jpallison0625/swarm-production
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
John
2025-11-05 20:11:08 +00:00
parent bd6b6e5b0e
commit feae85b159
10 changed files with 94 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
stacks/apps/adminer/stack.yml
View File

@@ -23,7 +23,7 @@ services:
memory: 128M
labels:
# Local route
- traefik.enable=false
- traefik.enable=true
- traefik.http.routers.adminer.rule=Host(`adminer.frostlabs.me`)
- traefik.http.routers.adminer.entrypoints=websecure
- traefik.http.routers.adminer.tls.certresolver=cloudflare

2
stacks/apps/authentik/stack.yml
View File

@@ -59,7 +59,7 @@ services:
reservations:
memory: 512M
labels:
- "traefik.enable=false"
- "traefik.enable=true"
- "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
- "traefik.http.routers.authentik.entrypoints=websecure"
- "traefik.http.routers.authentik.tls.certresolver=cloudflare"

4
stacks/apps/outline/stack.yml
View File

@@ -47,8 +47,8 @@ services:
# reservations:
# memory: 512M
labels:
- "traefik.enable=falso"
- "traefik.docker.network=homelab"
- "traefik.enable=true"
- "traefik.swarm.network=homelab"
- "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)"
- "traefik.http.routers.outline.entrypoints=websecure"
- "traefik.http.routers.outline.tls=true"

14
stacks/apps/paperless/stack.yml
View File

@@ -32,12 +32,12 @@ services:
- PAPERLESS_DBPASS_FILE=/run/secrets/postgres-master
- PAPERLESS_SECRET_KEY_FILE=/run/secrets/paperless-secret-key
- PAPERLESS_ADMIN_PASSWORD_FILE=/run/secrets/paperless-admin-pass
# - PAPERLESS_URLS=https://docs.frostlabs.me
# - PAPERLESS_ALLOWED_HOSTS=docs.frostlabs.me,docs.frostlabs.home
# - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.frostlabs.me,https://docs.frostlabs.home
- PAPERLESS_URLS=https://docs.home.frostlabs.me
- PAPERLESS_ALLOWED_HOSTS=docs.home.frostlabs.me
- PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.home.frostlabs.me
- PAPERLESS_URLS=https://docs.frostlabs.me
- PAPERLESS_ALLOWED_HOSTS=docs.frostlabs.me,docs.frostlabs.home
- PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.frostlabs.me,https://docs.frostlabs.home
# - PAPERLESS_URLS=https://docs.home.frostlabs.me
# - PAPERLESS_ALLOWED_HOSTS=docs.home.frostlabs.me
# - PAPERLESS_CSRF_TRUSTED_ORIGINS=https://docs.home.frostlabs.me
- PAPERLESS_REDIS=redis://paperless_redis:6379
- PAPERLESS_DBHOST=10.0.4.10
- PAPERLESS_DBPORT=5432
@@ -72,7 +72,7 @@ services:
labels:
- "traefik.enable=false"
- "traefik.swarm.network=homelab"
- "traefik.http.routers.paperless.rule=Host(`docs.home.frostlabs.me`)"
- "traefik.http.routers.paperless.rule=Host(`docs.frostlabs.me`)"
- "traefik.http.routers.paperless.entrypoints=websecure"
- "traefik.http.routers.paperless.tls=true"
- "traefik.http.routers.paperless.service=paperless"

4
stacks/apps/uptime/stack.yml
View File

@@ -28,12 +28,12 @@ services:
failure_action: rollback
order: start-first
labels:
- "traefik.enable=false"
- "traefik.enable=true"
- "traefik.http.routers.uptime-kuma.rule=Host(`status.frostlabs.me`)"
- "traefik.http.routers.uptime-kuma.entrypoints=websecure"
- "traefik.http.routers.uptime-kuma.tls.certresolver=cloudflare"
- "traefik.http.services.uptime-kuma.loadbalancer.server.port=3001"
- "traefik.docker.network=homelab"
- "traefik.swarm.network=homelab"
networks:
homelab:

44
stacks/core/adguard/stack.yml
View File

@@ -1,44 +0,0 @@
services:
adguard:
image: adguard/adguardhome:latest
ports:
- target: 53
published: 53
protocol: udp
mode: host
- target: 53
published: 53
protocol: tcp
mode: host
- target: 3000
published: 3000
protocol: tcp
mode: host
volumes:
- /home/doc/projects/swarm-data/appdata/adguard/work:/opt/adguardhome/work
- /home/doc/projects/swarm-data/appdata/adguard/conf:/opt/adguardhome/conf
networks:
- homelab
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.hostname == p0
resources:
limits:
memory: 512M
cpus: '0.5'
reservations:
memory: 256M
labels:
- "traefik.enable=true"
- "traefik.http.routers.adguard.rule=Host(`dns.home.frostlabs.me`)"
- "traefik.http.routers.adguard.entrypoints=websecure"
- "traefik.http.routers.adguard.tls=true"
- "traefik.http.routers.adguard.service=adguard"
- "traefik.http.services.adguard.loadbalancer.server.port=3000"
networks:
homelab:
external: true

35
stacks/core/nginx-pm/stack.yml
View File

@@ -1,35 +0,0 @@
services:
nginx-pm:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
- '8099:80'
- '4434:443'
- '81:81'
environment:
TZ: "America/New_York"
volumes:
- /home/doc/projects/swarm-data/appdata/nginx-pm/data:/data
- /home/doc/projects/swarm-data/appdata/nginx-pm/le:/etc/letsencrypt
deploy:
replicas: 1
placement:
constraints:
- node.hostname == p1
resources:
limits:
cpus: '0.50'
memory: 1024M
reservations:
cpus: '0.25'
memory: 512M
networks:
- homelab
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:81"]
interval: 1m30s
timeout: 10s
retries: 3
networks:
homelab:
external: true

2
stacks/core/portainer/stack.yml
View File

@@ -15,7 +15,7 @@ services:
constraints:
- node.hostname == p0
labels:
- "traefik.enable=false"
- "traefik.enable=true"
- "traefik.swarm.network=homelab"
- "traefik.http.routers.portainer.rule=Host(`portainer.frostlabs.me`)"
- "traefik.http.routers.portainer.entrypoints=websecure"

118
stacks/core/traefik-test/stack.yml
View File

@@ -1,118 +0,0 @@
services:
traefik:
image: traefik:v3.5
networks:
# Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes
- homelab-local
ports:
# Expose Traefik's entry points to the Swarm
# Swarm requires the long syntax for ports.
- target: 80 # Container port (Traefik web entry point)
published: 80 # Host port exposed on the nodes
protocol: tcp
# 'host' mode binds directly to the node's IP where the task runs.
# 'ingress' mode uses Swarm's Routing Mesh (load balances across nodes).
# Choose based on your load balancing strategy. 'host' is often simpler if using an external LB.
mode: host
- target: 443 # Container port ( Traefik websecure entry point)
published: 443 # Host port
protocol: tcp
mode: host
volumes:
# Mount the Docker socket for the Swarm provider
# This MUST be run from a manager node to access the Swarm API via the socket.
- /var/run/docker.sock:/var/run/docker.sock:ro # Swarm API socket
- /home/doc/projects/swarm-data/appdata/traefik/certificates/local:/certs:ro
- /home/doc/projects/swarm/conf/traefik-local-conf:/dynamic:ro
# Traefik Static configuration via command-line arguments
command:
# HTTP EntryPoint
- "--entrypoints.web.address=:80"
# Configure HTTP to HTTPS Redirection
- "--entrypoints.web.http.redirections.entrypoint.to=websecure"
- "--entrypoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
# HTTPS EntryPoint
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.http.tls=true"
# Attach dynamic TLS file
- "--providers.file.filename=/dynamic/dynamic.yml"
# Providers
# Enable the Docker Swarm provider (instead of Docker provider)
- "--providers.swarm.endpoint=unix:///var/run/docker.sock"
# Watch for Swarm service changes (requires socket access)
- "--providers.swarm.watch=true"
# Recommended: Don't expose services by default; require explicit labels
- "--providers.swarm.exposedbydefault=false"
# Specify the default network for Traefik to connect to services
- "--providers.swarm.network=homelab-local"
# API & Dashboard
- "--api.dashboard=true" # Enable the dashboard
- "--api.insecure=false" # Explicitly disable insecure API mod
# Observability
- "--log.level=INFO" # Set the Log Level e.g INFO, DEBUG
- "--accesslog=true" # Enable Access Logs
- "--metrics.prometheus=falso" # Enable Prometheus
deploy:
replicas: 1
placement:
# Placement constraints restrict where Traefik tasks can run.
# Running on manager nodes is common for accessing the Swarm API via the socket.
constraints:
- node.hostname == p0
# Traefik Dynamic configuration via labels
# In Swarm, labels on the service definition configure Traefik routing for that service.
labels:
- "traefik.enable=true"
# Dashboard router
- "traefik.http.routers.dashboard.rule=Host(`dashboard.swarm.localhost`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
# Basicauth middleware
- "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$apr1$$KWe9YrFZ$$pCQuQTJD16kxFTrVOtL8f."
- "traefik.http.routers.dashboard.middlewares=dashboard-auth@swarm"
# Service hint
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
# Deploy the Whoami application
whoami:
image: traefik/whoami
networks:
- homelab-local
deploy:
labels:
# Enable Service discovery for Traefik
- "traefik.enable=true"
# Define the WHoami router rule
- "traefik.http.routers.whoami.rule=Host(`whoami.swarm.localhost`)"
# Expose Whoami on the HTTPS entrypoint
- "traefik.http.routers.whoami.entrypoints=websecure"
# Enable TLS
- "traefik.http.routers.whoami.tls=true"
# Expose the whoami port number to Traefik
- traefik.http.services.whoami.loadbalancer.server.port=80
# Define the overlay network for Swarm
networks:
homelab-local:
external: true

80
stacks/core/traefik/stack.yml Normal file
View File

@@ -0,0 +1,80 @@
services:
traefik:
image: traefik:v3.5
command:
- --api.dashboard=true
- --api.insecure=true
- --ping=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.local.address=:8443
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --providers.swarm=true
- --providers.swarm.exposedByDefault=false
- --providers.swarm.network=homelab
- --providers.swarm.watch=true
- --providers.file.directory=/etc/traefik/dynamic
- --providers.file.watch=true
- --certificatesresolvers.cloudflare.acme.dnschallenge=true
- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
- --certificatesresolvers.cloudflare.acme.email=john.allisonwin@outlook.com
- --certificatesresolvers.cloudflare.acme.storage=/certificates/acme.json
- --log.level=DEBUG
- --accesslog=true
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8443
published: 8443
mode: host
- target: 8080
published: 8082
mode: host
environment:
- CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
- /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:ro
secrets:
- cloudflare_api_token
networks:
- homelab
healthcheck:
test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost:8080/ping"]
interval: 30s
timeout: 5s
retries: 3
start_period: 30s
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.hostname == p0
resources:
limits:
memory: 512M
cpus: '0.5'
reservations:
memory: 256M
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`proxy.frostlabs.me`)"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
networks:
homelab:
external: true
secrets:
cloudflare_api_token:
external: true