jpallison0625/swarm-production
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Disable traefik temporarily

Browse Source
This commit is contained in:
John
2025-11-05 19:16:17 +00:00
parent 1e5c2a0f19
commit 33918e07d4
8 changed files with 191 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
stacks/apps/adminer/stack.yml
View File

@@ -21,13 +21,14 @@ services:
memory: 512M
reservations:
memory: 128M
# labels: # Local route
# - "traefik.enable=true"
# - "traefik.http.routers.adminer.rule=Host(`adminer.frostlabs.me`)"
# - "traefik.http.routers.adminer.entrypoints=websecure"
# - "traefik.http.routers.adminer.tls.certresolver=cloudflare"
# - "traefik.http.services.adminer.loadbalancer.server.port=8080"
# - "traefik.swarm.network=homelab"
labels:
# Local route
- traefik.enable=false
- traefik.http.routers.adminer.rule=Host(`adminer.frostlabs.me`)
- traefik.http.routers.adminer.entrypoints=websecure
- traefik.http.routers.adminer.tls.certresolver=cloudflare
- traefik.http.services.adminer.loadbalancer.server.port=8080
- traefik.swarm.network=homelab
networks:
homelab:
external: true

2
stacks/apps/authentik/stack.yml
View File

@@ -59,7 +59,7 @@ services:
reservations:
memory: 512M
labels:
- "traefik.enable=true"
- "traefik.enable=false"
- "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
- "traefik.http.routers.authentik.entrypoints=websecure"
- "traefik.http.routers.authentik.tls.certresolver=cloudflare"

2
stacks/apps/outline/stack.yml
View File

@@ -47,7 +47,7 @@ services:
# reservations:
# memory: 512M
labels:
- "traefik.enable=true"
- "traefik.enable=falso"
- "traefik.docker.network=homelab"
- "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)"
- "traefik.http.routers.outline.entrypoints=websecure"

6
stacks/apps/paperless/stack.yml
View File

@@ -39,7 +39,7 @@ services:
- PAPERLESS_ALLOWED_HOSTS=docs.home.frostlabs.me
- PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.home.frostlabs.me
- PAPERLESS_REDIS=redis://paperless_redis:6379
- PAPERLESS_DBHOST=10.0.4.10 # Fixed: removed http://
- PAPERLESS_DBHOST=10.0.4.10
- PAPERLESS_DBPORT=5432
- PAPERLESS_DBNAME=paperless
- PAPERLESS_DBUSER=admin
@@ -70,14 +70,14 @@ services:
reservations:
memory: 1G
labels:
- "traefik.enable=true"
- "traefik.enable=false"
- "traefik.swarm.network=homelab"
- "traefik.http.routers.paperless.rule=Host(`docs.home.frostlabs.me`)"
- "traefik.http.routers.paperless.entrypoints=websecure"
- "traefik.http.routers.paperless.tls=true"
- "traefik.http.routers.paperless.service=paperless"
- "traefik.http.services.paperless.loadbalancer.server.port=8000"
depends_on: # Fixed: removed postgres dependency
depends_on:
- paperless_redis
networks:

2
stacks/apps/uptime/stack.yml
View File

@@ -28,7 +28,7 @@ services:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=true"
- "traefik.enable=false"
- "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)"
- "traefik.http.routers.uptime-kuma.entrypoints=websecure"
- "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare"

2
stacks/core/portainer/stack.yml
View File

@@ -15,7 +15,7 @@ services:
constraints:
- node.hostname == p0
labels:
- "traefik.enable=true"
- "traefik.enable=false"
- "traefik.swarm.network=homelab"
- "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
- "traefik.http.routers.portainer.entrypoints=websecure"

118
stacks/core/traefik-test/stack.yml Normal file
View File

@@ -0,0 +1,118 @@
services:
traefik:
image: traefik:v3.5
networks:
# Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes
- homelab-local
ports:
# Expose Traefik's entry points to the Swarm
# Swarm requires the long syntax for ports.
- target: 80 # Container port (Traefik web entry point)
published: 80 # Host port exposed on the nodes
protocol: tcp
# 'host' mode binds directly to the node's IP where the task runs.
# 'ingress' mode uses Swarm's Routing Mesh (load balances across nodes).
# Choose based on your load balancing strategy. 'host' is often simpler if using an external LB.
mode: host
- target: 443 # Container port ( Traefik websecure entry point)
published: 443 # Host port
protocol: tcp
mode: host
volumes:
# Mount the Docker socket for the Swarm provider
# This MUST be run from a manager node to access the Swarm API via the socket.
- /var/run/docker.sock:/var/run/docker.sock:ro # Swarm API socket
- /home/doc/projects/swarm-data/appdata/traefik/certificates/local:/certs:ro
- /home/doc/projects/swarm/conf/traefik-local-conf:/dynamic:ro
# Traefik Static configuration via command-line arguments
command:
# HTTP EntryPoint
- "--entrypoints.web.address=:80"
# Configure HTTP to HTTPS Redirection
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
# HTTPS EntryPoint
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
# Attach dynamic TLS file
- "--providers.file.filename=/dynamic/tls.yaml"
# Providers
# Enable the Docker Swarm provider (instead of Docker provider)
- "--providers.swarm.endpoint=unix:///var/run/docker.sock"
# Watch for Swarm service changes (requires socket access)
- "--providers.swarm.watch=true"
# Recommended: Don't expose services by default; require explicit labels
- "--providers.swarm.exposedbydefault=false"
# Specify the default network for Traefik to connect to services
- "--providers.swarm.network=homelab-local"
# API & Dashboard
- "--api.dashboard=true" # Enable the dashboard
- "--api.insecure=false" # Explicitly disable insecure API mod
# Observability
- "--log.level=INFO" # Set the Log Level e.g INFO, DEBUG
- "--accesslog=true" # Enable Access Logs
- "--metrics.prometheus=falso" # Enable Prometheus
deploy:
replicas: 1
placement:
# Placement constraints restrict where Traefik tasks can run.
# Running on manager nodes is common for accessing the Swarm API via the socket.
constraints:
- node.hostname == p0
# Traefik Dynamic configuration via labels
# In Swarm, labels on the service definition configure Traefik routing for that service.
labels:
- "traefik.enable=true"
# Dashboard router
- "traefik.http.routers.dashboard.rule=Host(`dashboard.swarm.localhost`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
# Basicauth middleware
- "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$apr1$$KWe9YrFZ$$pCQuQTJD16kxFTrVOtL8f."
- "traefik.http.routers.dashboard.middlewares=dashboard-auth@swarm"
# Service hint
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
# Deploy the Whoami application
whoami:
image: traefik/whoami
networks:
- homelab-local
deploy:
labels:
# Enable Service discovery for Traefik
- "traefik.enable=true"
# Define the WHoami router rule
- "traefik.http.routers.whoami.rule=Host(`whoami.swarm.localhost`)"
# Expose Whoami on the HTTPS entrypoint
- "traefik.http.routers.whoami.entrypoints=websecure"
# Enable TLS
- "traefik.http.routers.whoami.tls=true"
# Expose the whoami port number to Traefik
- traefik.http.services.whoami.loadbalancer.server.port=80
# Define the overlay network for Swarm
networks:
homelab-local:
external: true

80
stacks/core/traefik/stack.yml
View File

@@ -1,80 +0,0 @@
services:
traefik:
image: traefik:v3.5
command:
- --api.dashboard=true
- --api.insecure=true
- --ping=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.local.address=:8443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --providers.swarm=true
- --providers.swarm.exposedByDefault=false
- --providers.swarm.network=homelab
- --providers.swarm.watch=true
- --providers.file.directory=/etc/traefik/dynamic
- --providers.file.watch=true
- --certificatesresolvers.cloudflare.acme.dnschallenge=true
- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
- --certificatesresolvers.cloudflare.acme.email=john.allisonwin@outlook.com
- --certificatesresolvers.cloudflare.acme.storage=/certificates/acme.json
- --log.level=DEBUG
- --accesslog=true
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8443
published: 8443
mode: host
- target: 8080
published: 8082
mode: host
environment:
- CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
- /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
secrets:
- cloudflare_api_token
networks:
- homelab
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"]
interval: 30s
timeout: 5s
retries: 3
start_period: 30s
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.hostname == p0
resources:
limits:
memory: 512M
cpus: '0.5'
reservations:
memory: 256M
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`proxy.frostlabs.me`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
networks:
homelab:
external: true
secrets:
cloudflare_api_token:
external: true