From ee6265aefc32191e94907fe64265127470731fa5 Mon Sep 17 00:00:00 2001
From: Simon Milvert <simon@milvert.com>
Date: Fri, 6 Dec 2019 21:11:32 +0100
Subject: [PATCH] Added working traefik config but a draft with gitea

---
 docker-compose.yml | 32 ++++++++++++++++++++------------
 static_config.yml  | 25 ++++++++++++++++++++-----
 traefik.yml        | 16 +++++++++-------
 3 files changed, 49 insertions(+), 24 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 270bb03..cd6eec2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -62,12 +62,13 @@ services:
     volumes:
       - ${DIR}/gitea:/data
     ports:
-      - "2221:22"
+      - "127.0.0.1:2222:22"
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.gitea.rule=Host(`gitea.${DOMAIN}`)"
-      - "traefik.http.routers.gitea.entrypoints=web"
       - "traefik.http.services.gitea-service.loadbalancer.server.port=3000"
+      - "traefik.http.routers.gitea-secure.entrypoints=web-secure"
+      - "traefik.http.routers.gitea-secure.rule=Host(`gitea.${DOMAIN}`)"
+      - "traefik.http.routers.gitea-secure.tls.certresolver=milvert"
 
 
   whoami:
@@ -81,7 +82,7 @@ services:
       - "traefik.http.routers.whoami.entrypoints=web"
       - "traefik.http.routers.whoami-secure.entrypoints=web-secure"
       - "traefik.http.routers.whoami-secure.rule=Host(`whoami.${DOMAIN}`)"
-      - "traefik.http.routers.whoami-secure.tls.certresolver=default"
+      - "traefik.http.routers.whoami-secure.tls.certresolver=milvert"
 
   mqtt:
     image: eclipse-mosquitto:1.6.7
@@ -89,12 +90,12 @@ services:
     networks:
       - frontend
       - backend
-
+    restart: always
     ports:
       - "1885:1883"
       - "9001:9001"
     volumes:
-      - "${DIR}/mosquitto/config:/mosquitto/config"
+      #- ${DIR}/mosquitto/config:/mosquitto/config
       - ${DIR}/mosquitto/data:/mosquitto/data
       - ${DIR}/mosquitto/log:/mosquitto/log
     labels:
@@ -119,9 +120,12 @@ services:
     volumes:
       - ${DIR}/nodered:/data
     labels:
-      - "traefik.http.routers.node-red.rule=Host(`node.${DOMAIN}`)"
+      - "traefik.http.routers.node-red.rule=Host(`nodered.${DOMAIN}`)"
       - "traefik.http.routers.node-red.entrypoints=web"
       - "traefik.http.services.node-red-service.loadbalancer.server.port=1880"
+      - "traefik.http.routers.node-red-secure.entrypoints=web-secure"
+      - "traefik.http.routers.node-red-secure.rule=Host(`nodered.${DOMAIN}`)"
+      - "traefik.http.routers.node-red-secure.tls.certresolver=milvert"
       - "traefik.enable=true"
 
   domoticz:
@@ -150,7 +154,7 @@ services:
 
   reverse-proxy:
     # The official v2.0 Traefik docker image
-    image: traefik:v2.0.2
+    image: traefik:v2.0.6
     container_name: "traefik"
     networks:
       - backend
@@ -166,19 +170,23 @@ services:
       - ./traefik.yml:/etc/traefik/traefik.yml
       - ./static_config.yml:/etc/traefik/static_config.yml
         #      - "./log.json:/etc/traefik/log.json"
-        #      - "./traefik/acme.json:/acme.json"
+        #- ./acme.json:/acme.json
+      - ./letsencrypt:/letsencrypt
     dns:
       - 8.8.8.8
 
     labels:
-      - "traefik.http.routers.traefik.rule=Host(`tr.${DOMAIN}`)"
+      - "traefik.http.routers.traefik.rule=Host(`tra.${DOMAIN}`)"
+      - "traefik.http.routers.traefik.middlewares=redirect@file"
       - "traefik.http.routers.traefik.entrypoints=web"
       - "traefik.http.routers.traefik-secure.entrypoints=web-secure"
-      - "traefik.http.routers.traefik-secure.rule=Host(`tr.${DOMAIN}`)"
-      - "traefik.http.routers.traefik-secure.tls.certresolver=default"
+      - "traefik.http.routers.traefik-secure.rule=Host(`tra.${DOMAIN}`)"
+      - "traefik.http.routers.traefik-secure.tls.certresolver=milvert"
       - "traefik.http.routers.traefik-secure.tls=true"
       - "traefik.http.services.traefik-service.loadbalancer.server.port=8080"
       - "traefik.enable=true"
+      - "traefik.http.routers.traefik-secure.middlewares=test-auth"
+      - "traefik.http.middlewares.test-auth.basicauth.users=simon:$$apr1$$o3vIe.DX$$3XExiBMe8rUo3HujDSYEo0"
 
 networks:
   frontend:
diff --git a/static_config.yml b/static_config.yml
index 616d3ad..b4775a6 100644
--- a/static_config.yml
+++ b/static_config.yml
@@ -1,14 +1,29 @@
 http:
   routers:
-    test-router:
-      rule: "Host(`test.localhost`)"
-      service: my-service
+    lampa-router:
+      rule: "Host(`lampa.milvert.com`)"
+      middlewares:
+        - redirect
+      service: lampa-service
       entryPoints:
          - web
 
+    lampa-router:
+      rule: "Host(`lampa.milvert.com`)"
+      service: lampa-service
+      entryPoints:
+         - web-secure
+      tls:
+       certResolver: milvert
+
   services:
-    my-service:
+    lampa-service:
       loadBalancer:
         servers:
-          - url: https://milvert.com
+          - url: "http://10.0.0.3:8084"
+
+  middlewares:
+    redirect:
+      redirectScheme:
+        scheme: https
 
diff --git a/traefik.yml b/traefik.yml
index a781b02..e92dae5 100644
--- a/traefik.yml
+++ b/traefik.yml
@@ -1,12 +1,8 @@
-log:
-  level: DEBUG
-
 api:
   insecure: true
   dashboard: true
   debug: true
 
-
 providers:
   docker:
     exposedbydefault: false
@@ -20,15 +16,21 @@ log:
   #  filePath: /etc/traefik/log.json
   # format: json
 
+
 certificatesResolvers:
-  default:
+  milvert:
     acme:
       email: simon@milvert.com
-      storage: "acme.json"
+      storage: "/letsencrypt/acme.json"
       httpChallenge:
-        # used during the challenge
         entryPoint: web
+      tlsChallenge: {}
 
+http:
+  middlewares:
+    redirect:
+      redirectScheme:
+        scheme: https
 
 entryPoints:
   web: