osk-team
/
docker-infrastructure
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

syntax

main
pipistrello 2026-06-05 14:46:40 +03:00
parent f15f2f5e83
commit fe0ec9dd03
2 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
traefik/README.md
View File

@ -21,8 +21,13 @@ Replaces **nginx-proxy-manager** on serverweb. One `:443` entrypoint that does
| `dynamic/passthrough.yml` | the TCP SNI-passthrough routers → Windows hosts |
| `dynamic/web.yml` | HTTP routers (dashboards) + dashboard basic-auth |
Routing config lives in git and redeploys on push (file provider, `watch: true`).
`acme.json` is **not** in git — it holds private keys and persists on the host.
Config files (`traefik.yml`, `dynamic/`) are the source of truth in git, but must be
**placed on the host** at `/mnt/containers/traefik/container-data/` and mounted by
**absolute path**. Portainer GitOps runs compose with paths relative to its own
container (`/data/compose/<id>/…`), which the Docker daemon can't resolve — so relative
`./` bind mounts silently become empty dirs (`is a directory` crash loop). Keep the host
copies in sync with this repo; Traefik's `watch: true` still hot-reloads `dynamic/` when
the host files change. `acme.json` is **not** in git (private keys) and persists on the host.
## One-time host prep (serverweb)
@ -30,6 +35,14 @@ Routing config lives in git and redeploys on push (file provider, `watch: true`)
mkdir -p /mnt/containers/traefik/container-data/acme
touch /mnt/containers/traefik/container-data/acme/acme.json
chmod 600 /mnt/containers/traefik/container-data/acme/acme.json
mkdir -p /mnt/containers/traefik/container-data/dynamic
```
Then copy the config from this repo onto the host (re-copy whenever they change):
```bash
scp traefik.yml root@serverweb:/mnt/containers/traefik/container-data/traefik.yml
scp dynamic/*.yml root@serverweb:/mnt/containers/traefik/container-data/dynamic/
```
## Before deploying — edit

10
traefik/docker-compose.yaml
View File

@ -6,13 +6,19 @@ services:
# Traefik replaces nginx-proxy-manager on 80/443. Decommission NPM before
# deploying this (both can't bind 80/443). UDP/443 (SMB-over-QUIC) is NOT
# handled here — the router forwards UDP/443 straight to serverfile.
#
# NOTE: absolute host paths (NOT ./relative). Portainer GitOps runs compose
# with paths relative to its own container (/data/compose/<id>/...), which
# the Docker daemon can't resolve — relative mounts silently become empty
# dirs. Config files live on the host; keep them in sync with this repo's
# traefik.yml / dynamic/ (source of truth).
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/etc/traefik/traefik.yml:ro,z
- ./dynamic:/etc/traefik/dynamic:ro,z
- /mnt/containers/traefik/container-data/traefik.yml:/etc/traefik/traefik.yml:ro,z
- /mnt/containers/traefik/container-data/dynamic:/etc/traefik/dynamic:ro,z
- /mnt/containers/traefik/container-data/acme:/acme:z
networks:
- reverseproxy-nw