From 33918e07d49659c5a4248037f6b0b90aa18c47d0 Mon Sep 17 00:00:00 2001 From: John Date: Wed, 5 Nov 2025 19:16:17 +0000 Subject: [PATCH] Disable traefik temporarily --- stacks/apps/adminer/stack.yml | 19 ++--- stacks/apps/authentik/stack.yml | 16 ++-- stacks/apps/outline/stack.yml | 68 ++++++++--------- stacks/apps/paperless/stack.yml | 14 ++-- stacks/apps/uptime/stack.yml | 22 +++--- stacks/core/portainer/stack.yml | 6 +- stacks/core/traefik-test/stack.yml | 118 +++++++++++++++++++++++++++++ stacks/core/traefik/stack.yml | 80 ------------------- 8 files changed, 191 insertions(+), 152 deletions(-) create mode 100644 stacks/core/traefik-test/stack.yml delete mode 100644 stacks/core/traefik/stack.yml diff --git a/stacks/apps/adminer/stack.yml b/stacks/apps/adminer/stack.yml index 0c07543..cb3e32f 100644 --- a/stacks/apps/adminer/stack.yml +++ b/stacks/apps/adminer/stack.yml @@ -4,12 +4,12 @@ services: networks: - homelab ports: - - "8091:8080" + - "8091:8080" environment: - ADMINER_DEFAULT_SERVER=10.0.4.10 - ADMINER_DESIGN=nette healthcheck: - test: ["CMD", "php", "-r", "if (file_get_contents('http://localhost:8080')) exit(0); exit(1);"] + test: [ "CMD", "php", "-r", "if (file_get_contents('http://localhost:8080')) exit(0); exit(1);" ] interval: 30s timeout: 10s retries: 3 @@ -21,13 +21,14 @@ services: memory: 512M reservations: memory: 128M - # labels: # Local route - # - "traefik.enable=true" - # - "traefik.http.routers.adminer.rule=Host(`adminer.frostlabs.me`)" - # - "traefik.http.routers.adminer.entrypoints=websecure" - # - "traefik.http.routers.adminer.tls.certresolver=cloudflare" - # - "traefik.http.services.adminer.loadbalancer.server.port=8080" - # - "traefik.swarm.network=homelab" + labels: + # Local route + - traefik.enable=false + - traefik.http.routers.adminer.rule=Host(`adminer.frostlabs.me`) + - traefik.http.routers.adminer.entrypoints=websecure + - traefik.http.routers.adminer.tls.certresolver=cloudflare + - traefik.http.services.adminer.loadbalancer.server.port=8080 + - traefik.swarm.network=homelab networks: homelab: external: true diff --git a/stacks/apps/authentik/stack.yml b/stacks/apps/authentik/stack.yml index 07e919a..214c3a8 100644 --- a/stacks/apps/authentik/stack.yml +++ b/stacks/apps/authentik/stack.yml @@ -9,7 +9,7 @@ services: networks: - homelab healthcheck: - test: ["CMD", "redis-cli", "ping"] + test: [ "CMD", "redis-cli", "ping" ] interval: 30s timeout: 5s retries: 3 @@ -45,7 +45,7 @@ services: networks: - homelab healthcheck: - test: ["CMD-SHELL", "ak healthcheck"] + test: [ "CMD-SHELL", "ak healthcheck" ] interval: 30s timeout: 10s retries: 3 @@ -59,12 +59,12 @@ services: reservations: memory: 512M labels: - - "traefik.enable=true" - - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)" - - "traefik.http.routers.authentik.entrypoints=websecure" - - "traefik.http.routers.authentik.tls.certresolver=cloudflare" - - "traefik.http.services.authentik.loadbalancer.server.port=9000" - - "traefik.swarm.network=homelab" + - "traefik.enable=false" + - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)" + - "traefik.http.routers.authentik.entrypoints=websecure" + - "traefik.http.routers.authentik.tls.certresolver=cloudflare" + - "traefik.http.services.authentik.loadbalancer.server.port=9000" + - "traefik.swarm.network=homelab" depends_on: - redis diff --git a/stacks/apps/outline/stack.yml b/stacks/apps/outline/stack.yml index 015e319..0719c2d 100644 --- a/stacks/apps/outline/stack.yml +++ b/stacks/apps/outline/stack.yml @@ -9,35 +9,35 @@ services: outline: image: outlinewiki/outline:latest environment: - - PGSSLMODE=disable - - SECRET_KEY=2821b95392ba4ead8acb1882653eb217545ee267099608dee92ecde2cf9a7323 - - UTILS_SECRET=cd5dab7c54b92603ba44bcab8a49e5a0f816b11a5b75ef25fe73ebb13633cae4 - - DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline - - REDIS_URL=redis://redis:6379 - - URL=https://flow.frostlabs.me - - PORT=3000 - - FILE_STORAGE=local - - FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data - - FILE_STORAGE_UPLOAD_MAX_SIZE=26214400 - # OIDC/SSO Configuration for Authentik - - OIDC_CLIENT_ID=9zCd8wzJFBv3oRYmdJXKWVokI0P3dx0HhuJB2yST - - OIDC_CLIENT_SECRET=fQpA7KFeDO2x8HKcQ5lOKFvB4HqyXcUvwUpow20bIOUBEZqoZ5hekkYS2kJ7BR2XayrOevq1sd4cC7Nw3mO1xz2jFXw0CiuhfNQTdMF35Zz2IXKbsNvVHU0Z1hYFjhlG - - OIDC_AUTH_URI=https://auth.frostlabs.me/application/o/authorize/ - - OIDC_TOKEN_URI=https://auth.frostlabs.me/application/o/token/ - - OIDC_USERINFO_URI=https://auth.frostlabs.me/application/o/userinfo/ - - OIDC_LOGOUT_URI=https://auth.frostlabs.me/application/o/outline/end-session/ - - OIDC_USERNAME_CLAIM=preferred_username - - OIDC_DISPLAY_NAME=Authentik - - OIDC_SCOPES=openid profile email + - PGSSLMODE=disable + - SECRET_KEY=2821b95392ba4ead8acb1882653eb217545ee267099608dee92ecde2cf9a7323 + - UTILS_SECRET=cd5dab7c54b92603ba44bcab8a49e5a0f816b11a5b75ef25fe73ebb13633cae4 + - DATABASE_URL=postgres://admin:AllOfTheStars%2B1@10.0.4.10:5432/outline + - REDIS_URL=redis://redis:6379 + - URL=https://flow.frostlabs.me + - PORT=3000 + - FILE_STORAGE=local + - FILE_STORAGE_LOCAL_ROOT_DIR=/var/lib/outline/data + - FILE_STORAGE_UPLOAD_MAX_SIZE=26214400 + # OIDC/SSO Configuration for Authentik + - OIDC_CLIENT_ID=9zCd8wzJFBv3oRYmdJXKWVokI0P3dx0HhuJB2yST + - OIDC_CLIENT_SECRET=fQpA7KFeDO2x8HKcQ5lOKFvB4HqyXcUvwUpow20bIOUBEZqoZ5hekkYS2kJ7BR2XayrOevq1sd4cC7Nw3mO1xz2jFXw0CiuhfNQTdMF35Zz2IXKbsNvVHU0Z1hYFjhlG + - OIDC_AUTH_URI=https://auth.frostlabs.me/application/o/authorize/ + - OIDC_TOKEN_URI=https://auth.frostlabs.me/application/o/token/ + - OIDC_USERINFO_URI=https://auth.frostlabs.me/application/o/userinfo/ + - OIDC_LOGOUT_URI=https://auth.frostlabs.me/application/o/outline/end-session/ + - OIDC_USERNAME_CLAIM=preferred_username + - OIDC_DISPLAY_NAME=Authentik + - OIDC_SCOPES=openid profile email volumes: - - /home/doc/projects/swarm-data/appdata/outline/data:/var/lib/outline/data + - /home/doc/projects/swarm-data/appdata/outline/data:/var/lib/outline/data networks: - - homelab + - homelab deploy: replicas: 1 placement: constraints: - - node.hostname == p0 + - node.hostname == p0 restart_policy: condition: any # resources: @@ -47,15 +47,15 @@ services: # reservations: # memory: 512M labels: - - "traefik.enable=true" - - "traefik.docker.network=homelab" - - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)" - - "traefik.http.routers.outline.entrypoints=websecure" - - "traefik.http.routers.outline.tls=true" - - "traefik.http.routers.outline.tls.certresolver=cloudflare" - - "traefik.http.services.outline.loadbalancer.server.port=3000" + - "traefik.enable=falso" + - "traefik.docker.network=homelab" + - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)" + - "traefik.http.routers.outline.entrypoints=websecure" + - "traefik.http.routers.outline.tls=true" + - "traefik.http.routers.outline.tls.certresolver=cloudflare" + - "traefik.http.services.outline.loadbalancer.server.port=3000" depends_on: - - redis + - redis # postgres: # image: postgres:16-alpine @@ -91,14 +91,14 @@ services: redis: image: redis:7-alpine volumes: - - /home/doc/projects/swarm-data/appdata/outline/redis:/data + - /home/doc/projects/swarm-data/appdata/outline/redis:/data networks: - - homelab + - homelab deploy: replicas: 1 placement: constraints: - - node.hostname == p0 + - node.hostname == p0 # restart_policy: # condition: on-failure # delay: 5s diff --git a/stacks/apps/paperless/stack.yml b/stacks/apps/paperless/stack.yml index 4da55f2..fd68278 100644 --- a/stacks/apps/paperless/stack.yml +++ b/stacks/apps/paperless/stack.yml @@ -4,7 +4,7 @@ services: networks: - homelab healthcheck: - test: ["CMD", "redis-cli", "ping"] + test: [ "CMD", "redis-cli", "ping" ] interval: 30s timeout: 5s retries: 3 @@ -30,7 +30,7 @@ services: - paperless-admin-pass environment: - PAPERLESS_DBPASS_FILE=/run/secrets/postgres-master - - PAPERLESS_SECRET_KEY_FILE=/run/secrets/paperless-secret-key + - PAPERLESS_SECRET_KEY_FILE=/run/secrets/paperless-secret-key - PAPERLESS_ADMIN_PASSWORD_FILE=/run/secrets/paperless-admin-pass # - PAPERLESS_URLS=https://docs.frostlabs.me # - PAPERLESS_ALLOWED_HOSTS=docs.frostlabs.me,docs.frostlabs.home @@ -39,7 +39,7 @@ services: - PAPERLESS_ALLOWED_HOSTS=docs.home.frostlabs.me - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.home.frostlabs.me - PAPERLESS_REDIS=redis://paperless_redis:6379 - - PAPERLESS_DBHOST=10.0.4.10 # Fixed: removed http:// + - PAPERLESS_DBHOST=10.0.4.10 - PAPERLESS_DBPORT=5432 - PAPERLESS_DBNAME=paperless - PAPERLESS_DBUSER=admin @@ -56,7 +56,7 @@ services: networks: - homelab healthcheck: - test: ["CMD", "curl", "-f", "http://localhost:8000"] + test: [ "CMD", "curl", "-f", "http://localhost:8000" ] interval: 30s timeout: 10s retries: 3 @@ -70,14 +70,14 @@ services: reservations: memory: 1G labels: - - "traefik.enable=true" + - "traefik.enable=false" - "traefik.swarm.network=homelab" - "traefik.http.routers.paperless.rule=Host(`docs.home.frostlabs.me`)" - "traefik.http.routers.paperless.entrypoints=websecure" - "traefik.http.routers.paperless.tls=true" - "traefik.http.routers.paperless.service=paperless" - "traefik.http.services.paperless.loadbalancer.server.port=8000" - depends_on: # Fixed: removed postgres dependency + depends_on: - paperless_redis networks: @@ -90,4 +90,4 @@ secrets: paperless-secret-key: external: true postgres-master: - external: true \ No newline at end of file + external: true diff --git a/stacks/apps/uptime/stack.yml b/stacks/apps/uptime/stack.yml index 86071e2..6235c2c 100644 --- a/stacks/apps/uptime/stack.yml +++ b/stacks/apps/uptime/stack.yml @@ -2,13 +2,13 @@ services: uptime-kuma: image: louislam/uptime-kuma:1.23.16 volumes: - - /home/doc/projects/swarm-data/appdata/uptime:/app/data + - /home/doc/projects/swarm-data/appdata/uptime:/app/data environment: - - TZ=America/New_York + - TZ=America/New_York networks: - - homelab + - homelab healthcheck: - test: ["CMD", "node", "/app/extra/healthcheck.js"] + test: [ "CMD", "node", "/app/extra/healthcheck.js" ] interval: 30s timeout: 10s retries: 3 @@ -28,13 +28,13 @@ services: failure_action: rollback order: start-first labels: - - "traefik.enable=true" - - "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)" - - "traefik.http.routers.uptime-kuma.entrypoints=websecure" - - "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare" - - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001" - - "traefik.docker.network=homelab" + - "traefik.enable=false" + - "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)" + - "traefik.http.routers.uptime-kuma.entrypoints=websecure" + - "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare" + - "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001" + - "traefik.docker.network=homelab" networks: homelab: - external: true \ No newline at end of file + external: true diff --git a/stacks/core/portainer/stack.yml b/stacks/core/portainer/stack.yml index ce1db32..642c27e 100644 --- a/stacks/core/portainer/stack.yml +++ b/stacks/core/portainer/stack.yml @@ -12,10 +12,10 @@ services: mode: replicated replicas: 1 placement: - constraints: - - node.hostname == p0 + constraints: + - node.hostname == p0 labels: - - "traefik.enable=true" + - "traefik.enable=false" - "traefik.swarm.network=homelab" - "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)" - "traefik.http.routers.portainer.entrypoints=websecure" diff --git a/stacks/core/traefik-test/stack.yml b/stacks/core/traefik-test/stack.yml new file mode 100644 index 0000000..d0f6e52 --- /dev/null +++ b/stacks/core/traefik-test/stack.yml @@ -0,0 +1,118 @@ +services: + traefik: + image: traefik:v3.5 + + networks: + # Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes + - homelab-local + + ports: + # Expose Traefik's entry points to the Swarm + # Swarm requires the long syntax for ports. + - target: 80 # Container port (Traefik web entry point) + published: 80 # Host port exposed on the nodes + protocol: tcp + # 'host' mode binds directly to the node's IP where the task runs. + # 'ingress' mode uses Swarm's Routing Mesh (load balances across nodes). + # Choose based on your load balancing strategy. 'host' is often simpler if using an external LB. + mode: host + - target: 443 # Container port ( Traefik websecure entry point) + published: 443 # Host port + protocol: tcp + mode: host + + volumes: + # Mount the Docker socket for the Swarm provider + # This MUST be run from a manager node to access the Swarm API via the socket. + - /var/run/docker.sock:/var/run/docker.sock:ro # Swarm API socket + - /home/doc/projects/swarm-data/appdata/traefik/certificates/local:/certs:ro + - /home/doc/projects/swarm/conf/traefik-local-conf:/dynamic:ro + # Traefik Static configuration via command-line arguments + command: + # HTTP EntryPoint + - "--entrypoints.web.address=:80" + + # Configure HTTP to HTTPS Redirection + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + - "--entrypoints.web.http.redirections.entrypoint.permanent=true" + + # HTTPS EntryPoint + - "--entrypoints.websecure.address=:443" + - "--entrypoints.websecure.http.tls=true" + + # Attach dynamic TLS file + - "--providers.file.filename=/dynamic/tls.yaml" + + # Providers + + # Enable the Docker Swarm provider (instead of Docker provider) + - "--providers.swarm.endpoint=unix:///var/run/docker.sock" + + # Watch for Swarm service changes (requires socket access) + - "--providers.swarm.watch=true" + + # Recommended: Don't expose services by default; require explicit labels + - "--providers.swarm.exposedbydefault=false" + + # Specify the default network for Traefik to connect to services + - "--providers.swarm.network=homelab-local" + + # API & Dashboard + - "--api.dashboard=true" # Enable the dashboard + - "--api.insecure=false" # Explicitly disable insecure API mod + + # Observability + - "--log.level=INFO" # Set the Log Level e.g INFO, DEBUG + - "--accesslog=true" # Enable Access Logs + - "--metrics.prometheus=falso" # Enable Prometheus + + deploy: + replicas: 1 + placement: + + # Placement constraints restrict where Traefik tasks can run. + # Running on manager nodes is common for accessing the Swarm API via the socket. + constraints: + - node.hostname == p0 + + # Traefik Dynamic configuration via labels + # In Swarm, labels on the service definition configure Traefik routing for that service. + labels: + - "traefik.enable=true" + + # Dashboard router + - "traefik.http.routers.dashboard.rule=Host(`dashboard.swarm.localhost`)" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls=true" + + # Basic‑auth middleware + - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$apr1$$KWe9YrFZ$$pCQuQTJD16kxFTrVOtL8f." + - "traefik.http.routers.dashboard.middlewares=dashboard-auth@swarm" + + # Service hint + - "traefik.http.services.traefik.loadbalancer.server.port=8080" + + # Deploy the Whoami application + whoami: + image: traefik/whoami + networks: + - homelab-local + deploy: + labels: + # Enable Service discovery for Traefik + - "traefik.enable=true" + # Define the WHoami router rule + - "traefik.http.routers.whoami.rule=Host(`whoami.swarm.localhost`)" + # Expose Whoami on the HTTPS entrypoint + - "traefik.http.routers.whoami.entrypoints=websecure" + # Enable TLS + - "traefik.http.routers.whoami.tls=true" + # Expose the whoami port number to Traefik + - traefik.http.services.whoami.loadbalancer.server.port=80 + +# Define the overlay network for Swarm +networks: + homelab-local: + external: true diff --git a/stacks/core/traefik/stack.yml b/stacks/core/traefik/stack.yml deleted file mode 100644 index 8216106..0000000 --- a/stacks/core/traefik/stack.yml +++ /dev/null @@ -1,80 +0,0 @@ -services: - traefik: - image: traefik:v3.5 - command: - - --api.dashboard=true - - --api.insecure=true - - --ping=true - - --entrypoints.web.address=:80 - - --entrypoints.websecure.address=:443 - - --entrypoints.local.address=:8443 - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - - --providers.swarm=true - - --providers.swarm.exposedByDefault=false - - --providers.swarm.network=homelab - - --providers.swarm.watch=true - - --providers.file.directory=/etc/traefik/dynamic - - --providers.file.watch=true - - --certificatesresolvers.cloudflare.acme.dnschallenge=true - - --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare - - --certificatesresolvers.cloudflare.acme.email=john.allisonwin@outlook.com - - --certificatesresolvers.cloudflare.acme.storage=/certificates/acme.json - - --log.level=DEBUG - - --accesslog=true - ports: - - target: 80 - published: 80 - mode: host - - target: 443 - published: 443 - mode: host - - target: 8443 - published: 8443 - mode: host - - target: 8080 - published: 8082 - mode: host - environment: - - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates - - /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro - secrets: - - cloudflare_api_token - networks: - - homelab - healthcheck: - test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"] - interval: 30s - timeout: 5s - retries: 3 - start_period: 30s - deploy: - mode: replicated - replicas: 1 - placement: - constraints: - - node.hostname == p0 - resources: - limits: - memory: 512M - cpus: '0.5' - reservations: - memory: 256M - labels: - - "traefik.enable=true" - - "traefik.http.routers.traefik.rule=Host(`proxy.frostlabs.me`)" - - "traefik.http.routers.traefik.entrypoints=websecure" - - "traefik.http.routers.traefik.tls.certresolver=cloudflare" - - "traefik.http.routers.traefik.service=api@internal" - - "traefik.http.services.traefik.loadbalancer.server.port=8080" - -networks: - homelab: - external: true - -secrets: - cloudflare_api_token: - external: true