From c176745bc3ab25084aa36813e703099f812e5fff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Honza=20Pobo=C5=99il?= Date: Thu, 2 Jun 2022 16:35:42 +0200 Subject: [PATCH] Upgraded and refactored Traefik (#585) --- .gitignore | 2 -- Generated/.gitignore | 3 +- Traefik/README.md | 28 ++++++++++----- Traefik/traefik.toml | 34 ------------------- Traefik/traefik.yml | 34 +++++++++++++++++++ build.ps1 | 6 ---- build.sh | 6 ---- .../docker-fragments/bitcoin-clightning.yml | 3 ++ .../docker-fragments/bitcoin-eclair.yml | 7 ++-- .../docker-fragments/bitcoin-lnd.yml | 3 ++ .../docker-fragments/btcpayserver.yml | 5 ++- .../opt-add-btctransmuter.yml | 3 ++ .../docker-fragments/opt-add-thunderhub.yml | 3 ++ .../docker-fragments/traefik-labels.yml | 12 ------- .../docker-fragments/traefik.yml | 14 +++----- 15 files changed, 80 insertions(+), 83 deletions(-) delete mode 100644 Traefik/traefik.toml create mode 100644 Traefik/traefik.yml delete mode 100644 docker-compose-generator/docker-fragments/traefik-labels.yml diff --git a/.gitignore b/.gitignore index edec872..086a6c3 100644 --- a/.gitignore +++ b/.gitignore @@ -297,8 +297,6 @@ Production/.env .vscode/ *docker-compose.generated.yml -Generated/acme.json -Generated/traefik_logs/ Generated/chatwoot_config.env Generated/error diff --git a/Generated/.gitignore b/Generated/.gitignore index f167377..5fc10d9 100644 --- a/Generated/.gitignore +++ b/Generated/.gitignore @@ -1,5 +1,4 @@ *.yml nginx.tmpl -*.toml *.json -pull-images.sh \ No newline at end of file +pull-images.sh diff --git a/Traefik/README.md b/Traefik/README.md index 1c69e73..35722b2 100644 --- a/Traefik/README.md +++ b/Traefik/README.md @@ -1,17 +1,27 @@ # How to use docker-compose with Traefik -Traefik is a modern reverse proxy aimed towards applications running through container orchestrators. +Traefik is a modern reverse proxy aimed towards applications running through container orchestrators. Some of the benefits of using Traefik over NGinx are: -* Real-time configuration changes - no need to reload the proxy -* Auto discovery and configuration of services through a vast amount of container orchestrators. -* Built-in official support for Let's Encrypt SSL with certificate auto-renewal + +- Real-time configuration changes - no need to reload the proxy +- Auto discovery and configuration of services through a vast amount of container orchestrators. +- Built-in official support for Let's Encrypt SSL with certificate auto-renewal +- Supports path-based routing without need to [hard-code it in global config](../Production/nginx.tmpl). ## Traefik Specific Environment Variables -* `BTCPAYGEN_REVERSEPROXY` to `traefik`. -* `LETSENCRYPT_EMAIL`: Optional, The email Let's Encrypt will use to notify you about certificate expiration. -* `BTCPAYGEN_ADDITIONAL_FRAGMENTS`: In the case that you have an already deployed traefik container, you can use the fragment `traefik-labels` which will tag the btcpayserver service with the needed labels to be discovered. +- `BTCPAYGEN_REVERSEPROXY` to `traefik`. +- `LETSENCRYPT_EMAIL`: Optional, The email Let's Encrypt will use to notify you about certificate expiration. +- `BTCPAYGEN_ADDITIONAL_FRAGMENTS`: Add `traefik` +- `BTCPAY_ADDITIONAL_HOSTS`: Traefic can not accept list of hosts. Add additional hosts in a new file named e.g. `btcpayserver-traefic.custom.yml`: + ``` + version: "3" + services: + btcpayserver: + labels: + traefik.http.routers.btcpayserver2.rule: Host(`additional.example.com`) + traefik.http.routers.btcpayserver3.rule: Host(`another-additional.example.com`) + ``` - -![Architecture](Production.png) \ No newline at end of file +![Architecture](Production.png) diff --git a/Traefik/traefik.toml b/Traefik/traefik.toml deleted file mode 100644 index b85e505..0000000 --- a/Traefik/traefik.toml +++ /dev/null @@ -1,34 +0,0 @@ -defaultEntryPoints = ["https","http"] - -logLevel = "ERROR" - -[entryPoints] - [entryPoints.http] - address = ":80" - [entryPoints.http.redirect] - entryPoint = "https" - [entryPoints.https] - address = ":443" - [entryPoints.https.tls] - -[retry] - -[docker] -endpoint = "unix:///var/run/docker.sock" -watch = true -exposedByDefault = false - -[acme] -storage = "acme.json" -entryPoint = "https" -onHostRule = true -[acme.httpChallenge] -entryPoint = "http" - -[traefikLog] - filePath = "/traefik_logs/traefik.log" - format = "json" - -[accessLog] - filePath = "/traefik_logs/access.log" - format = "json" diff --git a/Traefik/traefik.yml b/Traefik/traefik.yml new file mode 100644 index 0000000..27c6011 --- /dev/null +++ b/Traefik/traefik.yml @@ -0,0 +1,34 @@ +entryPoints: + http: + address: :80 + http: + redirections: + entrypoint: + to: https + scheme: https + https: + address: :443 + http: + tls: + certResolver: default + +providers: + docker: + exposedByDefault: false + watch: true + endpoint: unix:///var/run/docker.sock + +# Enable only for debug +#api: +# insecure: true +# dashboard: true + +log: + level: ERROR # or DEBUG, PANIC, FATAL, WARN, and INFO + +certificatesResolvers: + default: + acme: + storage: /data/acme.json + httpChallenge: + entryPoint: http diff --git a/build.ps1 b/build.ps1 index ba81a28..84c687d 100755 --- a/build.ps1 +++ b/build.ps1 @@ -31,9 +31,3 @@ docker run -v "$(Get-Location)\Generated:/app/Generated" ` If ($BTCPAYGEN_REVERSEPROXY -eq "nginx") { Copy-Item ".\Production\nginx.tmpl" -Destination ".\Generated" } - -If ($BTCPAYGEN_REVERSEPROXY -eq "traefik") { - Copy-Item ".\Traefik\traefik.toml" -Destination ".\Generated" - - New-Item ".\Generated\acme.json" -type file -} diff --git a/build.sh b/build.sh index bf3c95c..44b4ae2 100755 --- a/build.sh +++ b/build.sh @@ -41,9 +41,3 @@ fi [[ -f "Generated/pull-images.sh" ]] && chmod +x Generated/pull-images.sh [[ -f "Generated/save-images.sh" ]] && chmod +x Generated/save-images.sh - -if [ "$BTCPAYGEN_REVERSEPROXY" == "traefik" ]; then - cp Traefik/traefik.toml Generated/traefik.toml - :> Generated/acme.json - chmod 600 Generated/acme.json -fi diff --git a/docker-compose-generator/docker-fragments/bitcoin-clightning.yml b/docker-compose-generator/docker-fragments/bitcoin-clightning.yml index 171880e..d576f99 100644 --- a/docker-compose-generator/docker-fragments/bitcoin-clightning.yml +++ b/docker-compose-generator/docker-fragments/bitcoin-clightning.yml @@ -85,6 +85,9 @@ services: RTL_SSO: 1 RTL_COOKIE_PATH: /data/.cookie LOGOUT_REDIRECT_LINK: /server/services + labels: + traefik.enable: true + traefik.http.routers.bitcoin_rtl.rule: Host(`${BTCPAY_HOST}`) && (Path(`/rtl`) || PathPrefix(`/rtl/`)) volumes: - "clightning_bitcoin_datadir:/root/.lightning" - "bitcoin_datadir:/etc/bitcoin" diff --git a/docker-compose-generator/docker-fragments/bitcoin-eclair.yml b/docker-compose-generator/docker-fragments/bitcoin-eclair.yml index af9d460..4c37093 100644 --- a/docker-compose-generator/docker-fragments/bitcoin-eclair.yml +++ b/docker-compose-generator/docker-fragments/bitcoin-eclair.yml @@ -31,8 +31,8 @@ services: -Declair.bitcoind.zmqblock=tcp://bitcoind:28334 -Declair.bitcoind.zmqtx=tcp://bitcoind:28333 expose: - - "9735" # server port - - "8080" # api port + - "9735" # server port + - "8080" # api port volumes: - "bitcoin_datadir:/etc/bitcoin" - "eclair_bitcoin_datadir:/data" @@ -56,6 +56,9 @@ services: - "eclair_bitcoin_rtl_datadir:/data" expose: - "3000" + labels: + traefik.enable: true + traefik.http.routers.bitcoin_rtl.rule: Host(`${BTCPAY_HOST}`) && (Path(`/rtl`) || PathPrefix(`/rtl/`)) links: - eclair_bitcoin diff --git a/docker-compose-generator/docker-fragments/bitcoin-lnd.yml b/docker-compose-generator/docker-fragments/bitcoin-lnd.yml index fab8601..2bac22c 100644 --- a/docker-compose-generator/docker-fragments/bitcoin-lnd.yml +++ b/docker-compose-generator/docker-fragments/bitcoin-lnd.yml @@ -66,6 +66,9 @@ services: - "lnd_bitcoin_rtl_datadir:/data" expose: - "3000" + labels: + traefik.enable: true + traefik.http.routers.bitcoin_rtl.rule: Host(`${BTCPAY_HOST}`) && (Path(`/rtl`) || PathPrefix(`/rtl/`)) links: - lnd_bitcoin diff --git a/docker-compose-generator/docker-fragments/btcpayserver.yml b/docker-compose-generator/docker-fragments/btcpayserver.yml index f7a4827..6281b50 100644 --- a/docker-compose-generator/docker-fragments/btcpayserver.yml +++ b/docker-compose-generator/docker-fragments/btcpayserver.yml @@ -1,7 +1,6 @@ version: "3" services: - btcpayserver: restart: unless-stopped image: ${BTCPAY_IMAGE:-btcpayserver/btcpayserver:1.5.4$?} @@ -21,6 +20,10 @@ services: BTCPAY_DEBUGLOG: btcpay.log BTCPAY_UPDATEURL: https://api.github.com/repos/btcpayserver/btcpayserver/releases/latest BTCPAY_DOCKERDEPLOYMENT: "true" + labels: + traefik.enable: true + traefik.http.routers.btcpayserver.rule: Host(`${BTCPAY_HOST}`) + # Traefic can not accept list from BTCPAY_ADDITIONAL_HOSTS, see Traefik/README.md links: - postgres volumes: diff --git a/docker-compose-generator/docker-fragments/opt-add-btctransmuter.yml b/docker-compose-generator/docker-fragments/opt-add-btctransmuter.yml index 00f01f5..1c1b898 100644 --- a/docker-compose-generator/docker-fragments/opt-add-btctransmuter.yml +++ b/docker-compose-generator/docker-fragments/opt-add-btctransmuter.yml @@ -21,6 +21,9 @@ services: VIRTUAL_HOST: ${BTCTRANSMUTER_HOST} VIRTUAL_HOST_NAME: "btctransmuter" TRANSMUTER_BTCPayAuthServer: "http://btcpayserver:49392" + labels: + traefik.enable: true + traefik.http.routers.btctransmuter.rule: Host(`${BTCPAY_HOST}`) && (Path(`/btctransmuter`) || PathPrefix(`/btctransmuter/`)) expose: - "80" links: diff --git a/docker-compose-generator/docker-fragments/opt-add-thunderhub.yml b/docker-compose-generator/docker-fragments/opt-add-thunderhub.yml index 084da38..8f438d8 100644 --- a/docker-compose-generator/docker-fragments/opt-add-thunderhub.yml +++ b/docker-compose-generator/docker-fragments/opt-add-thunderhub.yml @@ -19,6 +19,9 @@ services: NO_CLIENT_ACCOUNTS: "true" LOG_LEVEL: debug LOGOUT_URL: "/server/services/thunderhub/BTC" + labels: + traefik.enable: true + traefik.http.routers.bitcoin_thub.rule: Host(`${BTCPAY_HOST}`) && (Path(`/thub`) || PathPrefix(`/thub/`)) volumes: - "lnd_bitcoin_datadir:/etc/lnd" - "lnd_bitcoin_thub_datadir:/data" diff --git a/docker-compose-generator/docker-fragments/traefik-labels.yml b/docker-compose-generator/docker-fragments/traefik-labels.yml deleted file mode 100644 index e361858..0000000 --- a/docker-compose-generator/docker-fragments/traefik-labels.yml +++ /dev/null @@ -1,12 +0,0 @@ -version: "3" - -services: - btcpayserver: - labels: - - "traefik.backend=btcpayserver" - - "traefik.backend.loadbalancer.sticky=true" - - "traefik.enable=true" - - "traefik.frontend.rule=Host:${BTCPAY_HOST}" - - "traefik.port.rule=49392" - - "traefik.acme.domains=${BTCPAY_HOST},www.${BTCPAY_HOST}" - - "traefik.acme.email=${LETSENCRYPT_EMAIL}" diff --git a/docker-compose-generator/docker-fragments/traefik.yml b/docker-compose-generator/docker-fragments/traefik.yml index 52612b1..8d6b997 100644 --- a/docker-compose-generator/docker-fragments/traefik.yml +++ b/docker-compose-generator/docker-fragments/traefik.yml @@ -3,23 +3,19 @@ version: "3" services: traefik: restart: unless-stopped - image: traefik + image: traefik:v2.6 container_name: traefik ports: - "${REVERSEPROXY_HTTP_PORT:-80}:80" - "${REVERSEPROXY_HTTPS_PORT:-443}:443" + - "8080:8080" # Dashboard, enable for debug only volumes: - "/var/run/docker.sock:/var/run/docker.sock" - - "./traefik.toml:/traefik.toml" - - "./acme.json:/acme.json:ro" - - "./servers.toml:/servers.toml" - - "./traefik_logs:/traefik_logs" - - links: - - btcpayserver + - "../Traefik/traefik.yml:/traefik.yml" + - "traefik_data:/data" volumes: - traefik_logs: + traefik_data: exclusive: - proxy