From 1299959b140ea133eca8f3e371b6c5e278d283a4 Mon Sep 17 00:00:00 2001 From: Yury Hrytsuk <50014626+YuryHrytsuk@users.noreply.github.com> Date: Wed, 13 Dec 2023 15:26:27 +0100 Subject: [PATCH] Use custom certs on Dalco & TIP (#478) * Return removed staging CA for letsenrypt * Fix missing $ * Remove PAYMENTS_AUTORECHARGE_DEFAULT_MIN_BALANCE * Add missing deploy constraint to prom catch all * Use custom certs on dalco and tip deployments --- services/admin-panels/Makefile | 4 +- services/adminer/Makefile | 4 +- services/filestash/Makefile | 4 +- services/graylog/Makefile | 10 +-- services/jaeger/Makefile | 4 +- services/minio/Makefile | 2 +- services/monitoring/Makefile | 8 +- services/portainer/Makefile | 4 +- services/redis-commander/Makefile | 8 +- services/registry/Makefile | 15 ++-- .../config/osparc.speag.com_dyn_cfg.yaml | 86 +++++++++++++++++++ .../config/tip.itis.swiss_dyn_cfg.yaml | 28 ++++++ services/traefik/docker-compose.dalco.yml | 33 +++---- services/traefik/docker-compose.public.yml | 33 +++---- 14 files changed, 169 insertions(+), 74 deletions(-) create mode 100644 services/traefik/config/osparc.speag.com_dyn_cfg.yaml create mode 100644 services/traefik/config/tip.itis.swiss_dyn_cfg.yaml diff --git a/services/admin-panels/Makefile b/services/admin-panels/Makefile index 81d0ceb1..446aaf87 100644 --- a/services/admin-panels/Makefile +++ b/services/admin-panels/Makefile @@ -75,8 +75,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@ .PHONY: ${TEMP_COMPOSE}-dalco -${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@ +${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@ .PHONY: ${TEMP_COMPOSE}-master ${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml diff --git a/services/adminer/Makefile b/services/adminer/Makefile index a4bcaa1c..690bce73 100644 --- a/services/adminer/Makefile +++ b/services/adminer/Makefile @@ -56,8 +56,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@ .PHONY: ${TEMP_COMPOSE}-dalco -${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@ +${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@ .PHONY: ${TEMP_COMPOSE}-master ${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml diff --git a/services/filestash/Makefile b/services/filestash/Makefile index 781c6ab9..edef0f76 100644 --- a/services/filestash/Makefile +++ b/services/filestash/Makefile @@ -56,8 +56,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@ .PHONY: ${TEMP_COMPOSE}-dalco -${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@ +${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@ .PHONY: ${TEMP_COMPOSE}-master ${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml diff --git a/services/graylog/Makefile b/services/graylog/Makefile index 843912e2..07d57eef 100644 --- a/services/graylog/Makefile +++ b/services/graylog/Makefile @@ -24,8 +24,8 @@ up-letsencrypt-dns: .init .env ${TEMP_COMPOSE}-letsencrypt-dns @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-letsencrypt-dns ${STACK_NAME} .PHONY: up-dalco ## Deploys graylog stack for Dalco Cluster -up-dalco: .init .env ${TEMP_COMPOSE}-letsencrypt-dalco - @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-letsencrypt-dalco ${STACK_NAME} +up-dalco: .init .env ${TEMP_COMPOSE}-dalco + @docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-dalco ${STACK_NAME} $(MAKE) configure .PHONY: up-public ## Deploys graylog stack for public access Cluster @@ -61,9 +61,9 @@ ${TEMP_COMPOSE}-letsencrypt-http: docker-compose.yml docker-compose.letsencrypt. ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.dns.yml @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@ -.PHONY: ${TEMP_COMPOSE}-letsencrypt-dalco -${TEMP_COMPOSE}-letsencrypt-dalco: docker-compose.yml docker-compose.dalco.yml docker-compose.letsencrypt.dns.yml - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml docker-compose.letsencrypt.dns.yml > $@ +.PHONY: ${TEMP_COMPOSE}-dalco +${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@ .PHONY: ${TEMP_COMPOSE}-master .env ## Deploys stack on master deployment # Hacky workaround introduced by DK2021 via https://github.com/docker/compose/issues/7771 diff --git a/services/jaeger/Makefile b/services/jaeger/Makefile index 3e0d7765..580d9b2f 100644 --- a/services/jaeger/Makefile +++ b/services/jaeger/Makefile @@ -56,8 +56,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d @${REPO_BASE_DIR}/scripts/docker-compose-config.bash $< docker-compose.letsencrypt.dns.yml > $@ .PHONY: ${TEMP_COMPOSE}-dalco -${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@ +${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash $< docker-compose.dalco.yml > $@ .PHONY: ${TEMP_COMPOSE}-master ${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml diff --git a/services/minio/Makefile b/services/minio/Makefile index 491f0520..ee92ddec 100644 --- a/services/minio/Makefile +++ b/services/minio/Makefile @@ -32,7 +32,7 @@ up-letsencrypt-dns: .init .env ${TEMP_COMPOSE}-letsencrypt-dns .create-secrets # # "'docker node update --label-add minioX=true' with X being from 1 to number of replicas." .PHONY: up-dalco -up-dalco: up-letsencrypt-dns ## Deploys minio stack for Dalco Cluster +up-dalco: up ## Deploys minio stack for Dalco Cluster .PHONY: up-master up-master: up ## Deploys minio stack for Master Cluster diff --git a/services/monitoring/Makefile b/services/monitoring/Makefile index 70683303..3b0d05cd 100644 --- a/services/monitoring/Makefile +++ b/services/monitoring/Makefile @@ -63,11 +63,11 @@ ${TEMP_COMPOSE}-letsencrypt-http: docker-compose.yml docker-compose.letsencrypt. ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.dns.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@ -${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml docker-compose.letsencrypt.dns.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@ +${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@ -${TEMP_COMPOSE}-public: docker-compose.yml docker-compose.public.yml docker-compose.letsencrypt.dns.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.public.yml > $@ +${TEMP_COMPOSE}-public: docker-compose.yml docker-compose.public.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.public.yml > $@ ${TEMP_COMPOSE}-aws: docker-compose.yml docker-compose.aws.yml docker-compose.letsencrypt.dns.yml config.monitoring .env pgsql_query_exporter_config.yaml smokeping_prober_config.yaml @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.aws.yml docker-compose.letsencrypt.dns.yml > $@ diff --git a/services/portainer/Makefile b/services/portainer/Makefile index 40e333db..1877395c 100644 --- a/services/portainer/Makefile +++ b/services/portainer/Makefile @@ -76,8 +76,8 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@ .PHONY: ${TEMP_COMPOSE}-dalco -${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml .env - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@ +${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml .env + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@ .PHONY: ${TEMP_COMPOSE}-master ${TEMP_COMPOSE}-master: docker-compose.yml docker-compose.master.yml .env diff --git a/services/redis-commander/Makefile b/services/redis-commander/Makefile index 210e2660..3f99f8f9 100644 --- a/services/redis-commander/Makefile +++ b/services/redis-commander/Makefile @@ -56,12 +56,12 @@ ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.d @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@ .PHONY: ${TEMP_COMPOSE}-dalco -${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml docker-compose.letsencrypt.dns.yml .env - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.dalco.yml > $@ +${TEMP_COMPOSE}-dalco: docker-compose.yml docker-compose.dalco.yml .env + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.dalco.yml > $@ .PHONY: ${TEMP_COMPOSE}-public -${TEMP_COMPOSE}-public: docker-compose.yml docker-compose.public.yml docker-compose.letsencrypt.dns.yml .env - @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml docker-compose.public.yml > $@ +${TEMP_COMPOSE}-public: docker-compose.yml docker-compose.public.yml .env + @${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.public.yml > $@ .PHONY: ${TEMP_COMPOSE}-master ${TEMP_COMPOSE}-master: docker-compose.yml .env diff --git a/services/registry/Makefile b/services/registry/Makefile index ccf8f5d0..e04aade2 100644 --- a/services/registry/Makefile +++ b/services/registry/Makefile @@ -21,8 +21,8 @@ define create-s3-bucket # bucket is available in S3 endef -.PHONY: up -up: .init .env ${TEMP_COMPOSE} ## Deploys registry stack +.PHONY: up-local +up-local: .init .env ${TEMP_COMPOSE}-local ## Deploys registry stack @$(create-s3-bucket) docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE} ${STACK_NAME} @@ -35,7 +35,8 @@ up-letsencrypt-dns: .init .env ${TEMP_COMPOSE}-letsencrypt-dns docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE}-letsencrypt-dns ${STACK_NAME} .PHONY: up-dalco ## Deploys registry stack for Dalco Cluster -up-dalco: up-letsencrypt-dns +up-dalco: .init .env ${TEMP_COMPOSE} + docker stack deploy --with-registry-auth --prune --compose-file ${TEMP_COMPOSE} ${STACK_NAME} .PHONY: up-aws up-aws: .init .env ${TEMP_COMPOSE}-aws ## Deploys registry on AWS @@ -52,8 +53,8 @@ up-local: up # Helpers ------------------------------------------------- -.PHONY: ${TEMP_COMPOSE} -${TEMP_COMPOSE}: docker-compose.yml docker-compose.self-signed.yml .env +.PHONY: ${TEMP_COMPOSE}-local +${TEMP_COMPOSE}-local: docker-compose.yml docker-compose.self-signed.yml .env ${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.self-signed.yml > $@ .PHONY: ${TEMP_COMPOSE}-letsencrypt-http @@ -64,6 +65,10 @@ ${TEMP_COMPOSE}-letsencrypt-http: docker-compose.yml docker-compose.letsencrypt. ${TEMP_COMPOSE}-letsencrypt-dns: docker-compose.yml docker-compose.letsencrypt.dns.yml .env ${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.letsencrypt.dns.yml > $@ +.PHONY: ${TEMP_COMPOSE} +${TEMP_COMPOSE}: docker-compose.yml .env + ${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< > $@ + .PHONY: ${TEMP_COMPOSE}-aws ${TEMP_COMPOSE}-aws: docker-compose.yml docker-compose.aws.yml docker-compose.letsencrypt.dns.yml .env ${REPO_BASE_DIR}/scripts/docker-compose-config.bash -e .env $< docker-compose.aws.yml docker-compose.letsencrypt.dns.yml > $@ diff --git a/services/traefik/config/osparc.speag.com_dyn_cfg.yaml b/services/traefik/config/osparc.speag.com_dyn_cfg.yaml new file mode 100644 index 00000000..5503831f --- /dev/null +++ b/services/traefik/config/osparc.speag.com_dyn_cfg.yaml @@ -0,0 +1,86 @@ +tls: + certificates: + - certFile: /etc/traefik_certs/monitoring.osparc.speag.com.crt + keyFile: /etc/traefik_certs/monitoring.osparc.speag.com.key + - certFile: /etc/traefik_certs/tip-staging.speag.com.crt + keyFile: /etc/traefik_certs/tip-staging.speag.com.key + - certFile: /etc/traefik_certs/www.osparc.speag.com.crt + keyFile: /etc/traefik_certs/www.osparc.speag.com.key + - certFile: /etc/traefik_certs/filestash.monitoring.osparc.speag.com.crt + keyFile: /etc/traefik_certs/filestash.monitoring.osparc.speag.com.key + - certFile: /etc/traefik_certs/admin.osparc.speag.com.crt + keyFile: /etc/traefik_certs/admin.osparc.speag.com.key + - certFile: /etc/traefik_certs/registry.osparc.speag.com.crt + keyFile: /etc/traefik_certs/registry.osparc.speag.com.key + - certFile: /etc/traefik_certs/monitoring.osparc-staging.speag.com.crt + keyFile: /etc/traefik_certs/monitoring.osparc-staging.speag.com.key + - certFile: /etc/traefik_certs/s4l-lite-staging.speag.com.crt + keyFile: /etc/traefik_certs/s4l-lite-staging.speag.com.key + - certFile: /etc/traefik_certs/service.s4l.speag.com.crt + keyFile: /etc/traefik_certs/service.s4l.speag.com.key + - certFile: /etc/traefik_certs/service.osparc.speag.com.crt + keyFile: /etc/traefik_certs/service.osparc.speag.com.key + - certFile: /etc/traefik_certs/service.testing.tip.speag.com.crt + keyFile: /etc/traefik_certs/service.testing.tip.speag.com.key + - certFile: /etc/traefik_certs/service.testing.s4l-lite.speag.com.crt + keyFile: /etc/traefik_certs/service.testing.s4l-lite.speag.com.key + - certFile: /etc/traefik_certs/service.tip.speag.com.crt + keyFile: /etc/traefik_certs/service.tip.speag.com.key + - certFile: /etc/traefik_certs/service.testing.osparc.speag.com.crt + keyFile: /etc/traefik_certs/service.testing.osparc.speag.com.key + - certFile: /etc/traefik_certs/service.s4l-lite.speag.com.crt + keyFile: /etc/traefik_certs/service.s4l-lite.speag.com.key + - certFile: /etc/traefik_certs/testing.osparc-staging.speag.com.crt + keyFile: /etc/traefik_certs/testing.osparc-staging.speag.com.key + - certFile: /etc/traefik_certs/testing.api.osparc.speag.com.crt + keyFile: /etc/traefik_certs/testing.api.osparc.speag.com.key + - certFile: /etc/traefik_certs/testing.api.osparc-staging.speag.com.crt + keyFile: /etc/traefik_certs/testing.api.osparc-staging.speag.com.key + - certFile: /etc/traefik_certs/api.osparc.speag.com.crt + keyFile: /etc/traefik_certs/api.osparc.speag.com.key + - certFile: /etc/traefik_certs/api.osparc-staging.speag.com.crt + keyFile: /etc/traefik_certs/api.osparc-staging.speag.com.key + - certFile: /etc/traefik_certs/testing.osparc.speag.com.crt + keyFile: /etc/traefik_certs/testing.osparc.speag.com.key + - certFile: /etc/traefik_certs/osparc-staging.speag.com.crt + keyFile: /etc/traefik_certs/osparc-staging.speag.com.key + - certFile: /etc/traefik_certs/s4l-staging.speag.com.crt + keyFile: /etc/traefik_certs/s4l-staging.speag.com.key + - certFile: /etc/traefik_certs/osparc.speag.com.crt + keyFile: /etc/traefik_certs/osparc.speag.com.key + - certFile: /etc/traefik_certs/service.testing.s4l.speag.com.crt + keyFile: /etc/traefik_certs/service.testing.s4l.speag.com.key + - certFile: /etc/traefik_certs/service.testing.tip-staging.speag.com.crt + keyFile: /etc/traefik_certs/service.testing.tip-staging.speag.com.key + - certFile: /etc/traefik_certs/service.tip-staging.speag.com.crt + keyFile: /etc/traefik_certs/service.tip-staging.speag.com.key + - certFile: /etc/traefik_certs/service.s4l-staging.speag.com.crt + keyFile: /etc/traefik_certs/service.s4l-staging.speag.com.key + - certFile: /etc/traefik_certs/service.testing.s4l-staging.speag.com.crt + keyFile: /etc/traefik_certs/service.testing.s4l-staging.speag.com.key + - certFile: /etc/traefik_certs/service.s4l-lite-staging.speag.com.crt + keyFile: /etc/traefik_certs/service.s4l-lite-staging.speag.com.key + - certFile: /etc/traefik_certs/services.s4l-lite-staging.speag.com.crt + keyFile: /etc/traefik_certs/services.s4l-lite-staging.speag.com.key + - certFile: /etc/traefik_certs/services.tip-staging.speag.com.crt + keyFile: /etc/traefik_certs/services.tip-staging.speag.com.key + - certFile: /etc/traefik_certs/services.s4l-staging.speag.com.crt + keyFile: /etc/traefik_certs/services.s4l-staging.speag.com.key + - certFile: /etc/traefik_certs/service.osparc-staging.speag.com.crt + keyFile: /etc/traefik_certs/service.osparc-staging.speag.com.key + - certFile: /etc/traefik_certs/invitations.osparc-staging.speag.com.crt + keyFile: /etc/traefik_certs/invitations.osparc-staging.speag.com.key + - certFile: /etc/traefik_certs/invitations.osparc.speag.com.crt + keyFile: /etc/traefik_certs/invitations.osparc.speag.com.key + - certFile: /etc/traefik_certs/invitations.tip.speag.com.crt + keyFile: /etc/traefik_certs/invitations.tip.speag.com.key + - certFile: /etc/traefik_certs/invitations.tip-staging.speag.com.crt + keyFile: /etc/traefik_certs/invitations.tip-staging.speag.com.key + - certFile: /etc/traefik_certs/service.testing.osparc-staging.speag.com.crt + keyFile: /etc/traefik_certs/service.testing.osparc-staging.speag.com.key + - certFile: /etc/traefik_certs/service.testing.s4l-lite-staging.speag.com.crt + keyFile: /etc/traefik_certs/service.testing.s4l-lite-staging.speag.com.key + - certFile: /etc/traefik_certs/payments.osparc-staging.speag.com.crt + keyFile: /etc/traefik_certs/payments.osparc-staging.speag.com.key + - certFile: /etc/traefik_certs/payments.osparc.speag.com.crt + keyFile: /etc/traefik_certs/payments.osparc.speag.com.key diff --git a/services/traefik/config/tip.itis.swiss_dyn_cfg.yaml b/services/traefik/config/tip.itis.swiss_dyn_cfg.yaml new file mode 100644 index 00000000..6bdd0166 --- /dev/null +++ b/services/traefik/config/tip.itis.swiss_dyn_cfg.yaml @@ -0,0 +1,28 @@ +tls: + certificates: + - certFile: /etc/traefik_certs/filestash.monitoring.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/filestash.monitoring.tip.itis.swiss.key + - certFile: /etc/traefik_certs/testing.api.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/testing.api.tip.itis.swiss.key + - certFile: /etc/traefik_certs/admin.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/admin.tip.itis.swiss.key + - certFile: /etc/traefik_certs/tip.itis.swiss.crt + keyFile: /etc/traefik_certs/tip.itis.swiss.key + - certFile: /etc/traefik_certs/testing.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/testing.tip.itis.swiss.key + - certFile: /etc/traefik_certs/registry.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/registry.tip.itis.swiss.key + - certFile: /etc/traefik_certs/api.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/api.tip.itis.swiss.key + - certFile: /etc/traefik_certs/monitoring.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/monitoring.tip.itis.swiss.key + - certFile: /etc/traefik_certs/service.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/service.tip.itis.swiss.key + - certFile: /etc/traefik_certs/www.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/www.tip.itis.swiss.key + - certFile: /etc/traefik_certs/invitations.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/invitations.tip.itis.swiss.key + - certFile: /etc/traefik_certs/service.testing.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/service.testing.tip.itis.swiss.key + - certFile: /etc/traefik_certs/payments.tip.itis.swiss.crt + keyFile: /etc/traefik_certs/payments.tip.itis.swiss.key diff --git a/services/traefik/docker-compose.dalco.yml b/services/traefik/docker-compose.dalco.yml index 9e84f00f..15ec2781 100644 --- a/services/traefik/docker-compose.dalco.yml +++ b/services/traefik/docker-compose.dalco.yml @@ -23,30 +23,19 @@ services: - '--tracing.jaeger=true' - '--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling' - '--tracing.jaeger.localAgentHostPort=jaeger:6831' - - "--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" - - "--entryPoints.https.forwardedHeaders.insecure" - - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=rfc2136" - - "--certificatesresolvers.myresolver.acme.email=${OSPARC_DEVOPS_MAIL_ADRESS}" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - # For debug purpose, to avoid being ban by let's encrypt servers - # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - - "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=${RFC2136_NAMESERVER}" - volumes: - - "letsencrypt_certs:/letsencrypt" - environment: - - RFC2136_TSIG_KEY=${RFC2136_TSIG_KEY} - - RFC2136_TSIG_SECRET=${RFC2136_TSIG_SECRET} - - RFC2136_TSIG_ALGORITHM=${RFC2136_TSIG_ALGORITHM} - - RFC2136_NAMESERVER=${RFC2136_NAMESERVER} - - RFC2136_POLLING_INTERVAL=${RFC2136_POLLING_INTERVAL} + - '--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)' + - '--entryPoints.https.forwardedHeaders.insecure' + - '--providers.file.directory=/etc/traefik/' + - '--providers.file.watch=true' + configs: + - source: traefik_dynamic_config.yml + target: /etc/traefik/dynamic_conf.yml deploy: replicas: ${OPS_TRAEFIK_REPLICAS} placement: constraints: - node.labels.traefik==true - whoami: - deploy: - labels: - - traefik.http.routers.whoami.tls.certresolver=myresolver -volumes: - letsencrypt_certs: + +configs: + traefik_dynamic_config.yml: + file: ./config/osparc.speag.com_dyn_cfg.yaml diff --git a/services/traefik/docker-compose.public.yml b/services/traefik/docker-compose.public.yml index dbe3afef..83527fa9 100644 --- a/services/traefik/docker-compose.public.yml +++ b/services/traefik/docker-compose.public.yml @@ -23,31 +23,18 @@ services: - '--tracing.jaeger=true' - '--tracing.jaeger.samplingServerURL=http://jaeger:5778/sampling' - '--tracing.jaeger.localAgentHostPort=jaeger:6831' - - "--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)" - - "--entryPoints.https.forwardedHeaders.insecure" - - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=rfc2136" - - "--certificatesresolvers.myresolver.acme.email=${OSPARC_DEVOPS_MAIL_ADRESS}" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - # For debug purpose, to avoid being ban by let's encrypt servers - #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - - "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=${RFC2136_NAMESERVER}" - volumes: - - "letsencrypt_certs:/letsencrypt" - environment: - - RFC2136_TSIG_KEY=${RFC2136_TSIG_KEY} - - RFC2136_TSIG_SECRET=${RFC2136_TSIG_SECRET} - - RFC2136_TSIG_ALGORITHM=${RFC2136_TSIG_ALGORITHM} - - RFC2136_NAMESERVER=${RFC2136_NAMESERVER} - - RFC2136_POLLING_INTERVAL=${RFC2136_POLLING_INTERVAL} + - '--providers.docker.constraints=!LabelRegex(`io.simcore.zone`, `.+`)' + - '--entryPoints.https.forwardedHeaders.insecure' + - '--providers.file.directory=/etc/traefik/' + - '--providers.file.watch=true' + configs: + - source: traefik_dynamic_config.yml + target: /etc/traefik/dynamic_conf.yml deploy: replicas: ${OPS_TRAEFIK_REPLICAS} placement: constraints: - node.labels.traefik==true - whoami: - deploy: - labels: - - traefik.http.routers.whoami.tls.certresolver=myresolver - -volumes: - letsencrypt_certs: +configs: + traefik_dynamic_config.yml: + file: ./config/tip.itis.swiss_dyn_cfg.yaml