosquitto/config - ${DIR}/mosquitto/data:/mosquitto/data - ${DIR}/mosquitto/log:/mosquitto/log labels: @@ -119,9 +120,12 @@ services: volumes: - ${DIR}/nodered:/data labels: - - "traefik.http.routers.node-red.rule=Host(`node.${DOMAIN}`)" + - "traefik.http.routers.node-red.rule=Host(`nodered.${DOMAIN}`)" - "traefik.http.routers.node-red.entrypoints=web" - "traefik.http.services.node-red-service.loadbalancer.server.port=1880" + - "traefik.http.routers.node-red-secure.entrypoints=web-secure" + - "traefik.http.routers.node-red-secure.rule=Host(`nodered.${DOMAIN}`)" + - "traefik.http.routers.node-red-secure.tls.certresolver=milvert" - "traefik.enable=true" domoticz: @@ -150,7 +154,7 @@ services: reverse-proxy: # The official v2.0 Traefik docker image - image: traefik:v2.0.2 + image: traefik:v2.0.6 container_name: "traefik" networks: - backend @@ -166,19 +170,23 @@ services: - ./traefik.yml:/etc/traefik/traefik.yml - ./static_config.yml:/etc/traefik/static_config.yml # - "./log.json:/etc/traefik/log.json" - # - "./traefik/acme.json:/acme.json" + #- ./acme.json:/acme.json + - ./letsencrypt:/letsencrypt dns: - 8.8.8.8 labels: - - "traefik.http.routers.traefik.rule=Host(`tr.${DOMAIN}`)" + - "traefik.http.routers.traefik.rule=Host(`tra.${DOMAIN}`)" + - "traefik.http.routers.traefik.middlewares=redirect@file" - "traefik.http.routers.traefik.entrypoints=web" - "traefik.http.routers.traefik-secure.entrypoints=web-secure" - - "traefik.http.routers.traefik-secure.rule=Host(`tr.${DOMAIN}`)" - - "traefik.http.routers.traefik-secure.tls.certresolver=default" + - "traefik.http.routers.traefik-secure.rule=Host(`tra.${DOMAIN}`)" + - "traefik.http.routers.traefik-secure.tls.certresolver=milvert" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.services.traefik-service.loadbalancer.server.port=8080" - "traefik.enable=true" + - "traefik.http.routers.traefik-secure.middlewares=test-auth" + - "traefik.http.middlewares.test-auth.basicauth.users=simon:$$apr1$$o3vIe.DX$$3XExiBMe8rUo3HujDSYEo0" networks: frontend: diff --git a/static_config.yml b/static_config.yml index 616d3ad..b4775a6 100644 --- a/static_config.yml +++ b/static_config.yml @@ -1,14 +1,29 @@ http: routers: - test-router: - rule: "Host(`test.localhost`)" - service: my-service + lampa-router: + rule: "Host(`lampa.milvert.com`)" + middlewares: + - redirect + service: lampa-service entryPoints: - web + lampa-router: + rule: "Host(`lampa.milvert.com`)" + service: lampa-service + entryPoints: + - web-secure + tls: + certResolver: milvert + services: - my-service: + lampa-service: loadBalancer: servers: - - url: https://milvert.com + - url: "http://10.0.0.3:8084" + + middlewares: + redirect: + redirectScheme: + scheme: https diff --git a/traefik.yml b/traefik.yml index a781b02..e92dae5 100644 --- a/traefik.yml +++ b/traefik.yml @@ -1,12 +1,8 @@ -log: - level: DEBUG - api: insecure: true dashboard: true debug: true - providers: docker: exposedbydefault: false @@ -20,15 +16,21 @@ log: # filePath: /etc/traefik/log.json # format: json + certificatesResolvers: - default: + milvert: acme: email: simon@milvert.com - storage: "acme.json" + storage: "/letsencrypt/acme.json" httpChallenge: - # used during the challenge entryPoint: web + tlsChallenge: {} +http: + middlewares: + redirect: + redirectScheme: + scheme: https entryPoints: web: From 5fd5e91ee994d60fd45d48586df7a750e4528110 Mon Sep 17 00:00:00 2001 From: Simon Milvert Date: Thu, 19 Dec 2019 05:28:18 +0100 Subject: [PATCH 3/7] Traefik works for milvert.com and http -> https --- docker-compose.yml | 41 +++++++++++++++++++++++++++++++++++----- mosquitto/mosquitto.conf | 6 ++++++ static_config.yml | 37 ++++++++++++++++++++++++++++++++++++ 3 files changed, 79 insertions(+), 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cd6eec2..c6e3e97 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,6 +2,38 @@ version: '3' services: + milvert-nginx: + container_name: milvert-nginx + image: nginx:latest + restart: always + networks: + - backend + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.milvert-ssl.redirectscheme.scheme=https" + # HTTP + - "traefik.http.routers.milvert.rule=Host(`${DOMAIN}`)" + - "traefik.http.routers.milvert.priority=1" + - "traefik.http.routers.milvert.entrypoints=web" + - "traefik.http.routers.mainsite-http.middlewares=milvert-ssl@docker" + + #- "traefik.http.routers.milvert.middlewares=redirect@file" + + #HTTPS + - "traefik.http.routers.milvert-secure.entrypoints=web-secure" + - "traefik.http.routers.milvert-secure.rule=Host(`www.${DOMAIN}`, `${DOMAIN}`)" + - "traefik.http.routers.milvert-secure.priority=1" + # SSL + - "traefik.http.routers.milvert-secure.tls.certresolver=milvert" + - "traefik.http.routers.milvert-secure.tls=true" + + + volumes: + - "${DIR}/milvert-nginx/conf:/etc/nginx/conf.d" + - "${DIR}/milvert-nginx/html:/html" + + + zigbee2mqtt: container_name: zigbee2mqtt networks: @@ -79,23 +111,22 @@ services: labels: - "traefik.enable=true" - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)" - - "traefik.http.routers.whoami.entrypoints=web" - "traefik.http.routers.whoami-secure.entrypoints=web-secure" - "traefik.http.routers.whoami-secure.rule=Host(`whoami.${DOMAIN}`)" - "traefik.http.routers.whoami-secure.tls.certresolver=milvert" mqtt: - image: eclipse-mosquitto:1.6.7 + image: eclipse-mosquitto:1.6.8 container_name: mqtt networks: - frontend - backend restart: always ports: - - "1885:1883" + - "1883:1883" - "9001:9001" volumes: - #- ${DIR}/mosquitto/config:/mosquitto/config + - ./mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf - ${DIR}/mosquitto/data:/mosquitto/data - ${DIR}/mosquitto/log:/mosquitto/log labels: @@ -177,8 +208,8 @@ services: labels: - "traefik.http.routers.traefik.rule=Host(`tra.${DOMAIN}`)" - - "traefik.http.routers.traefik.middlewares=redirect@file" - "traefik.http.routers.traefik.entrypoints=web" + - "traefik.http.routers.traefik.middlewares=redirect@file" - "traefik.http.routers.traefik-secure.entrypoints=web-secure" - "traefik.http.routers.traefik-secure.rule=Host(`tra.${DOMAIN}`)" - "traefik.http.routers.traefik-secure.tls.certresolver=milvert" diff --git a/mosquitto/mosquitto.conf b/mosquitto/mosquitto.conf index 4a21b2b..374faa5 100644 --- a/mosquitto/mosquitto.conf +++ b/mosquitto/mosquitto.conf @@ -1,3 +1,9 @@ persistence true persistence_location /mosquitto/data/ log_dest file /mosquitto/log/mosquitto.log + + +listener 1883 + +listener 9001 +protocol websockets diff --git a/static_config.yml b/static_config.yml index b4775a6..3b407db 100644 --- a/static_config.yml +++ b/static_config.yml @@ -16,14 +16,51 @@ http: tls: certResolver: milvert + bitwarden-router: + rule: "Host(`bitwarden.milvert.com`)" + middlewares: + - redirect + service: bitwarden-service + entryPoints: + - web + + bitwarden-router: + rule: "Host(`bitwarden.milvert.com`)" + service: bitwarden-service + entryPoints: + - web-secure + tls: + certResolver: milvert + + redirect: + rule: "HostRegexp(`{host:.+}`)" # This catches all + middlewares: + - redirect + service: redirectfake-service + entryPoints: + - web + priority: 50 + + services: lampa-service: loadBalancer: servers: - url: "http://10.0.0.3:8084" + bitwarden-service: + loadBalancer: + servers: + - url: "http://10.0.0.3:5178" + + redirectfake-service: + loadBalancer: + servers: + - url: "http://fake" + middlewares: redirect: redirectScheme: + permanent: true scheme: https From f42ad01dff8136068733222cbe3e1b422923e2ab Mon Sep 17 00:00:00 2001 From: Simon Milvert Date: Tue, 7 Jan 2020 20:33:35 +0100 Subject: [PATCH 4/7] Added configuration for zigbee2mqtt --- zigbee2mqtt/configuration.yaml | 89 ++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 zigbee2mqtt/configuration.yaml diff --git a/zigbee2mqtt/configuration.yaml b/zigbee2mqtt/configuration.yaml new file mode 100644 index 0000000..59763b3 --- /dev/null +++ b/zigbee2mqtt/configuration.yaml @@ -0,0 +1,89 @@ +homeassistant: false +permit_join: true +mqtt: + base_topic: zigbee2mqtt + server: 'mqtt://mqtt:1883' +advanced: + log_level: debug +serial: + port: /dev/ttyACM0 +devices: + '0xd0cf5efffef137e6': + friendly_name: '0xd0cf5efffef137e6' + retain: false + '0xd0cf5efffeffa12e': + friendly_name: '0xd0cf5efffeffa12e' + retain: false + '0x0017880106fca5e2': + friendly_name: Philips Lily 1 + retain: false + '0x90fd9ffffe6e8fe2': + friendly_name: Arbetsrum gullampa + retain: false + '0x0017880106fc9e16': + friendly_name: Philips Lily 2 + retain: false + '0x0017880106241299': + friendly_name: Philips Lily 3 + retain: false + '0x001788010452ec91': + friendly_name: Philips Lily 4 + retain: false + '0x000d6ffffe61e2f8': + friendly_name: '0x000d6ffffe61e2f8' + retain: false + '0xccccccfffe4c4499': + friendly_name: dimmer_unconnect + '0x14b457fffe6d87e8': + friendly_name: Kök_Multidimmer + '0x086bd7fffe5a6240': + friendly_name: Kök 1 + '0xd0cf5efffed8c794': + friendly_name: Kök 6 + '0x14b457fffe71f90e': + friendly_name: Kök 2 + '0x14b457fffe71ee40': + friendly_name: Kök 3 + '0x086bd7fffe54c813': + friendly_name: Kök 4 + '0x086bd7fffe3b7eaa': + friendly_name: Kök 5 + '0x086bd7fffe5302b2': + friendly_name: Kök 7 + '0x14b457fffe334c7c': + friendly_name: Matrum_tak + '0xccccccfffe344cb3': + friendly_name: Matrum_dimmer + '0x086bd7fffe05e8ad': + friendly_name: Julstjärna arum + '0xd0cf5efffed9d643': + friendly_name: Julstjärna 2 + '0x086bd7fffe38fe88': + friendly_name: Julstjärna 3 + '0x00178801045185ad': + friendly_name: Philips Lily 5 +groups: + '1': + friendly_name: Kök + retain: false + devices: + - '0x90fd9ffffe6e8fe2' + - '0x086bd7fffe5a6240' + - '0xd0cf5efffed8c794' + - '0x14b457fffe71f90e' + - '0x14b457fffe71ee40' + - '0x086bd7fffe54c813' + - '0x086bd7fffe3b7eaa' + - '0x086bd7fffe5302b2' + '2': + friendly_name: Matrum + retain: false + devices: + - '0x14b457fffe334c7c' + '57338': + friendly_name: Outdoor + retain: false + devices: + - '0x001788010452ec91' + - '0x0017880106241299' + - '0x0017880106fca5e2' From 55662db7a75a56c33f175ba3d9925e9f136cb796 Mon Sep 17 00:00:00 2001 From: Simon Milvert Date: Tue, 14 Jan 2020 05:06:04 +0100 Subject: [PATCH 5/7] Working gitea --- docker-compose.yml | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index c6e3e97..e5f2b64 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,14 +10,6 @@ services: - backend labels: - "traefik.enable=true" - - "traefik.http.middlewares.milvert-ssl.redirectscheme.scheme=https" - # HTTP - - "traefik.http.routers.milvert.rule=Host(`${DOMAIN}`)" - - "traefik.http.routers.milvert.priority=1" - - "traefik.http.routers.milvert.entrypoints=web" - - "traefik.http.routers.mainsite-http.middlewares=milvert-ssl@docker" - - #- "traefik.http.routers.milvert.middlewares=redirect@file" #HTTPS - "traefik.http.routers.milvert-secure.entrypoints=web-secure" @@ -38,11 +30,11 @@ services: container_name: zigbee2mqtt networks: - backend - image: koenkk/zigbee2mqtt:1.6.0 + image: koenkk/zigbee2mqtt:1.8.0 volumes: - ${DIR}/zigbee2matt:/app/data devices: - - /dev/ttyACM0:/dev/ttyACM0 + - /dev/ttyACM-zigbee:/dev/ttyACM0 restart: always environment: - TZ=Europe/Stockholm @@ -89,12 +81,15 @@ services: - backend restart: always environment: - - USER_UID=1000 - - USER_GID=1000 + - USER_UID=1001 + - USER_GID=1005 volumes: + #- /var/lib/gitea:/data - ${DIR}/gitea:/data + - /home/git/.ssh:/data/git/.ssh ports: - "127.0.0.1:2222:22" + - "3000:3000" labels: - "traefik.enable=true" - "traefik.http.services.gitea-service.loadbalancer.server.port=3000" @@ -110,7 +105,6 @@ services: - backend labels: - "traefik.enable=true" - - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)" - "traefik.http.routers.whoami-secure.entrypoints=web-secure" - "traefik.http.routers.whoami-secure.rule=Host(`whoami.${DOMAIN}`)" - "traefik.http.routers.whoami-secure.tls.certresolver=milvert" @@ -185,7 +179,7 @@ services: reverse-proxy: # The official v2.0 Traefik docker image - image: traefik:v2.0.6 + image: traefik:v2.1 container_name: "traefik" networks: - backend @@ -207,17 +201,15 @@ services: - 8.8.8.8 labels: + - "traefik.enable=true" - "traefik.http.routers.traefik.rule=Host(`tra.${DOMAIN}`)" - - "traefik.http.routers.traefik.entrypoints=web" - - "traefik.http.routers.traefik.middlewares=redirect@file" - "traefik.http.routers.traefik-secure.entrypoints=web-secure" - "traefik.http.routers.traefik-secure.rule=Host(`tra.${DOMAIN}`)" - "traefik.http.routers.traefik-secure.tls.certresolver=milvert" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.services.traefik-service.loadbalancer.server.port=8080" - - "traefik.enable=true" - - "traefik.http.routers.traefik-secure.middlewares=test-auth" - - "traefik.http.middlewares.test-auth.basicauth.users=simon:$$apr1$$o3vIe.DX$$3XExiBMe8rUo3HujDSYEo0" + - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" + - "traefik.http.middlewares.traefik-auth.basicauth.users=simon:$$apr1$$o3vIe.DX$$3XExiBMe8rUo3HujDSYEo0" networks: frontend: From 1b139233516bd872632af3cd374a6ff4653acbb2 Mon Sep 17 00:00:00 2001 From: Simon Milvert Date: Tue, 14 Jan 2020 05:15:05 +0100 Subject: [PATCH 6/7] Added acme.json --- acme.json | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 acme.json diff --git a/acme.json b/acme.json new file mode 100644 index 0000000..e69de29 From e044785bcb9a082edbdfbee92669f11ef45bac1e Mon Sep 17 00:00:00 2001 From: Simon Milvert Date: Tue, 14 Jan 2020 05:20:14 +0100 Subject: [PATCH 7/7] Added timezone data to gitea --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index e5f2b64..7d082c3 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -87,6 +87,8 @@ services: #- /var/lib/gitea:/data - ${DIR}/gitea:/data - /home/git/.ssh:/data/git/.ssh + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro ports: - "127.0.0.1:2222:22" - "3000:3000"