Use Traefik for reverse proxy! :)

2024-11-14 16:55:42 +00:00 · 2020-03-30 17:27:54 +02:00 · 2020-03-30 17:27:54 +02:00 · 257549bf69
commit 257549bf69
parent 9ced65f34c
4 changed files with 44 additions and 71 deletions
--- a/dind_swarm.yml
+++ b/dind_swarm.yml
@ -2,24 +2,29 @@ version: '3'

 services:
  storage:
-    command: ["-p", "-s", "storage.nopaque;/srv/nopaque/storage;no;no;no;nopaque", "-u", "nopaque;nopaque"]
+    command:
+      - "-p"
+      - "-s"
+      - "storage.nopaque;/srv/nopaque/storage;no;no;no;nopaque"
+      - "-u"
+      - "nopaque;nopaque"
    image: dperson/samba:latest
    ports:
-      - 445:445
-    restart: on-failure
+      - "445:445"
    volumes:
-      - /srv/nopaque/storage:/srv/nopaque/storage
+      - "/srv/nopaque/storage:/srv/nopaque/storage"
  worker:
    image: docker:dind
    ports:
-      - 2375
+      - "2375"
    privileged: true
-    restart: on-failure
    volumes:
-      - /mnt/nopaque:/mnt/nopaque
+      - "/mnt/nopaque:/mnt/nopaque"
  viz:
-    environment:
-      - VIRTUAL_HOST=viz.localhost
    image: dockersamples/visualizer:latest
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.viz.rule=Host(`viz.localhost`)"
+      - "traefik.http.routers.viz.entrypoints=web"
    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - "/var/run/docker.sock:/var/run/docker.sock"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,71 +1,56 @@
 version: '3'

 services:
-  nginx-proxy:
-    depends_on:
-      - web
-    deploy:
-      placement:
-        constraints:
-          - node.role == manager
+  reverse-proxy:
+    image: traefik:2.2
+    command:
+      - "--log.level=DEBUG"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
-      # - "443:443"
-    image: jwilder/nginx-proxy:latest
    volumes:
-       - /var/run/docker.sock:/tmp/docker.sock:ro
-       - ./nginx-proxy/conf.d/nopaque_specifics.conf:/etc/nginx/conf.d/nopaque_specifics.conf:ro
-       - ./nginx-proxy/vhost.d:/etc/nginx/vhost.d:ro
-       # - ./certs:/etc/nginx/certs
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  web:
    depends_on:
      - db
      - redis
-    environment:
-      - VIRTUAL_HOST=nopaque.localhost,129.70.216.233
    env_file: nopaque.env
    image: gitlab.ub.uni-bielefeld.de:4567/sfb1288inf/opaque:development
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nopaque.rule=Host(`nopaque.localhost`)"
+      - "traefik.http.routers.nopaque.entrypoints=web"
    volumes:
-      - /mnt/nopaque:/mnt/nopaque
-      - ./app:/home/nopaque/app
-      - ./logs:/home/nopaque/logs
-      - ./migrations:/home/nopaque/migrations
-      - ./tests:/home/nopaque/tests
-      - ./config.py:/home/nopaque/config.py
-      - ./docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
-      - ./nopaque.py:/home/nopaque/nopaque.py
-      - ./requirements.txt:/home/nopaque/requirements.txt
+      - "/mnt/nopaque:/mnt/nopaque"
+      - "./app:/home/nopaque/app"
+      - "./logs:/home/nopaque/logs"
+      - "./migrations:/home/nopaque/migrations"
+      - "./tests:/home/nopaque/tests"
+      - "./config.py:/home/nopaque/config.py"
+      - "./docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh"
+      - "./nopaque.py:/home/nopaque/nopaque.py"
+      - "./requirements.txt:/home/nopaque/requirements.txt"
  daemon:
    depends_on:
      - db
-    deploy:
-      placement:
-        constraints:
-          - node.role == manager
    env_file: nopaque.env
    extra_hosts:
      - "host.docker.internal:172.17.0.1"
    image: gitlab.ub.uni-bielefeld.de:4567/sfb1288inf/opaque_daemon:latest
    volumes:
-      - /mnt/nopaque:/mnt/nopaque
-      - ./logs:/home/nopaqued/logs
-      - ../opaque_daemon/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
-      - ../opaque_daemon/nopaqued.py:/home/nopaqued/nopaqued.py
-      - ../opaque_daemon/merge_corpus_files.py:/home/nopaqued/merge_corpus_files.py
-      - ../opaque_daemon/requirements.txt:/home/nopaqued/requirements.txt
-      - $HOME/.docker:/home/nopaqued/.docker
+      - "/mnt/nopaque:/mnt/nopaque"
+      - "./logs:/home/nopaqued/logs"
+      - "../opaque_daemon/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh"
+      - "../opaque_daemon/nopaqued.py:/home/nopaqued/nopaqued.py"
+      - "../opaque_daemon/merge_corpus_files.py:/home/nopaqued/merge_corpus_files.py"
+      - "../opaque_daemon/requirements.txt:/home/nopaqued/requirements.txt"
+      - "$HOME/.docker:/home/nopaqued/.docker"
  db:
-    deploy:
-      placement:
-        constraints:
-          - node.role == manager
    env_file: nopaque.env
    image: postgres:11
    volumes:
-      - /srv/nopaque/database:/var/lib/postgresql/data
+      - "/srv/nopaque/database:/var/lib/postgresql/data"
  redis:
-    deploy:
-      placement:
-        constraints:
-          - node.role == manager
    image: redis:5
--- a/nginx-proxy/conf.d/nopaque_specifics.conf
+++ b/nginx-proxy/conf.d/nopaque_specifics.conf
@ -1 +0,0 @@
-client_max_body_size 1024M;
--- a/nginx-proxy/vhost.d/nopaque.localhost
+++ b/nginx-proxy/vhost.d/nopaque.localhost
@ -1,16 +0,0 @@
-location /socket.io {
-    proxy_http_version 1.1;
-    proxy_buffering off;
-    proxy_set_header Host $http_host;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $proxy_connection;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
-    proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
-    proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
-
-    # Mitigate httpoxy attack (see README for details)
-    proxy_set_header Proxy "";
-    proxy_pass http://opaque_web_1:5000;
-}