From ddc7fa39f68db1ebda284899f3188dc908695eb3 Mon Sep 17 00:00:00 2001
From: Marko Korhonen <marko.korhonen@reekynet.com>
Date: Thu, 13 Feb 2020 21:24:50 +0200
Subject: [PATCH] Move to traefik proxy

---
 docker/gitea/docker-compose.yaml         | 32 ++++++++++++----
 docker/homeautomation/docker-compose.yml | 49 ++++++++++++++++++++++--
 docker/jellyfin/docker-compose.yaml      | 24 +++++++++++-
 docker/portainer/docker-compose.yaml     | 23 ++++++++++-
 docker/traefik/docker-compose.yaml       | 41 ++++++++++++++++++++
 5 files changed, 156 insertions(+), 13 deletions(-)
 create mode 100644 docker/traefik/docker-compose.yaml

diff --git a/docker/gitea/docker-compose.yaml b/docker/gitea/docker-compose.yaml
index 09486fd..f2b31f2 100644
--- a/docker/gitea/docker-compose.yaml
+++ b/docker/gitea/docker-compose.yaml
@@ -1,9 +1,5 @@
 version: '2'
 
-networks:
-  gitea:
-    external: false
-
 services:
   gitea:
     container_name: gitea
@@ -20,14 +16,30 @@ services:
     restart: always
     networks:
       - gitea
-    volumes:
-      - /docker/gitea/gitea:/data
-      - /etc/localtime:/etc/localtime:ro
+      - proxy
     ports:
       - '3000:3000'
       - '222:22'
     depends_on:
       - mariadb-gitea
+    volumes:
+      - /docker/gitea/gitea:/data
+      - /etc/localtime:/etc/localtime:ro
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.gitea-redirect.entrypoints=http'
+      - 'traefik.http.routers.gitea-redirect.rule=Host(`git.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.gitea-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.gitea.entrypoints=https'
+      - 'traefik.http.routers.gitea.rule=Host(`git.reekynet.com`)'
+      - 'traefik.http.routers.gitea.tls=true'
+      - 'traefik.http.routers.gitea.tls.certresolver=http'
+      - 'traefik.http.routers.gitea.service=gitea'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.gitea.loadbalancer.server.port=3000'
 
   mariadb-gitea:
     container_name: mariadb-gitea
@@ -41,3 +53,9 @@ services:
     volumes:
       - /docker/gitea/mariadb:/var/lib/mysql
       - /etc/localtime:/etc/localtime:ro
+
+networks:
+  gitea:
+    external: false
+  proxy:
+    external: true
diff --git a/docker/homeautomation/docker-compose.yml b/docker/homeautomation/docker-compose.yml
index 68dec2f..abe6a2e 100644
--- a/docker/homeautomation/docker-compose.yml
+++ b/docker/homeautomation/docker-compose.yml
@@ -9,10 +9,29 @@ services:
       - /docker/homeautomation/home-assistant:/config
       - /etc/localtime:/etc/localtime:ro
     restart: always
-    network_mode: host
+    networks:
+      - home-assistant
+      - proxy
+    ports:
+      - '8123:8123'
     depends_on:
       - deconz
       - mosquitto
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.home-assistant-redirect.entrypoints=http'
+      - 'traefik.http.routers.home-assistant-redirect.rule=Host(`home.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.home-assistant-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.home-assistant.entrypoints=https'
+      - 'traefik.http.routers.home-assistant.rule=Host(`home.reekynet.com`)'
+      - 'traefik.http.routers.home-assistant.tls=true'
+      - 'traefik.http.routers.home-assistant.tls.certresolver=http'
+      - 'traefik.http.routers.home-assistant.service=home-assistant'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.home-assistant.loadbalancer.server.port=8123'
 
   deconz:
     container_name: deconz
@@ -39,6 +58,9 @@ services:
     image: nodered/node-red
     environment:
       - TZ=Europe/Helsinki
+    networks:
+      - home-assistant
+      - proxy
     ports:
       - '1880:1880'
     volumes:
@@ -47,6 +69,21 @@ services:
     restart: always
     depends_on:
       - home-assistant
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.node-red-redirect.entrypoints=http'
+      - 'traefik.http.routers.node-red-redirect.rule=Host(`node.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.node-red-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.node-red.entrypoints=https'
+      - 'traefik.http.routers.node-red.rule=Host(`node.reekynet.com`)'
+      - 'traefik.http.routers.node-red.tls=true'
+      - 'traefik.http.routers.node-red.tls.certresolver=http'
+      - 'traefik.http.routers.node-red.service=node-red'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.node.loadbalancer.server.port=1880'
 
   mosquitto:
     container_name: mosquitto
@@ -65,9 +102,15 @@ services:
     environment:
       - TZ=Europe/Helsinki
       - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
-    ports:
-      - '3308:3306'
+    networks:
+      - home-assistant
     volumes:
       - /docker/homeautomation/mariadb:/var/lib/mysql
       - /etc/localtime:/etc/localtime:ro
     restart: always
+
+networks:
+  home-assistant:
+    external: false
+  proxy:
+    external: true
diff --git a/docker/jellyfin/docker-compose.yaml b/docker/jellyfin/docker-compose.yaml
index 2f2ccb8..8cc073a 100644
--- a/docker/jellyfin/docker-compose.yaml
+++ b/docker/jellyfin/docker-compose.yaml
@@ -6,10 +6,32 @@ services:
     environment:
       - TZ=Europe/Helsinki
     user: 1001:985
-    network_mode: 'host'
+    ports:
+      - '8096:8096'
+    networks:
+      - proxy
     restart: always
     volumes:
       - /docker/jellyfin/config:/config
       - /docker/jellyfin/cache:/cache
       - /mnt/Storage/Media:/media
       - /etc/localtime:/etc/localtime:ro
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.jellyfin-redirect.entrypoints=http'
+      - 'traefik.http.routers.jellyfin-redirect.rule=Host(`jellyfin.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.jellyfin-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.jellyfin.entrypoints=https'
+      - 'traefik.http.routers.jellyfin.rule=Host(`jellyfin.reekynet.com`)'
+      - 'traefik.http.routers.jellyfin.tls=true'
+      - 'traefik.http.routers.jellyfin.tls.certresolver=http'
+      - 'traefik.http.routers.jellyfin.service=jellyfin'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.jellyfin.loadbalancer.server.port=8096'
+
+networks:
+  proxy:
+    external: true
diff --git a/docker/portainer/docker-compose.yaml b/docker/portainer/docker-compose.yaml
index d4a5839..76ffacc 100644
--- a/docker/portainer/docker-compose.yaml
+++ b/docker/portainer/docker-compose.yaml
@@ -6,9 +6,28 @@ services:
     environment:
       - TZ=Europe/Helsinki
     restart: always
-    ports:
-      - '9000:9000'
+    networks:
+      - proxy
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - /docker/portainer:/data
       - /etc/localtime:/etc/localtime:ro
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.portainer-redirect.entrypoints=http'
+      - 'traefik.http.routers.portainer-redirect.rule=Host(`portainer.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.portainer-redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.portainer.entrypoints=https'
+      - 'traefik.http.routers.portainer.rule=Host(`portainer.reekynet.com`)'
+      - 'traefik.http.routers.portainer.tls=true'
+      - 'traefik.http.routers.portainer.tls.certresolver=http'
+      - 'traefik.http.routers.portainer.service=portainer'
+      - 'traefik.docker.network=proxy'
+      - 'traefik.http.services.portainer.loadbalancer.server.port=9000'
+
+networks:
+  proxy:
+    external: true
diff --git a/docker/traefik/docker-compose.yaml b/docker/traefik/docker-compose.yaml
new file mode 100644
index 0000000..b1ac505
--- /dev/null
+++ b/docker/traefik/docker-compose.yaml
@@ -0,0 +1,41 @@
+version: '3'
+
+services:
+  traefik:
+    image: traefik:v2.0
+    container_name: traefik
+    restart: unless-stopped
+    ports:
+      - '80:80'
+      - '443:443'
+    environment:
+      - TZ=Europe/Helsinki
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - proxy
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /docker/traefik/traefik.yml:/traefik.yml:ro
+      - /docker/traefik/dashboard-users:/dashboard-users:ro
+      - /docker/traefik/acme.json:/acme.json
+    labels:
+      - 'traefik.enable=true'
+
+      - 'traefik.http.routers.redirect.entrypoints=http'
+      - 'traefik.http.routers.redirect.rule=Host(`traefik.reekynet.com`)'
+      - 'traefik.http.middlewares.http2https.redirectscheme.scheme=https'
+      - 'traefik.http.routers.redirect.middlewares=http2https'
+
+      - 'traefik.http.routers.dashboard.entrypoints=https'
+      - 'traefik.http.routers.dashboard.rule=Host(`traefik.reekynet.com`)'
+      - 'traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/dashboard-users'
+      - 'traefik.http.routers.dashboard.middlewares=dashboard-auth'
+      - 'traefik.http.routers.dashboard.tls=true'
+      - 'traefik.http.routers.dashboard.tls.certresolver=http'
+      - 'traefik.http.routers.dashboard.service=api@internal'
+
+networks:
+  proxy:
+    external: true