Verified Commit 92d71b4f authored by Christoph Böhner-Figas's avatar Christoph Böhner-Figas
Browse files

Merge branch 'master' of git.team23.de:docker/b5-traefik

parents 8f56fc05 cd34d73c
/build/docker-compose.override.yml
\ No newline at end of file
......@@ -4,6 +4,11 @@ This is as very simple docker configuration to run traefik locally for simle
project handling. Traefik allows you to run multiple projects simultaneously
without open port collisions.
Project tasks are handled using the TEAM23 b5 Task Runner (https://git.team23.de/build/b5).
See build/Taskfiles for the available tasks and their definition. The project follows our
common task schema (https://git.team23.de/build/b5/blob/master/docs/03_common_tasks.md). For
simple docker/traefik usage head over to https://git.team23.de/build/b5-docker-traefik.
## More background
Normally when using docker you might end up for example using http://localhost:8000/
......@@ -69,6 +74,7 @@ $ sudo launchctl load -w /Library/LaunchDaemons/homebrew.mxcl.dnsmasq.plist # A
$ sudo mkdir -p /etc/resolver # make sure /etc/resolver exists
$ sudo bash -c 'echo "nameserver 127.0.0.1" > /etc/resolver/t23dev' # tell macOS to use the local dnsmasq nameserver for .t23dev
```
A reboot might be needed for changes to take effect.
**Note:** The domain .t23dev shall be used for local development, see "T³P 0010 - Lokale Development Domains":
https://docs.google.com/document/d/1Pej_gE4yZVg0-vDY1azStgwHvq9J_oj-a4OrUbLpeSY/edit
......
......@@ -12,7 +12,7 @@ task:run() {
docker:docker-compose up "$@"
}
task:stop() {
task:halt() {
docker:docker-compose down "$@"
}
......
-----BEGIN CERTIFICATE-----
MIIDlDCCAnwCCQC7lkOI/NwaWTANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC
REUxDzANBgNVBAgMBkJheWVybjEbMBkGA1UEBwwSVEVBTTIzIERldmVsb3BtZW50
MRQwEgYDVQQKDAtURUFNMjMgR21iSDEbMBkGA1UECwwSVEVBTTIzIERldmVsb3Bt
ZW50MRswGQYDVQQDDBJMb2NhbCBDQSBSb290IENlcnQwHhcNMTgwMzA0MTQzMjI2
WhcNMTkwMzA0MTQzMjI2WjCBizELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJheWVy
bjEbMBkGA1UEBwwSVEVBTTIzIERldmVsb3BtZW50MRQwEgYDVQQKDAtURUFNMjMg
R21iSDEbMBkGA1UECwwSVEVBTTIzIERldmVsb3BtZW50MRswGQYDVQQDDBJMb2Nh
bCBDQSBSb290IENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1
nt5NZ/D33hR25bud6rkEog3E3AgnBte8VcGRhqmkGHg00vAweaVPup7UaXLYGFcT
JTKE5W9Xx3IpYmATloPyrdm34+EDTy5r/5Tg5drp8Qd+aswNDelwHXLDuU+5b+Un
35tBUOgioP0skVJR2kFkfaSfwGnmOxilWgvO+21GlO/fVd6n8Dy8fiTU6QA2PIPI
u7BXTAYYa4dSinBKUh1M85imcOyFZm08VuXp4Ysj/ofxkhHoFEKYmJS/Sqx+G12e
AcUB74eNZv0lsy7QPoQ/dThLO6c8qfm3gcau5jhd9c3acJAhjBMcuSwq/qnXxkW/
uhDbMlaXG/RyO53bBDCZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABWQI1mB+fzv
PjUFle4UFWQh8a8gQHBJ26/zuMpylhspecg99i2eRbviUpszV3xh0MLS1ilbiEYg
W4e0B9UH4bkYFWb3ft79uUHbO1kuCFCCdQGXYPtq2lUAT/2FEVo+/vl9v7VEcKXN
1QxGH6kNwMJ2xeBVlWJuzDaAUKf7yU3Tmsxg6sjuAVSVS2ms/uQadpfgjO/YFcVo
TPt1jPbzRjHVFY5gQhEWNuH/EZp8l1/EEYZGxqv7mgdHGsjoyLeSfcB3LjEgbr0f
Qzq2hZJcz/m9TbmndNJMoTUfyhKu61MU4aFoHswfrrNoS1aq/bj+XSY3TTMHdMdp
1VEtdAGkZ9k=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAtZ7eTWfw994UduW7neq5BKINxNwIJwbXvFXBkYappBh4NNLw
MHmlT7qe1Gly2BhXEyUyhOVvV8dyKWJgE5aD8q3Zt+PhA08ua/+U4OXa6fEHfmrM
DQ3pcB1yw7lPuW/lJ9+bQVDoIqD9LJFSUdpBZH2kn8Bp5jsYpVoLzvttRpTv31Xe
p/A8vH4k1OkANjyDyLuwV0wGGGuHUopwSlIdTPOYpnDshWZtPFbl6eGLI/6H8ZIR
6BRCmJiUv0qsfhtdngHFAe+HjWb9JbMu0D6EP3U4SzunPKn5t4HGruY4XfXN2nCQ
IYwTHLksKv6p18ZFv7oQ2zJWlxv0cjud2wQwmQIDAQABAoIBAC1qYKRyjWst+WgR
4myGuWVTMKY9bzxzFZdeylydk+YYyFZNOQqmIJRjUjxDchhfXcbH0m4xATquAPog
Q24igTQ6DOtS7H1rW2xeKNhkIe3F+928zvGkvO7wLjaLLEhulpr161jV5nZiU2zF
mhQlw5xhXr0j3FdaB7uxXKqRbK3tPHuawqYp5EafMD/uH05bc/VGsXqLddf4JZL5
le4STmFo+OWvp1LKXta27zdJF/gOeFp7lFVCNbn68PY/rjHqeAf2VlzbxpjlNcjg
YaEnhIcl9iotnb76X58V4VnuXLsMPPqiiV8R1YXcPlws1uHcdOIVnkkDQ/iux+Ep
jQu3UZECgYEA3gU2FCMVpCwvZ2vSPZIl4Bp6PL9xk6+/M24vKtIyynhfk8dIWGtj
6kE7pDWAAObS35aAYgzfLl3xrYTWXfj4cRUlKGMqS8H4FPaNwfT7KW0uMhnH9EV2
Vos6BOTSZUbC9Die0ounoHkRlTdvLDvUycHwxWEUinajzbWHTH0GZkMCgYEA0WrJ
xuFipk1lEIdrYGhPVuAjum55Ru2sDbxBI3ueKRhSX77YZRMsKdxWFk42r+Y3Vfxn
3zTlTUZTgKwaolmC/r3/0R60rwGMS6CVq9EvZVb0xhTmXBpA9/Elci/OnMT0HXIW
qUC88rze8pwoJ9aAeBPd6LXD3c+SMtwsoQPx9fMCgYEAknX7m8MdRqUDTIVbNtTP
eYvd8W8VXKjGSAY6xVPOv7Qy0MjY18NYMTOBRa0pWO7sUyT0Yjo9jFfa023bADj6
o5agYYkxYLJ/lkyjbTzP5x8oJ1LMjj64dxT3XD0a8kaA2xzy4M/R79GOINJl21dI
4yO2Um7dXw4utsg2jeW4MAMCgYEAxpDIBDDfdip6gsK0uLQPTqO2nOZ1TiC7/EYd
SYTEQdkS+kAeNTCJtqN6aSn+Rqk2nOx4nTctmSjusln94ySWxe7oKqQ/1JTWLztz
z3fIxgE+lLdqebhXFAHubKgR86n4ghcUj6WXw1380/PnS2bjZ3gG+Mmoj6Bq0pjc
JEx2V6sCgYEAyGodeyf7OE8FrsgXCAFzOPltj5Bb3/5bza5B8WoBuiEHWTgxwTav
SHkqmr9clm3TDsZTx7MrDsYWbfH2jkiSG1gWmFWi1HFLF+RdDCMeai8ygJxrLirh
wawyFbapMgzxhWcab3paWZtbj+jNnAOqJ2rFYKCv2DrTdu+KpnBukR0=
-----END RSA PRIVATE KEY-----
CA0EE47124001AED
#!/bin/bash
# Generate Root CA
openssl genrsa -out ca.key 2048 || exit 1
openssl req -new -x509 -days 365 -key ca.key \
-subj "/C=DE/ST=Bayern/L=TEAM23 Development/O=TEAM23 GmbH/OU=TEAM23 Development/CN=Local CA Root Cert" \
-out ca.crt || exit 2
# Generate domain cert
openssl genrsa -out t23dev.key 2048 || exit 3
openssl req -new -sha256 \
-key t23dev.key \
-subj "/C=DE/ST=Bayern/L=TEAM23 Development/O=TEAM23 GmbH/OU=TEAM23 Development/CN=traefik.t23dev" \
-reqexts SAN \
-config <(cat /usr/local/etc/openssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:traefik.t23dev,DNS:*.t23dev,DNS:*.*.t23dev,DNS:*.*.*.t23dev,DNS:*.*.*.*.t23dev")) \
-out t23dev.csr || exit 4
# Sign local cert
openssl x509 -req \
-extfile <(printf "subjectAltName=DNS:traefik.t23dev,DNS:*.t23dev,DNS:*.*.t23dev,DNS:*.*.*.t23dev,DNS:*.*.*.*.t23dev") \
-days 1825 -in t23dev.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out t23dev.crt || exit 5
# Show certificate information
openssl x509 -in t23dev.crt -text || exit 6
-----BEGIN CERTIFICATE-----
MIID6DCCAtCgAwIBAgIJAMoO5HEkABrtMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
VQQGEwJERTEPMA0GA1UECAwGQmF5ZXJuMRswGQYDVQQHDBJURUFNMjMgRGV2ZWxv
cG1lbnQxFDASBgNVBAoMC1RFQU0yMyBHbWJIMRswGQYDVQQLDBJURUFNMjMgRGV2
ZWxvcG1lbnQxGzAZBgNVBAMMEkxvY2FsIENBIFJvb3QgQ2VydDAeFw0xODAzMDQx
NDMyMjdaFw0yMzAzMDMxNDMyMjdaMIGHMQswCQYDVQQGEwJERTEPMA0GA1UECAwG
QmF5ZXJuMRswGQYDVQQHDBJURUFNMjMgRGV2ZWxvcG1lbnQxFDASBgNVBAoMC1RF
QU0yMyBHbWJIMRswGQYDVQQLDBJURUFNMjMgRGV2ZWxvcG1lbnQxFzAVBgNVBAMM
DnRyYWVmaWsudDIzZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
rV1gGFp0Mguo4JMK+G7gNCT7Ca63MfX/xw+/T9TSUKxYMXg3wujOjqj0wcdmRO+o
Ey7kCV/rIynCbejWElTu8bkXXUsjU4SABBZBG1X3xmHwxtmqKaq3cfwZZcZr7jZF
HOnJjTC+z/HNiMTfDQL08Nn6DElrB9JD8+cRj7kWS5s4BGMJQyxav7Ab1RiisggK
bXNn7b1mCcZ+l+2OESaa/afebEyeu+ouKJTAMTxrvFm4gA9YK3/3QM5tIa72A/EJ
/cGOEbiZx18v/WxNg3kn3NcHyMIVtPyAUU5uZzEEBc2phpkLLRoX75uoTKAa9pZ4
VF2XqqJUPdKbkhViTCCYuQIDAQABo1EwTzBNBgNVHREERjBEgg50cmFlZmlrLnQy
M2RldoIIKi50MjNkZXaCCiouKi50MjNkZXaCDCouKi4qLnQyM2RldoIOKi4qLiou
Ki50MjNkZXYwDQYJKoZIhvcNAQEFBQADggEBAG2S0aTsZ2FdA06gA77v2Ho1Dx1I
fWomxKJ589T7YAgRt+CnkxCrhefLDu2Se+O3Rt1ETS68il0D/pNObutE7uiiV7o6
B4hoIaYsylpW0PzsLgRCMYTE5dxDNoKn2RsSqlste7YKWOdb80PZWURRM/4+4OH8
AlmQR0VG7mc9nkF+1UqBN3KHiJtLELVuNniWY7x26sPpXwyt2TraA6fP6CAE6ngW
9e1rZfYBuP7P3PwKg6BvzR+lgHt3koaESg4GGx09Yxyoq389QMm5ZuEDUoq7D2AX
so8HQvG6t0H+mIHrVKkPEg9WoYlDU71+YQFOcXQS9NxXcRKqQ3fjJGd0TDk=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE REQUEST-----
MIIDLTCCAhUCAQAwgYcxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCYXllcm4xGzAZ
BgNVBAcMElRFQU0yMyBEZXZlbG9wbWVudDEUMBIGA1UECgwLVEVBTTIzIEdtYkgx
GzAZBgNVBAsMElRFQU0yMyBEZXZlbG9wbWVudDEXMBUGA1UEAwwOdHJhZWZpay50
MjNkZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtXWAYWnQyC6jg
kwr4buA0JPsJrrcx9f/HD79P1NJQrFgxeDfC6M6OqPTBx2ZE76gTLuQJX+sjKcJt
6NYSVO7xuRddSyNThIAEFkEbVffGYfDG2aopqrdx/BllxmvuNkUc6cmNML7P8c2I
xN8NAvTw2foMSWsH0kPz5xGPuRZLmzgEYwlDLFq/sBvVGKKyCAptc2ftvWYJxn6X
7Y4RJpr9p95sTJ676i4olMAxPGu8WbiAD1grf/dAzm0hrvYD8Qn9wY4RuJnHXy/9
bE2DeSfc1wfIwhW0/IBRTm5nMQQFzamGmQstGhfvm6hMoBr2lnhUXZeqolQ90puS
FWJMIJi5AgMBAAGgYDBeBgkqhkiG9w0BCQ4xUTBPME0GA1UdEQRGMESCDnRyYWVm
aWsudDIzZGV2gggqLnQyM2RldoIKKi4qLnQyM2RldoIMKi4qLioudDIzZGV2gg4q
LiouKi4qLnQyM2RldjANBgkqhkiG9w0BAQsFAAOCAQEAODRoI4/h6nRZ5+iT9aIi
ZrUPMID2rEBJaHYSDekCNi3kqu1S1yRpqd2GFIzbLrlKikLUz+lsI0FMfdxHAkXu
NvIcA9cX9gEotbZ2cuBruKwhKqI+4VPpEY8+6Wyk5XD7KFSkUgZbXu2Eh5vMnO81
w1wceDupr9wYWqBEtCdpnCEZ5ncRYFedo7eglx5bt34JWImtdrttZIuJpygcI6vI
kwsMcPTLCcGu+hyiFeXP+Sdlvtv3c/3vlCeazElnqmcjOu3PdJcQJdqNMBUWjpgg
Ue/9tVTiuQZSdyxJ/8Ll6dpSMmzy0vxlLvvdb+CYCIrJHSWiuEZjfBq9Zc/13S3x
xg==
-----END CERTIFICATE REQUEST-----
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEArV1gGFp0Mguo4JMK+G7gNCT7Ca63MfX/xw+/T9TSUKxYMXg3
wujOjqj0wcdmRO+oEy7kCV/rIynCbejWElTu8bkXXUsjU4SABBZBG1X3xmHwxtmq
Kaq3cfwZZcZr7jZFHOnJjTC+z/HNiMTfDQL08Nn6DElrB9JD8+cRj7kWS5s4BGMJ
Qyxav7Ab1RiisggKbXNn7b1mCcZ+l+2OESaa/afebEyeu+ouKJTAMTxrvFm4gA9Y
K3/3QM5tIa72A/EJ/cGOEbiZx18v/WxNg3kn3NcHyMIVtPyAUU5uZzEEBc2phpkL
LRoX75uoTKAa9pZ4VF2XqqJUPdKbkhViTCCYuQIDAQABAoIBADzeRfkG+TkBAwAm
YHmtZCaqvUE/CK8P8ggQLVl4HYeZmzVzQhC68JsCEz1eJzgY9OgXVJU+Ci7EYLF6
SH8TNvnDxMJKuVJ/ePr2XVGds2sBxCntDmOmvtXUb45eRlLS1x05sDxUWwpjmYhl
pvLIkPtnbPWXaW7LknQ2MuJFV+CfQOD1z96r3GbsYfK3N5I8ds/kynzp6VDLHRie
hIc5cgMDzpvYIBOAlj+FmQZtPLPh8L6bATxAObeEw3MpxafNZzc6D6n4wDaAmmu0
41E1DLLGO7dpiReu5DJG9vU/d8agv7eor7WSnn2WiatN+DQPtKiNEhFVpqhFune9
xfWyAwECgYEA2TeFWl/1gES7ih4KkHnzFGjI4aKnFrr3dqGZuk2oTSPWCmn0A+6x
qRJdSGxImPmVpvYd17qwdhAR4HURb0hgqF7WSMWu2IS2C3rU1t+w86R0x8JPqSTv
vZZkZnwBAiu13mf5GrvaMANg5w/YtlAXPmmSUg1mI8WmbU5rcF+85AkCgYEAzFF5
swVZwO1cvVZh/94vyMcOlX6BVeLoa8MFPtbaKmCY3omxJKEzVo7uXdivsybShln+
rRtqnjslDXcLCZ5ymRBRtI15aMxGeHXfJTi6OzWGeDahDpUUK/FqrHERd5qr06jY
PeVaS4+ylfXpsA8wmtF5pc02OeHtn9cerZiMGzECgYBa/05nSPHxFVo3h1RHqD70
Gt2k4N38wMCwuwxKpwPNpSii3jYye4mD2cSodWyIYW6XLl3cJUKNgzfp/0EZjImp
n2lHvUD9RcN51bBagAWCXC/sC3QR2P5yPxG6eVJ21VbwYEBUOcQy/wdWZSYVYkIK
jHGW3DQg4klRW1vZDNJ1+QKBgBHutLe5qH7+Vj1n74H9hkQg9G66g69+Etgibbtu
MAe4IrKlcx675z2ZneIuun0G00NncqrO1TS+DCp6YEWf2n8Ep6cpI5bHFwhLkCI8
MFwx/nNemBQnkXWp4qrv4ZCVyq7xCsmj76DiI9J1muUQ8DsmV37t2+yIn8p/nvmt
gd6BAoGAF4d88c/9lkmd+qwbl90jqjRVZ/LiFGPX4szE3D9vbyfKWRg94Z095pRF
kG6x3my052TwLrzczszyvi8mhulzy0RATBxLW6tRqHSYGI00kABk39ZrOSqU3uk/
b5DRPdelEm9DPAgt0UXPdLf/tP0PQ/TJNHeHSyzAi1VgKwyHe+8=
-----END RSA PRIVATE KEY-----
......@@ -4,6 +4,7 @@ services:
traefik:
ports:
- "80:80"
- "443:443"
- "8080:8080"
networks:
......
......@@ -3,10 +3,12 @@ version: '3'
services:
traefik:
image: traefik
restart: always
networks:
- gateway
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./cert:/cert
- ./traefik.toml:/traefik.toml
networks:
......
......@@ -22,8 +22,8 @@ debug = true
# Optional
# Default: ["http"]
#
defaultEntryPoints = ["http"]
#defaultEntryPoints = ["http", "https"]
#defaultEntryPoints = ["http"]
defaultEntryPoints = ["http", "https"]
# Entrypoints definition
#
......@@ -32,15 +32,12 @@ defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
# [entryPoints.https]
# address = ":443"
# [entryPoints.https.tls]
# [[entryPoints.https.tls.certificates]]
# CertFile = "integration/fixtures/https/snitest.com.cert"
# KeyFile = "integration/fixtures/https/snitest.com.key"
# [[entryPoints.https.tls.certificates]]
# CertFile = "integration/fixtures/https/snitest.org.cert"
# KeyFile = "integration/fixtures/https/snitest.org.key"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "cert/t23dev.crt"
KeyFile = "cert/t23dev.key"
# Traefik logs
# Enabled by default and log to stdout
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment