From 6d2b48ec9404a414d3dc71ab1ac0b6362be7ecc7 Mon Sep 17 00:00:00 2001
From: "D. Scott Boggs" <scott@tams.tech>
Date: Thu, 17 Aug 2023 18:44:06 +0000
Subject: [PATCH] initial commit

---
 .gitignore         |  2 ++
 config/.keep       |  0
 docker-compose.yml | 34 ++++++++++++++++++++++++++++++++++
 traefik.yaml       | 41 +++++++++++++++++++++++++++++++++++++++++
 4 files changed, 77 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 config/.keep
 create mode 100644 docker-compose.yml
 create mode 100644 traefik.yaml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..31e50d4
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+**/acme*.json
+**/do-auth.token
diff --git a/config/.keep b/config/.keep
new file mode 100644
index 0000000..e69de29
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..716cc97
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,34 @@
+version: "3.5"
+
+services:
+  proxy:
+    image: traefik:v2.9
+    volumes:
+      - source: /var/run/docker.sock
+        target: /var/run/docker.sock
+        type: bind
+      - source: ./traefik.yaml
+        target: /traefik.yaml
+        type: bind
+      - source: ./config
+        target: /config
+        type: bind
+    ports:
+      - 80:80
+      - 443:443
+    networks: 
+      web:
+        ipv4_address: 172.128.128.128
+    environment:
+      DO_AUTH_TOKEN_FILE: /config/do-auth.token
+    labels:
+      traefik.enable: true
+      traefik.http.middlewares.redirect-to-https.redirectScheme.scheme: https
+      traefik.http.middlewares.redirect-to-https.redirectScheme.permanent: true
+      traefik.http.routers.redirs.rule: HostRegexp(`{host:.+}`)
+      traefik.http.routers.redirs.entrypoints: web
+      traefik.http.routers.redirs.middlewares: redirect-to-https
+
+networks:
+  web:
+    external: true
diff --git a/traefik.yaml b/traefik.yaml
new file mode 100644
index 0000000..cc81e6b
--- /dev/null
+++ b/traefik.yaml
@@ -0,0 +1,41 @@
+
+entrypoints:
+  web:
+    address: :80
+  websecure:
+    address: :443
+
+api:
+  dashboard: true
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: sysadmin@tams.tech
+      storage: /config/acme.json
+      dnsChallenge:
+        provider: digitalocean
+  letsencrypt_standalone:
+    acme:
+      email: sysadmin@tams.tech
+      storage: /config/acme-standalone.json
+      httpChallenge:
+        entryPoint: web
+
+providers:
+  docker:
+    watch: true
+    network: web
+    exposedByDefault: false
+  file:
+    filename: /config/traefik_dynamic.yaml
+
+log:
+  level: INFO
+  format: json
+
+# accessLog:
+#   format: json
+#   filters:
+#     statusCodes: [ 300-599 ]
+#     minDuration: 500ms