Merge branch 'master' of milvert.com:simon/Docker

docker-compose.yml

@@ -2,15 +2,39 @@ version: '3'
 
 services:
 
+  milvert-nginx:
+    container_name: milvert-nginx
+    image: nginx:latest
+    restart: always
+    networks:
+      - backend
+    labels:
+      - "traefik.enable=true"
+
+        #HTTPS
+      - "traefik.http.routers.milvert-secure.entrypoints=web-secure"
+      - "traefik.http.routers.milvert-secure.rule=Host(`www.${DOMAIN}`, `${DOMAIN}`)"
+      - "traefik.http.routers.milvert-secure.priority=1"
+        # SSL
+      - "traefik.http.routers.milvert-secure.tls.certresolver=milvert"
+      - "traefik.http.routers.milvert-secure.tls=true"
+
+
+    volumes:
+      - "${DIR}/milvert-nginx/conf:/etc/nginx/conf.d"
+      - "${DIR}/milvert-nginx/html:/html"
+
+
+
   zigbee2mqtt:
     container_name: zigbee2mqtt
     networks:
       - backend
-    image: koenkk/zigbee2mqtt:1.6.0
+    image: koenkk/zigbee2mqtt:1.8.0
     volumes:
       - ${DIR}/zigbee2matt:/app/data
     devices:
-      - /dev/ttyACM0:/dev/ttyACM0
+      - /dev/ttyACM-zigbee:/dev/ttyACM0
     restart: always
     environment:
       - TZ=Europe/Stockholm
@@ -57,17 +81,23 @@ services:
       - backend
     restart: always
     environment:
-      - USER_UID=1000
+      - USER_UID=1001
-      - USER_GID=1000
+      - USER_GID=1005
     volumes:
+      #- /var/lib/gitea:/data
       - ${DIR}/gitea:/data
+      - /home/git/.ssh:/data/git/.ssh
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
     ports:
-      - "2221:22"
+      - "127.0.0.1:2222:22"
+      - "3000:3000"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)"
-      - "traefik.http.routers.gitea.entrypoints=web"
       - "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
+      - "traefik.http.routers.gitea-secure.entrypoints=web-secure"
+      - "traefik.http.routers.gitea-secure.rule=Host(`gitea.${DOMAIN}`)"
+      - "traefik.http.routers.gitea-secure.tls.certresolver=milvert"
 
 
   whoami:
@@ -77,23 +107,22 @@ services:
       - backend
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
+      - "traefik.http.routers.whoami-secure.entrypoints=web-secure"
-      - "traefik.http.routers.whoami.entrypoints=web"
+      - "traefik.http.routers.whoami-secure.rule=Host(`whoami.${DOMAIN}`)"
-      - "traefik.http.routers.whoami.entrypoints=web-secure"
+      - "traefik.http.routers.whoami-secure.tls.certresolver=milvert"
-      - "traefik.http.routers.whoami.tls.certresolver=sample"
 
   mqtt:
-    image: eclipse-mosquitto:1.6.7
+    image: eclipse-mosquitto:1.6.8
     container_name: mqtt
     networks:
       - frontend
       - backend
-
+    restart: always
     ports:
-      - "1885:1883"
+      - "1883:1883"
       - "9001:9001"
     volumes:
-      - "${DIR}/mosquitto/config:/mosquitto/config"
+      - ./mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf
       - ${DIR}/mosquitto/data:/mosquitto/data
       - ${DIR}/mosquitto/log:/mosquitto/log
     labels:
@@ -118,9 +147,12 @@ services:
     volumes:
       - ${DIR}/nodered:/data
     labels:
-      - "traefik.http.routers.node-red.rule=Host(`node.${DOMAIN}`)"
+      - "traefik.http.routers.node-red.rule=Host(`nodered.${DOMAIN}`)"
       - "traefik.http.routers.node-red.entrypoints=web"
       - "traefik.http.services.node-red-service.loadbalancer.server.port=1880"
+      - "traefik.http.routers.node-red-secure.entrypoints=web-secure"
+      - "traefik.http.routers.node-red-secure.rule=Host(`nodered.${DOMAIN}`)"
+      - "traefik.http.routers.node-red-secure.tls.certresolver=milvert"
       - "traefik.enable=true"
 
   domoticz:
@@ -149,7 +181,7 @@ services:
 
   reverse-proxy:
     # The official v2.0 Traefik docker image
-    image: traefik:v2.0.2
+    image: traefik:v2.1
     container_name: "traefik"
     networks:
       - backend
@@ -157,21 +189,29 @@ services:
     ports:
       # The HTTP port
       - "80:80"
+      - "443:443"
       - "8080:8080"
     volumes:
       # So that Traefik can listen to the Docker events
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik.yml:/etc/traefik/traefik.yml
       - ./static_config.yml:/etc/traefik/static_config.yml
-      - ./acme.json:/acme.json
+        #      - "./log.json:/etc/traefik/log.json"
-      - "./letsencrypt:/letsencrypt"
+        #- ./acme.json:/acme.json
-
+      - ./letsencrypt:/letsencrypt
+    dns:
+      - 8.8.8.8
 
     labels:
-      - "traefik.http.routers.traefik.rule=Host(`tr.${DOMAIN}`)"
-      - "traefik.http.routers.traefik.entrypoints=web"
-      - "traefik.http.services.traefik-service.loadbalancer.server.port=8080"
       - "traefik.enable=true"
+      - "traefik.http.routers.traefik.rule=Host(`tra.${DOMAIN}`)"
+      - "traefik.http.routers.traefik-secure.entrypoints=web-secure"
+      - "traefik.http.routers.traefik-secure.rule=Host(`tra.${DOMAIN}`)"
+      - "traefik.http.routers.traefik-secure.tls.certresolver=milvert"
+      - "traefik.http.routers.traefik-secure.tls=true"
+      - "traefik.http.services.traefik-service.loadbalancer.server.port=8080"
+      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=simon:$$apr1$$o3vIe.DX$$3XExiBMe8rUo3HujDSYEo0"
 
 networks:
   frontend:

mosquitto/mosquitto.conf

@@ -1,3 +1,9 @@
 persistence true
 persistence_location /mosquitto/data/
 log_dest file /mosquitto/log/mosquitto.log
+
+
+listener 1883
+
+listener 9001
+protocol websockets

static_config.yml

@@ -1,14 +1,66 @@
 http:
   routers:
-    test-router:
+    lampa-router:
-      rule: "Host(`test.localhost`)"
+      rule: "Host(`lampa.milvert.com`)"
-      service: my-service
+      middlewares:
+        - redirect
+      service: lampa-service
       entryPoints:
          - web
 
+    lampa-router:
+      rule: "Host(`lampa.milvert.com`)"
+      service: lampa-service
+      entryPoints:
+         - web-secure
+      tls:
+       certResolver: milvert
+
+    bitwarden-router:
+      rule: "Host(`bitwarden.milvert.com`)"
+      middlewares:
+        - redirect
+      service: bitwarden-service
+      entryPoints:
+         - web
+
+    bitwarden-router:
+      rule: "Host(`bitwarden.milvert.com`)"
+      service: bitwarden-service
+      entryPoints:
+         - web-secure
+      tls:
+       certResolver: milvert
+
+    redirect:
+      rule: "HostRegexp(`{host:.+}`)" # This catches all
+      middlewares:
+        - redirect
+      service: redirectfake-service
+      entryPoints:
+         - web
+      priority: 50
+
+
   services:
-    my-service:
+    lampa-service:
       loadBalancer:
         servers:
-          - url: https://milvert.com
+          - url: "http://10.0.0.3:8084"
+
+    bitwarden-service:
+      loadBalancer:
+        servers:
+          - url: "http://10.0.0.3:5178"
+
+    redirectfake-service:
+      loadBalancer:
+        servers:
+          - url: "http://fake"
+
+  middlewares:
+    redirect:
+      redirectScheme:
+        permanent: true
+        scheme: https
 

traefik.yml

@@ -1,12 +1,8 @@
-log:
-  level: DEBUG
-
 api:
   insecure: true
   dashboard: true
   debug: true
 
-
 providers:
   docker:
     exposedbydefault: false
@@ -15,21 +11,31 @@ providers:
     filename: "/etc/traefik/static_config.yml"
     watch: true
 
+log:
+  level: DEBUG
+  #  filePath: /etc/traefik/log.json
+  # format: json
+
 
 certificatesResolvers:
-  sample:
+  milvert:
     acme:
       email: simon@milvert.com
-      storage: acme.json
+      storage: "/letsencrypt/acme.json"
       httpChallenge:
-        # used during the challenge
         entryPoint: web
+      tlsChallenge: {}
 
+http:
+  middlewares:
+    redirect:
+      redirectScheme:
+        scheme: https
 
 entryPoints:
   web:
    address: ":80"
-  web-sercure:
+  web-secure:
    address: ":443"
   mqtt:
    address: ":9001"

zigbee2mqtt/configuration.yaml

@@ -0,0 +1,89 @@
+homeassistant: false
+permit_join: true
+mqtt:
+  base_topic: zigbee2mqtt
+  server: 'mqtt://mqtt:1883'
+advanced:
+  log_level: debug
+serial:
+  port: /dev/ttyACM0
+devices:
+  '0xd0cf5efffef137e6':
+    friendly_name: '0xd0cf5efffef137e6'
+    retain: false
+  '0xd0cf5efffeffa12e':
+    friendly_name: '0xd0cf5efffeffa12e'
+    retain: false
+  '0x0017880106fca5e2':
+    friendly_name: Philips Lily 1
+    retain: false
+  '0x90fd9ffffe6e8fe2':
+    friendly_name: Arbetsrum gullampa
+    retain: false
+  '0x0017880106fc9e16':
+    friendly_name: Philips Lily 2
+    retain: false
+  '0x0017880106241299':
+    friendly_name: Philips Lily 3
+    retain: false
+  '0x001788010452ec91':
+    friendly_name: Philips Lily 4
+    retain: false
+  '0x000d6ffffe61e2f8':
+    friendly_name: '0x000d6ffffe61e2f8'
+    retain: false
+  '0xccccccfffe4c4499':
+    friendly_name: dimmer_unconnect
+  '0x14b457fffe6d87e8':
+    friendly_name: Kök_Multidimmer
+  '0x086bd7fffe5a6240':
+    friendly_name: Kök 1
+  '0xd0cf5efffed8c794':
+    friendly_name: Kök 6
+  '0x14b457fffe71f90e':
+    friendly_name: Kök 2
+  '0x14b457fffe71ee40':
+    friendly_name: Kök 3
+  '0x086bd7fffe54c813':
+    friendly_name: Kök 4
+  '0x086bd7fffe3b7eaa':
+    friendly_name: Kök 5
+  '0x086bd7fffe5302b2':
+    friendly_name: Kök 7
+  '0x14b457fffe334c7c':
+    friendly_name: Matrum_tak
+  '0xccccccfffe344cb3':
+    friendly_name: Matrum_dimmer
+  '0x086bd7fffe05e8ad':
+    friendly_name: Julstjärna arum
+  '0xd0cf5efffed9d643':
+    friendly_name: Julstjärna 2
+  '0x086bd7fffe38fe88':
+    friendly_name: Julstjärna 3
+  '0x00178801045185ad':
+    friendly_name: Philips Lily 5
+groups:
+  '1':
+    friendly_name: Kök
+    retain: false
+    devices:
+      - '0x90fd9ffffe6e8fe2'
+      - '0x086bd7fffe5a6240'
+      - '0xd0cf5efffed8c794'
+      - '0x14b457fffe71f90e'
+      - '0x14b457fffe71ee40'
+      - '0x086bd7fffe54c813'
+      - '0x086bd7fffe3b7eaa'
+      - '0x086bd7fffe5302b2'
+  '2':
+    friendly_name: Matrum
+    retain: false
+    devices:
+      - '0x14b457fffe334c7c'
+  '57338':
+    friendly_name: Outdoor
+    retain: false
+    devices:
+      - '0x001788010452ec91'
+      - '0x0017880106241299'
+      - '0x0017880106fca5e2'