Skip to content

Commit

Permalink
Use custom certs on Dalco & TIP (#478)
Browse files Browse the repository at this point in the history 
* Return removed staging CA for letsenrypt

* Fix missing $

* Remove PAYMENTS_AUTORECHARGE_DEFAULT_MIN_BALANCE

* Add missing deploy constraint to prom catch all

* Use custom certs on dalco and tip deployments
  • Loading branch information
@YuryHrytsuk
YuryHrytsuk authored Dec 13, 2023
1 parent 8b588af commit 1299959
Show file tree
Hide file tree
Showing 14 changed files with 169 additions and 74 deletions.
4 changes: 2 additions & 2 deletions services/admin-panels/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@

.PHONY: ${TEMP_COMPOSE}-dalco
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@

.PHONY: ${TEMP_COMPOSE}-master
${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml
Expand Down
4 changes: 2 additions & 2 deletions services/adminer/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@

.PHONY: ${TEMP_COMPOSE}-dalco
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@

.PHONY: ${TEMP_COMPOSE}-master
${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml
Expand Down
4 changes: 2 additions & 2 deletions services/filestash/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@

.PHONY: ${TEMP_COMPOSE}-dalco
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@

.PHONY: ${TEMP_COMPOSE}-master
${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml
Expand Down
10 changes: 5 additions & 5 deletions services/graylog/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ up-letsencrypt-dns: .init .env ${TEMP_COMPOSE}-letsencrypt-dns
@docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-letsencrypt-dns ${STACK_NAME}

.PHONY: up-dalco ## Deploys graylog stack for Dalco Cluster
up-dalco: .init .env ${TEMP_COMPOSE}-letsencrypt-dalco
@docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-letsencrypt-dalco ${STACK_NAME}
up-dalco: .init .env ${TEMP_COMPOSE}-dalco
@docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-dalco ${STACK_NAME}
$(MAKE) configure

.PHONY: up-public ## Deploys graylog stack for public access Cluster
Expand Down Expand Up @@ -61,9 +61,9 @@ ${TEMP_COMPOSE}-letsencrypt-http: docker-compose.yml docker-compose.letsencrypt.
${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.dns.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@

.PHONY: ${TEMP_COMPOSE}-letsencrypt-dalco
${TEMP_COMPOSE}-letsencrypt-dalco: docker-compose.yml docker-compose.dalco.yml docker-compose.letsencrypt.dns.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml docker-compose.letsencrypt.dns.yml > $@
.PHONY: ${TEMP_COMPOSE}-dalco
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@

.PHONY: ${TEMP_COMPOSE}-master .env ## Deploys stack on master deployment
# Hacky workaround introduced by DK2021 via https://github.com/docker/compose/issues/7771
Expand Down
4 changes: 2 additions & 2 deletions services/jaeger/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash $< docker-compose.letsencrypt.dns.yml > $@

.PHONY: ${TEMP_COMPOSE}-dalco
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash $< docker-compose.dalco.yml > $@

.PHONY: ${TEMP_COMPOSE}-master
${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml
Expand Down
2 changes: 1 addition & 1 deletion services/minio/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ up-letsencrypt-dns: .init .env ${TEMP_COMPOSE}-letsencrypt-dns .create-secrets #
# "'docker node update --label-add minioX=true' with X being from 1 to number of replicas."

.PHONY: up-dalco
up-dalco: up-letsencrypt-dns ## Deploys minio stack for Dalco Cluster
up-dalco: up ## Deploys minio stack for Dalco Cluster

.PHONY: up-master
up-master: up ## Deploys minio stack for Master Cluster
Expand Down
8 changes: 4 additions & 4 deletions services/monitoring/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,11 @@ ${TEMP_COMPOSE}-letsencrypt-http: docker-compose.yml docker-compose.letsencrypt.
${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.dns.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@

${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml docker-compose.letsencrypt.dns.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@

${TEMP_COMPOSE}-public: docker-compose.yml docker-compose.public.yml docker-compose.letsencrypt.dns.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.public.yml > $@
${TEMP_COMPOSE}-public: docker-compose.yml docker-compose.public.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.public.yml > $@

${TEMP_COMPOSE}-aws: docker-compose.yml docker-compose.aws.yml docker-compose.letsencrypt.dns.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.aws.yml docker-compose.letsencrypt.dns.yml > $@
Expand Down
4 changes: 2 additions & 2 deletions services/portainer/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,8 +76,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@

.PHONY: ${TEMP_COMPOSE}-dalco
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml .env
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml .env
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@

.PHONY: ${TEMP_COMPOSE}-master
${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml .env
Expand Down
8 changes: 4 additions & 4 deletions services/redis-commander/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,12 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@

.PHONY: ${TEMP_COMPOSE}-dalco
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml docker-compose.letsencrypt.dns.yml .env
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@
${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml .env
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@

.PHONY: ${TEMP_COMPOSE}-public
${TEMP_COMPOSE}-public: docker-compose.yml docker-compose.public.yml docker-compose.letsencrypt.dns.yml .env
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.public.yml > $@
${TEMP_COMPOSE}-public: docker-compose.yml docker-compose.public.yml .env
@${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.public.yml > $@

.PHONY: ${TEMP_COMPOSE}-master
${TEMP_COMPOSE}-master: docker-compose.yml .env
Expand Down
15 changes: 10 additions & 5 deletions services/registry/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ define create-s3-bucket
# bucket is available in S3
endef

.PHONY: up
up: .init .env ${TEMP_COMPOSE} ## Deploys registry stack
.PHONY: up-local
up-local: .init .env ${TEMP_COMPOSE}-local ## Deploys registry stack
@$(create-s3-bucket)
docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE} ${STACK_NAME}

Expand All @@ -35,7 +35,8 @@ up-letsencrypt-dns: .init .env ${TEMP_COMPOSE}-letsencrypt-dns
docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-letsencrypt-dns ${STACK_NAME}

.PHONY: up-dalco ## Deploys registry stack for Dalco Cluster
up-dalco: up-letsencrypt-dns
up-dalco: .init .env ${TEMP_COMPOSE}
docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE} ${STACK_NAME}

.PHONY: up-aws
up-aws: .init .env ${TEMP_COMPOSE}-aws ## Deploys registry on AWS
Expand All @@ -52,8 +53,8 @@ up-local: up

# Helpers -------------------------------------------------

.PHONY: ${TEMP_COMPOSE}
${TEMP_COMPOSE}: docker-compose.yml docker-compose.self-signed.yml .env
.PHONY: ${TEMP_COMPOSE}-local
${TEMP_COMPOSE}-local: docker-compose.yml docker-compose.self-signed.yml .env
${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.self-signed.yml > $@

.PHONY: ${TEMP_COMPOSE}-letsencrypt-http
Expand All @@ -64,6 +65,10 @@ ${TEMP_COMPOSE}-letsencrypt-http: docker-compose.yml docker-compose.letsencrypt.
${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.dns.yml .env
${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@

.PHONY: ${TEMP_COMPOSE}
${TEMP_COMPOSE}: docker-compose.yml .env
${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< > $@

.PHONY: ${TEMP_COMPOSE}-aws
${TEMP_COMPOSE}-aws: docker-compose.yml docker-compose.aws.yml docker-compose.letsencrypt.dns.yml .env
${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.aws.yml docker-compose.letsencrypt.dns.yml > $@
86 changes: 86 additions & 0 deletions services/traefik/config/osparc.speag.com_dyn_cfg.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
tls:
certificates:
- certFile: /etc/traefik_certs/monitoring.osparc.speag.com.crt
keyFile: /etc/traefik_certs/monitoring.osparc.speag.com.key
- certFile: /etc/traefik_certs/tip-staging.speag.com.crt
keyFile: /etc/traefik_certs/tip-staging.speag.com.key
- certFile: /etc/traefik_certs/www.osparc.speag.com.crt
keyFile: /etc/traefik_certs/www.osparc.speag.com.key
- certFile: /etc/traefik_certs/filestash.monitoring.osparc.speag.com.crt
keyFile: /etc/traefik_certs/filestash.monitoring.osparc.speag.com.key
- certFile: /etc/traefik_certs/admin.osparc.speag.com.crt
keyFile: /etc/traefik_certs/admin.osparc.speag.com.key
- certFile: /etc/traefik_certs/registry.osparc.speag.com.crt
keyFile: /etc/traefik_certs/registry.osparc.speag.com.key
- certFile: /etc/traefik_certs/monitoring.osparc-staging.speag.com.crt
keyFile: /etc/traefik_certs/monitoring.osparc-staging.speag.com.key
- certFile: /etc/traefik_certs/s4l-lite-staging.speag.com.crt
keyFile: /etc/traefik_certs/s4l-lite-staging.speag.com.key
- certFile: /etc/traefik_certs/service.s4l.speag.com.crt
keyFile: /etc/traefik_certs/service.s4l.speag.com.key
- certFile: /etc/traefik_certs/service.osparc.speag.com.crt
keyFile: /etc/traefik_certs/service.osparc.speag.com.key
- certFile: /etc/traefik_certs/service.testing.tip.speag.com.crt
keyFile: /etc/traefik_certs/service.testing.tip.speag.com.key
- certFile: /etc/traefik_certs/service.testing.s4l-lite.speag.com.crt
keyFile: /etc/traefik_certs/service.testing.s4l-lite.speag.com.key
- certFile: /etc/traefik_certs/service.tip.speag.com.crt
keyFile: /etc/traefik_certs/service.tip.speag.com.key
- certFile: /etc/traefik_certs/service.testing.osparc.speag.com.crt
keyFile: /etc/traefik_certs/service.testing.osparc.speag.com.key
- certFile: /etc/traefik_certs/service.s4l-lite.speag.com.crt
keyFile: /etc/traefik_certs/service.s4l-lite.speag.com.key
- certFile: /etc/traefik_certs/testing.osparc-staging.speag.com.crt
keyFile: /etc/traefik_certs/testing.osparc-staging.speag.com.key
- certFile: /etc/traefik_certs/testing.api.osparc.speag.com.crt
keyFile: /etc/traefik_certs/testing.api.osparc.speag.com.key
- certFile: /etc/traefik_certs/testing.api.osparc-staging.speag.com.crt
keyFile: /etc/traefik_certs/testing.api.osparc-staging.speag.com.key
- certFile: /etc/traefik_certs/api.osparc.speag.com.crt
keyFile: /etc/traefik_certs/api.osparc.speag.com.key
- certFile: /etc/traefik_certs/api.osparc-staging.speag.com.crt
keyFile: /etc/traefik_certs/api.osparc-staging.speag.com.key
- certFile: /etc/traefik_certs/testing.osparc.speag.com.crt
keyFile: /etc/traefik_certs/testing.osparc.speag.com.key
- certFile: /etc/traefik_certs/osparc-staging.speag.com.crt
keyFile: /etc/traefik_certs/osparc-staging.speag.com.key
- certFile: /etc/traefik_certs/s4l-staging.speag.com.crt
keyFile: /etc/traefik_certs/s4l-staging.speag.com.key
- certFile: /etc/traefik_certs/osparc.speag.com.crt
keyFile: /etc/traefik_certs/osparc.speag.com.key
- certFile: /etc/traefik_certs/service.testing.s4l.speag.com.crt
keyFile: /etc/traefik_certs/service.testing.s4l.speag.com.key
- certFile: /etc/traefik_certs/service.testing.tip-staging.speag.com.crt
keyFile: /etc/traefik_certs/service.testing.tip-staging.speag.com.key
- certFile: /etc/traefik_certs/service.tip-staging.speag.com.crt
keyFile: /etc/traefik_certs/service.tip-staging.speag.com.key
- certFile: /etc/traefik_certs/service.s4l-staging.speag.com.crt
keyFile: /etc/traefik_certs/service.s4l-staging.speag.com.key
- certFile: /etc/traefik_certs/service.testing.s4l-staging.speag.com.crt
keyFile: /etc/traefik_certs/service.testing.s4l-staging.speag.com.key
- certFile: /etc/traefik_certs/service.s4l-lite-staging.speag.com.crt
keyFile: /etc/traefik_certs/service.s4l-lite-staging.speag.com.key
- certFile: /etc/traefik_certs/services.s4l-lite-staging.speag.com.crt
keyFile: /etc/traefik_certs/services.s4l-lite-staging.speag.com.key
- certFile: /etc/traefik_certs/services.tip-staging.speag.com.crt
keyFile: /etc/traefik_certs/services.tip-staging.speag.com.key
- certFile: /etc/traefik_certs/services.s4l-staging.speag.com.crt
keyFile: /etc/traefik_certs/services.s4l-staging.speag.com.key
- certFile: /etc/traefik_certs/service.osparc-staging.speag.com.crt
keyFile: /etc/traefik_certs/service.osparc-staging.speag.com.key
- certFile: /etc/traefik_certs/invitations.osparc-staging.speag.com.crt
keyFile: /etc/traefik_certs/invitations.osparc-staging.speag.com.key
- certFile: /etc/traefik_certs/invitations.osparc.speag.com.crt
keyFile: /etc/traefik_certs/invitations.osparc.speag.com.key
- certFile: /etc/traefik_certs/invitations.tip.speag.com.crt
keyFile: /etc/traefik_certs/invitations.tip.speag.com.key
- certFile: /etc/traefik_certs/invitations.tip-staging.speag.com.crt
keyFile: /etc/traefik_certs/invitations.tip-staging.speag.com.key
- certFile: /etc/traefik_certs/service.testing.osparc-staging.speag.com.crt
keyFile: /etc/traefik_certs/service.testing.osparc-staging.speag.com.key
- certFile: /etc/traefik_certs/service.testing.s4l-lite-staging.speag.com.crt
keyFile: /etc/traefik_certs/service.testing.s4l-lite-staging.speag.com.key
- certFile: /etc/traefik_certs/payments.osparc-staging.speag.com.crt
keyFile: /etc/traefik_certs/payments.osparc-staging.speag.com.key
- certFile: /etc/traefik_certs/payments.osparc.speag.com.crt
keyFile: /etc/traefik_certs/payments.osparc.speag.com.key
28 changes: 28 additions & 0 deletions services/traefik/config/tip.itis.swiss_dyn_cfg.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
tls:
certificates:
- certFile: /etc/traefik_certs/filestash.monitoring.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/filestash.monitoring.tip.itis.swiss.key
- certFile: /etc/traefik_certs/testing.api.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/testing.api.tip.itis.swiss.key
- certFile: /etc/traefik_certs/admin.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/admin.tip.itis.swiss.key
- certFile: /etc/traefik_certs/tip.itis.swiss.crt
keyFile: /etc/traefik_certs/tip.itis.swiss.key
- certFile: /etc/traefik_certs/testing.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/testing.tip.itis.swiss.key
- certFile: /etc/traefik_certs/registry.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/registry.tip.itis.swiss.key
- certFile: /etc/traefik_certs/api.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/api.tip.itis.swiss.key
- certFile: /etc/traefik_certs/monitoring.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/monitoring.tip.itis.swiss.key
- certFile: /etc/traefik_certs/service.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/service.tip.itis.swiss.key
- certFile: /etc/traefik_certs/www.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/www.tip.itis.swiss.key
- certFile: /etc/traefik_certs/invitations.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/invitations.tip.itis.swiss.key
- certFile: /etc/traefik_certs/service.testing.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/service.testing.tip.itis.swiss.key
- certFile: /etc/traefik_certs/payments.tip.itis.swiss.crt
keyFile: /etc/traefik_certs/payments.tip.itis.swiss.key
33 changes: 11 additions & 22 deletions services/traefik/docker-compose.dalco.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,30 +23,19 @@ services:
- '--tracing.jaeger=true'
- '--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling'
- '--tracing.jaeger.localAgentHostPort=jaeger:6831'
- "--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)"
- "--entryPoints.https.forwardedHeaders.insecure"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=rfc2136"
- "--certificatesresolvers.myresolver.acme.email=${OSPARC_DEVOPS_MAIL_ADRESS}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
# For debug purpose, to avoid being ban by let's encrypt servers
# - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=${RFC2136_NAMESERVER}"
volumes:
- "letsencrypt_certs:/letsencrypt"
environment:
- RFC2136_TSIG_KEY=${RFC2136_TSIG_KEY}
- RFC2136_TSIG_SECRET=${RFC2136_TSIG_SECRET}
- RFC2136_TSIG_ALGORITHM=${RFC2136_TSIG_ALGORITHM}
- RFC2136_NAMESERVER=${RFC2136_NAMESERVER}
- RFC2136_POLLING_INTERVAL=${RFC2136_POLLING_INTERVAL}
- '--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)'
- '--entryPoints.https.forwardedHeaders.insecure'
- '--providers.file.directory=/etc/traefik/'
- '--providers.file.watch=true'
configs:
- source: traefik_dynamic_config.yml
target: /etc/traefik/dynamic_conf.yml
deploy:
replicas: ${OPS_TRAEFIK_REPLICAS}
placement:
constraints:
- node.labels.traefik==true
whoami:
deploy:
labels:
- traefik.http.routers.whoami.tls.certresolver=myresolver
volumes:
letsencrypt_certs:

configs:
traefik_dynamic_config.yml:
file: ./config/osparc.speag.com_dyn_cfg.yaml
Loading

0 comments on commit 1299959

Please sign in to comment.