Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #1154 from bsherman/develop

add docker-compose support for traefik instead of caddy
Alex Feiszli 3 years ago
parent
050da4ea74 509587f271
commit
3740556c8c
1 changed files with 141 additions and 0 deletions
Split View Show Diff Stats
  1. 141 0
      compose/docker-compose.traefik.yml

+ 141 - 0
compose/docker-compose.traefik.yml
View File 

@@ -0,0 +1,141 @@
 
+version: "3.4"
 
+
 
+services:
 
+  netmaker:
 
+    container_name: netmaker
 
+    image: gravitl/netmaker:v0.14.1
 
+    cap_add: 
+      - NET_ADMIN
 
+      - NET_RAW
 
+      - SYS_MODULE
 
+    sysctls:
 
+      - net.ipv4.ip_forward=1
 
+      - net.ipv4.conf.all.src_valid_mark=1
 
+      - net.ipv6.conf.all.disable_ipv6=0
 
+      - net.ipv6.conf.all.forwarding=1
 
+    restart: always
 
+    volumes:
 
+      - dnsconfig:/root/config/dnsconfig
 
+      - sqldata:/root/data
 
+      - shared_certs:/etc/netmaker
 
+    environment:
 
+      SERVER_NAME: "broker.NETMAKER_BASE_DOMAIN"
 
+      SERVER_HOST: "SERVER_PUBLIC_IP"
 
+      SERVER_API_CONN_STRING: "api.NETMAKER_BASE_DOMAIN:443"
 
+      COREDNS_ADDR: "SERVER_PUBLIC_IP"
 
+      DNS_MODE: "on"
 
+      SERVER_HTTP_HOST: "api.NETMAKER_BASE_DOMAIN"
 
+      API_PORT: "8081"
 
+      CLIENT_MODE: "on"
 
+      MASTER_KEY: "REPLACE_MASTER_KEY"
 
+      CORS_ALLOWED_ORIGIN: "*"
 
+      DISPLAY_KEYS: "on"
 
+      DATABASE: "sqlite"
 
+      NODE_ID: "netmaker-server-1"
 
+      MQ_HOST: "mq"
 
+      # uncomment once netmaker supports changing MQ port
 
+      #MQ_PORT: "443"
 
+      HOST_NETWORK: "off"
 
+      VERBOSITY: "1"
 
+      MANAGE_IPTABLES: "on"
 
+      PORT_FORWARD_SERVICES: "dns"
 
+    ports:
 
+      - "51821-51830:51821-51830/udp"
 
+    expose:
 
+      - "8081"
 
+    labels:
 
+      - traefik.enable=true
 
+      - traefik.http.routers.netmaker-api.entrypoints=websecure
 
+      - traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`)
 
+      - traefik.http.routers.netmaker-api.service=netmaker-api
 
+      - traefik.http.services.netmaker-api.loadbalancer.server.port=8081
 
+  netmaker-ui:
 
+    container_name: netmaker-ui
 
+    image: gravitl/netmaker-ui:v0.14.1
 
+    depends_on:
 
+      - netmaker
 
+    links:
 
+      - "netmaker:api"
 
+    restart: always
 
+    environment:
 
+      BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN"
 
+    expose:
 
+      - "80"
 
+    labels:
 
+      - traefik.enable=true
 
+      - traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN
 
+      - traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000
 
+      - traefik.http.middlewares.nmui-security.headers.browserXssFilter=true
 
+      - traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN
 
+      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none
 
+      - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name
 
+      - traefik.http.routers.netmaker-ui.entrypoints=websecure
 
+      - traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker
 
+      - traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`)
 
+      - traefik.http.routers.netmaker-ui.service=netmaker-ui
 
+      - traefik.http.services.netmaker-ui.loadbalancer.server.port=80
 
+  coredns:
 
+    container_name: coredns
 
+    image: coredns/coredns
 
+    command: -conf /root/dnsconfig/Corefile
 
+    depends_on:
 
+      - netmaker
 
+    restart: always
 
+    volumes:
 
+      - dnsconfig:/root/dnsconfig
 
+  traefik:
 
+    image: traefik:v2.6
 
+    container_name: traefik
 
+    command:
 
+      - "--certificatesresolvers.http.acme.email=YOUR_EMAIL"
 
+      - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json"
 
+      - "--certificatesresolvers.http.acme.tlschallenge=true"
 
+      - "--entrypoints.web.address=:80"
 
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
 
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
 
+      - "--entrypoints.websecure.address=:443"
 
+      - "--entrypoints.websecure.http.tls=true"
 
+      - "--entrypoints.websecure.http.tls.certResolver=http"
 
+      - "--log.level=INFO"
 
+      - "--providers.docker=true"
 
+      - "--providers.docker.exposedByDefault=false"
 
+      - "--serverstransport.insecureskipverify=true"
 
+    restart: always
 
+    volumes:
 
+      - ${TRAEFIK_DOCKER_HOST}:/var/run/docker.sock:ro
 
+      - traefik_certs:/letsencrypt
 
+    ports:
 
+      - "80:80"
 
+      - "443:443"
 
+  mq:
 
+    container_name: mq
 
+    image: eclipse-mosquitto:2.0.11-openssl
 
+    depends_on:
 
+      - netmaker
 
+    restart: unless-stopped
 
+    volumes:
 
+      - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
 
+      - mosquitto_data:/mosquitto/data
 
+      - mosquitto_logs:/mosquitto/log
 
+      - shared_certs:/mosquitto/certs
 
+    ports:
 
+      - "127.0.0.1:1883:1883"
 
+    # comment once netmaker supports changing MQ port
 
+      - "8883:8883"
 
+    # uncomment once netmaker supports changing MQ port
 
+    #expose:
 
+    #  - "8883"
 
+    labels:
 
+      - traefik.enable=true
 
+      - traefik.tcp.routers.mqtts.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`)
 
+      - traefik.tcp.routers.mqtts.tls.passthrough=true
 
+      - traefik.tcp.services.mqtts-svc.loadbalancer.server.port=8883
 
+      - traefik.tcp.routers.mqtts.service=mqtts-svc
 
+      - traefik.tcp.routers.mqtts.entrypoints=websecure
 
+volumes:
 
+  traefik_certs: {}
 
+  shared_certs: {}
 
+  sqldata: {}
 
+  dnsconfig: {}
 
+  mosquitto_data: {}
 
+  mosquitto_logs: {}