From ad0e33416d842931f1a48836ee9f89bab4257587 Mon Sep 17 00:00:00 2001 From: Junlin Liu Date: Fri, 23 Feb 2024 23:14:45 +0800 Subject: [PATCH] migrate to caddy (#1) * migrate to caddy * format --------- Co-authored-by: Anonymous <> --- docker/caddy/.env.example | 2 + docker/caddy/Caddyfile | 53 +++++++++++++++++++++++ docker/caddy/Dockerfile | 14 ++++++ docker/caddy/docker-compose.yml | 25 +++++++++++ docker/{traefik => caddy}/make_network.sh | 1 + docker/dockge/docker-compose.yml | 2 +- docker/dockge/oauth2-proxy.cfg | 2 +- docker/gitea/docker-compose.yml | 4 +- docker/openvscode/docker-compose.yml | 2 +- docker/traefik/.env.example | 1 - docker/traefik/conf/apps/base.yml | 20 --------- docker/traefik/conf/apps/dockge.yaml | 14 ------ docker/traefik/conf/apps/filebrowser.yaml | 13 ------ docker/traefik/conf/apps/gitea.yaml | 27 ------------ docker/traefik/conf/apps/grafana.yaml | 13 ------ docker/traefik/conf/apps/homepage.yaml | 13 ------ docker/traefik/conf/apps/openvscode.yaml | 15 ------- docker/traefik/conf/apps/portainer.yaml | 13 ------ docker/traefik/conf/apps/uptime.yaml | 13 ------ docker/traefik/conf/traefik.yml | 50 --------------------- docker/traefik/docker-compose.yml | 31 ------------- 21 files changed, 100 insertions(+), 228 deletions(-) create mode 100644 docker/caddy/.env.example create mode 100644 docker/caddy/Caddyfile create mode 100644 docker/caddy/Dockerfile create mode 100644 docker/caddy/docker-compose.yml rename docker/{traefik => caddy}/make_network.sh (52%) delete mode 100644 docker/traefik/.env.example delete mode 100644 docker/traefik/conf/apps/base.yml delete mode 100644 docker/traefik/conf/apps/dockge.yaml delete mode 100644 docker/traefik/conf/apps/filebrowser.yaml delete mode 100644 docker/traefik/conf/apps/gitea.yaml delete mode 100644 docker/traefik/conf/apps/grafana.yaml delete mode 100644 docker/traefik/conf/apps/homepage.yaml delete mode 100644 docker/traefik/conf/apps/openvscode.yaml delete mode 100644 docker/traefik/conf/apps/portainer.yaml delete mode 100644 docker/traefik/conf/apps/uptime.yaml delete mode 100644 docker/traefik/conf/traefik.yml delete mode 100644 docker/traefik/docker-compose.yml diff --git a/docker/caddy/.env.example b/docker/caddy/.env.example new file mode 100644 index 0000000..fcaa6de --- /dev/null +++ b/docker/caddy/.env.example @@ -0,0 +1,2 @@ +CLOUDFLARE_DNS_API_TOKEN=xxxx +BASE_DOMAIN=example.com \ No newline at end of file diff --git a/docker/caddy/Caddyfile b/docker/caddy/Caddyfile new file mode 100644 index 0000000..a8e0e01 --- /dev/null +++ b/docker/caddy/Caddyfile @@ -0,0 +1,53 @@ +*.{$BASE_DOMAIN} {$BASE_DOMAIN} { + + log + + tls { + dns cloudflare {env.CLOUDFLARE_DNS_API_TOKEN} + } + + @gitea host git.{$BASE_DOMAIN} + handle @gitea { + reverse_proxy http://gitea:3000 + handle /api/actions/runner.v1.RunnerService/FetchTask { + skip_log + } + } + + @homepagewww host www.{$BASE_DOMAIN} {$BASE_DOMAIN} + handle @homepagewww { + reverse_proxy http://homepage:80 + } + + @openvscode host code.{$BASE_DOMAIN} + handle @openvscode { + # http://openvscode-server:3000 + reverse_proxy http://openvscode-oauth + } + + @uptimekuma host uptime.{$BASE_DOMAIN} + handle @uptimekuma { + reverse_proxy http://uptime-kuma:3001 + } + + @dockge host dockge.{$BASE_DOMAIN} + handle @dockge { + # http://dockge:5001 + reverse_proxy http://dockge-oauth + } + + @filebrowser host file.{$BASE_DOMAIN} + handle @filebrowser { + reverse_proxy http://filebrowser + } + + @grafana host grafana.{$BASE_DOMAIN} + handle @grafana { + reverse_proxy http://grafana:3000 + } + + @homeassistant host assistant.{$BASE_DOMAIN} + handle @homeassistant { + reverse_proxy http://home-assistant:8123 + } +} \ No newline at end of file diff --git a/docker/caddy/Dockerfile b/docker/caddy/Dockerfile new file mode 100644 index 0000000..179bcee --- /dev/null +++ b/docker/caddy/Dockerfile @@ -0,0 +1,14 @@ +FROM caddy:2.7.6-builder-alpine AS builder + +RUN go env -w GOPROXY=https://goproxy.cn,direct + +RUN xcaddy build \ + --with github.com/caddy-dns/cloudflare + +FROM caddy:2.7.6-alpine + +COPY --from=builder /usr/bin/caddy /usr/bin/caddy + +ENTRYPOINT ["caddy"] + +CMD ["run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] \ No newline at end of file diff --git a/docker/caddy/docker-compose.yml b/docker/caddy/docker-compose.yml new file mode 100644 index 0000000..bd49fe0 --- /dev/null +++ b/docker/caddy/docker-compose.yml @@ -0,0 +1,25 @@ +version: "3.7" + +services: + caddy: + image: homeinfra/caddy + build: . + restart: unless-stopped + ports: + - "80:80" + - "443:443" + - "443:443/udp" + volumes: + - ./Caddyfile:/etc/caddy/Caddyfile + - ./data:/data/caddy + env_file: + - .env + networks: + - traefik_default + - internet + +networks: + traefik_default: + external: true + internet: + \ No newline at end of file diff --git a/docker/traefik/make_network.sh b/docker/caddy/make_network.sh similarity index 52% rename from docker/traefik/make_network.sh rename to docker/caddy/make_network.sh index 9c5f02c..e3913a3 100644 --- a/docker/traefik/make_network.sh +++ b/docker/caddy/make_network.sh @@ -1 +1,2 @@ +# TODO: rename all traefik_default network references docker network create -d bridge --internal traefik_default diff --git a/docker/dockge/docker-compose.yml b/docker/dockge/docker-compose.yml index e67976f..f50bcbb 100644 --- a/docker/dockge/docker-compose.yml +++ b/docker/dockge/docker-compose.yml @@ -33,7 +33,7 @@ services: restart: unless-stopped external_links: - - "traefik:git.homeinfra.org" + - "caddy:git.homeinfra.org" env_file: - .env networks: diff --git a/docker/dockge/oauth2-proxy.cfg b/docker/dockge/oauth2-proxy.cfg index 0e3a863..6cb73d3 100644 --- a/docker/dockge/oauth2-proxy.cfg +++ b/docker/dockge/oauth2-proxy.cfg @@ -12,7 +12,7 @@ provider="github" provider_display_name="Gitea" # client_id="" # client_secret="" -redirect_url="https://code.homeinfra.org/oauth2/callback" +redirect_url="https://dockge.homeinfra.org/oauth2/callback" login_url="https://git.homeinfra.org/login/oauth/authorize" redeem_url="https://git.homeinfra.org/login/oauth/access_token" validate_url="https://git.homeinfra.org/api/v1/user/emails" \ No newline at end of file diff --git a/docker/gitea/docker-compose.yml b/docker/gitea/docker-compose.yml index 51b7335..b4c7345 100644 --- a/docker/gitea/docker-compose.yml +++ b/docker/gitea/docker-compose.yml @@ -19,9 +19,9 @@ services: - ./data/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - # ports: + ports: # - "3000:3000" - # - "2222:22" + - "22:22" depends_on: - db env_file: diff --git a/docker/openvscode/docker-compose.yml b/docker/openvscode/docker-compose.yml index 01f96f5..7ab78b2 100644 --- a/docker/openvscode/docker-compose.yml +++ b/docker/openvscode/docker-compose.yml @@ -32,7 +32,7 @@ services: restart: unless-stopped external_links: - - "traefik:git.homeinfra.org" + - "caddy:git.homeinfra.org" networks: - traefik_default env_file: diff --git a/docker/traefik/.env.example b/docker/traefik/.env.example deleted file mode 100644 index d8d050f..0000000 --- a/docker/traefik/.env.example +++ /dev/null @@ -1 +0,0 @@ -CLOUDFLARE_DNS_API_TOKEN= diff --git a/docker/traefik/conf/apps/base.yml b/docker/traefik/conf/apps/base.yml deleted file mode 100644 index faa1a94..0000000 --- a/docker/traefik/conf/apps/base.yml +++ /dev/null @@ -1,20 +0,0 @@ - -http: - middlewares: - redirect-to-https: - redirectscheme: - scheme: https - routers: -# traefik-api: -# middlewares: traefik-basic-auth -# rule: Host(`traefik-dashboard.homeinfra.org`) -# service: api@internal -# entrypoints: web - - http_to_https: - entrypoints: web - middlewares: redirect-to-https - priority: 1 - rule: HostRegexp(`{catchall:.*}`) - service: noop@internal - diff --git a/docker/traefik/conf/apps/dockge.yaml b/docker/traefik/conf/apps/dockge.yaml deleted file mode 100644 index a79ecfa..0000000 --- a/docker/traefik/conf/apps/dockge.yaml +++ /dev/null @@ -1,14 +0,0 @@ -http: - routers: - dockge: - entrypoints: websecure - rule: Host(`dockge.homeinfra.org`) - service: dockge - tls: - certresolver: cloudflare - services: - dockge: - loadbalancer: - servers: - # - url: http://dockge:5001 - - url: http://dockge-oauth diff --git a/docker/traefik/conf/apps/filebrowser.yaml b/docker/traefik/conf/apps/filebrowser.yaml deleted file mode 100644 index afbfcb7..0000000 --- a/docker/traefik/conf/apps/filebrowser.yaml +++ /dev/null @@ -1,13 +0,0 @@ -http: - routers: - file: - entrypoints: websecure - rule: Host(`file.homeinfra.org`) - service: file - tls: - certresolver: cloudflare - services: - file: - loadbalancer: - servers: - - url: http://filebrowser diff --git a/docker/traefik/conf/apps/gitea.yaml b/docker/traefik/conf/apps/gitea.yaml deleted file mode 100644 index dfb372a..0000000 --- a/docker/traefik/conf/apps/gitea.yaml +++ /dev/null @@ -1,27 +0,0 @@ -http: - routers: - docker_gitea: - entrypoints: websecure - rule: Host(`git.homeinfra.org`) - service: docker_gitea - tls: - certresolver: cloudflare - services: - docker_gitea: - loadbalancer: - servers: - - url: http://gitea:3000 - -tcp: - routers: - gitea-ssh: - rule: HostSNI(`*`) - entrypoints: gitssh - service: gitea-ssh - services: - gitea-ssh: - loadbalancer: - servers: - - address: gitea:22 - - diff --git a/docker/traefik/conf/apps/grafana.yaml b/docker/traefik/conf/apps/grafana.yaml deleted file mode 100644 index cd7b6e0..0000000 --- a/docker/traefik/conf/apps/grafana.yaml +++ /dev/null @@ -1,13 +0,0 @@ -http: - routers: - grafana: - entrypoints: websecure - rule: Host(`grafana.homeinfra.org`) - service: grafana - tls: - certresolver: cloudflare - services: - grafana: - loadbalancer: - servers: - - url: http://grafana:3000 diff --git a/docker/traefik/conf/apps/homepage.yaml b/docker/traefik/conf/apps/homepage.yaml deleted file mode 100644 index d3478f0..0000000 --- a/docker/traefik/conf/apps/homepage.yaml +++ /dev/null @@ -1,13 +0,0 @@ -http: - routers: - homepage: - entrypoints: websecure - rule: Host(`www.homeinfra.org`) || Host(`homeinfra.org`) - service: homepage - tls: - certresolver: cloudflare - services: - homepage: - loadbalancer: - servers: - - url: http://homepage:80 diff --git a/docker/traefik/conf/apps/openvscode.yaml b/docker/traefik/conf/apps/openvscode.yaml deleted file mode 100644 index 03b0cdf..0000000 --- a/docker/traefik/conf/apps/openvscode.yaml +++ /dev/null @@ -1,15 +0,0 @@ -http: - routers: - openvscode: - entrypoints: websecure - rule: Host(`code.homeinfra.org`) - service: openvscode - tls: - certresolver: cloudflare - services: - openvscode: - loadbalancer: - servers: - - url: http://openvscode-oauth -# - url: http://openvscode-server:3000 - diff --git a/docker/traefik/conf/apps/portainer.yaml b/docker/traefik/conf/apps/portainer.yaml deleted file mode 100644 index 9a1289a..0000000 --- a/docker/traefik/conf/apps/portainer.yaml +++ /dev/null @@ -1,13 +0,0 @@ -http: - routers: - docker_portainer: - entrypoints: websecure - rule: Host(`portainer.homeinfra.org`) - service: docker_portainer - tls: - certresolver: cloudflare - services: - docker_portainer: - loadbalancer: - servers: - - url: http://portainer:9000 diff --git a/docker/traefik/conf/apps/uptime.yaml b/docker/traefik/conf/apps/uptime.yaml deleted file mode 100644 index 89e9d2c..0000000 --- a/docker/traefik/conf/apps/uptime.yaml +++ /dev/null @@ -1,13 +0,0 @@ -http: - routers: - uptime-kuma: - entrypoints: websecure - rule: Host(`uptime.homeinfra.org`) - service: uptime-kuma - tls: - certresolver: cloudflare - services: - uptime-kuma: - loadbalancer: - servers: - - url: http://uptime-kuma:3001 diff --git a/docker/traefik/conf/traefik.yml b/docker/traefik/conf/traefik.yml deleted file mode 100644 index 1a97638..0000000 --- a/docker/traefik/conf/traefik.yml +++ /dev/null @@ -1,50 +0,0 @@ - -global: - checkNewVersion: false - sendAnonymousUsage: false -log: - filepath: /logs/log.json - format: json - level: DEBUG -accesslog: - filepath: /logs/access.json - -api: - dashboard: true - insecure: true - -providers: - file: - directory: /conf/apps/ - watch: true - -entrypoints: - gitssh: - address: :22 - web: - address: :80 - websecure: - address: :443 - http: - tls: - domains: - - main: homeinfra.org - sans: "*.homeinfra.org" - - -tls: - stores: - default: - defaultCertResolver: cloudflare - defaultCertDomain: - main: homeinfra.org - sans: - - "*.homeinfra.org" - -certificatesResolvers: - cloudflare: - acme: - dnsChallenge: - provider: cloudflare - email: admin@homeinfra.org - storage: /letsencrypt/acme.json diff --git a/docker/traefik/docker-compose.yml b/docker/traefik/docker-compose.yml deleted file mode 100644 index 9ab5bf0..0000000 --- a/docker/traefik/docker-compose.yml +++ /dev/null @@ -1,31 +0,0 @@ -version: "2" -services: - web: - restart: unless-stopped - image: traefik:v2.9.7 - container_name: traefik - networks: - - traefik_default - - net - ports: - - 80:80 - - 443:443 - - 22:22 - # - "8080:8080" - command: - - --configFile=/conf/traefik.yml - environment: - - CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN} - - TZ=Asia/Shanghai - volumes: - - ./conf:/conf:ro - - ./data/letsencrypt:/letsencrypt - - /var/log/traefik_logs:/logs - - /var/run/docker.sock:/var/run/docker.sock - env_file: - - .env -networks: - net: - driver: bridge - traefik_default: - external: true