Some comments

2021-09-03 10:59:26 +02:00 · 2021-09-03 10:59:26 +02:00 · fe64c0e4c5
commit fe64c0e4c5
parent 7fb637509b
3 changed files with 17 additions and 6 deletions
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -2,14 +2,14 @@ version: "2.4"

 networks:
  web:
-    # All containers that are router through traefik needs to be on this network
+    # All containers that are routed through traefik needs to be on this network
    external: true

-volumes:
-  authelia-config:
-    # Used for pre-processing of authelia configuration
-
 services:
+
+  # Autheal will restart any container that has the label
+  # autoheal: true
+  # and fail their healthcheck
  autoheal:
    container_name: autoheal
    restart: always
@ -17,6 +17,8 @@ services:
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

+  # Traefik reverse proxy. Routes http and ssh trafic to the righ containers
+  # Controlled by container labels, see bottom of this compose file
  traefik:
    container_name: traefik
    image: traefik
@ -41,6 +43,7 @@ services:
      - ./traefik:/data
    healthcheck:
      # Sometimes, traefik loses connection to authelia. The only thing that works then is a restart, handled by autoheal.
+      # I haven't checked for quite a while if this is still a problem, but might as well leave it in there.
      test: ["CMD", "wget", "-O", "-", "authelia:9091/api/state"]
    labels:
      traefik.enable: true
@ -50,6 +53,7 @@ services:
      traefik.http.routers.traefik.tls.certResolver: le
      autoheal: "true"

+  # Authelia handles access control with 2FA
  authelia:
    container_name: authelia
    image: authelia/authelia
@ -75,6 +79,7 @@ services:
      traefik.http.routers.authelia.entrypoints: websecure
      autoheal: "true"

+  # Homer provides a dashboard for all services. Configured through ./homer/config.yml
  homer:
    container_name: homer
    image: b4bz/homer
@ -91,6 +96,7 @@ services:
      traefik.http.routers.homer.rule: Host(`${PRIVATE_DOMAIN}`) || Host(`www.${PRIVATE_DOMAIN}`)
      traefik.http.routers.homer.tls.certResolver: le

+  # Dozzle is an easy way to view docker logs through a web interface
  dozzle:
    image: amir20/dozzle
    restart: always
--- a/traefik/config/network.yaml
+++ b/traefik/config/network.yaml
@ -6,10 +6,12 @@ http:
      loadBalancer:
        servers:
          - url: http://192.168.0.1:80
+
    proxmox:
      loadBalancer:
        servers:
          - url: https://192.168.0.10:8006
+          
    prusa:
      loadBalancer:
        servers:
@ -24,6 +26,7 @@ http:
        - auth
      tls:
        certResolver: le
+
    proxmox:
      service: proxmox
      rule: Host(`proxmox.{{ env "PRIVATE_DOMAIN" }}`)
@ -31,6 +34,7 @@ http:
        - auth
      tls:
        certResolver: le
+
    prusa:
      service: prusa
      rule: Host(`prusa.{{env "PRIVATE_DOMAIN"}}`)
--- a/traefik/traefik.yaml
+++ b/traefik/traefik.yaml
@ -23,8 +23,9 @@ entryPoints:
 certificatesResolvers:
  le:
    acme:
-      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      # email: SET BY ENV VARIABLE TRAEFIK_CERTIFICATERESOLVERS_LE_ACME_EMAIL
      storage: /data/acme.json
      httpChallenge:
        entrypoint: web
+      # UNCOMMENT NEXT ROW FOR EXPERIMENTATION
+      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory