2022-10-25 13:34:44 +02:00
|
|
|
version: '3'
|
|
|
|
|
|
|
|
services:
|
|
|
|
traefik:
|
|
|
|
image: traefik:latest
|
|
|
|
container_name: traefik
|
|
|
|
restart: unless-stopped
|
|
|
|
security_opt:
|
|
|
|
- no-new-privileges:true
|
|
|
|
networks:
|
2023-01-05 22:54:45 +01:00
|
|
|
- providers
|
2022-10-25 13:34:44 +02:00
|
|
|
- proxy
|
|
|
|
ports:
|
|
|
|
- 80:80
|
|
|
|
- 443:443
|
|
|
|
volumes:
|
|
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
|
|
- ./config/traefik.yml:/traefik.yml:ro
|
2022-10-25 13:59:46 +02:00
|
|
|
- ./config/acme.json:/acme.json:rw
|
2022-10-25 13:34:44 +02:00
|
|
|
- /etc/timezone:/etc/timezone:ro
|
|
|
|
- /etc/localtime:/etc/localtime:ro
|
2023-01-05 20:13:40 +01:00
|
|
|
extra_hosts:
|
|
|
|
- "host.docker.internal:host-gateway"
|
2022-10-25 13:34:44 +02:00
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.middlewares.traefik-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$"
|
|
|
|
- "traefik.http.middlewares.traefik-stripprefix.stripprefix.prefixes=/traefik"
|
|
|
|
- "traefik.http.routers.traefik-secure.entrypoints=https"
|
2023-05-20 15:53:20 +02:00
|
|
|
- "traefik.http.routers.traefik-secure.rule=Host(`dash.{{ server.domain }}`) && (PathPrefix(`/traefik`) || PathPrefix(`/api`))"
|
2022-10-25 13:34:44 +02:00
|
|
|
- "traefik.http.middlewares.tls-rep.redirectregex.permanent=true"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.SSLRedirect=true"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.forceSTSHeader=true"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.STSSeconds=315360000"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.STSIncludeSubdomains=true"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.STSPreload=true"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.browserXSSFilter=true"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.contentTypeNosniff=true"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.frameDeny=true"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.customFrameOptionsValue=SAMEORIGIN"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.featurePolicy=accelerometer 'none'; ambient-light-sensor 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; usb 'none'; midi 'none'; sync-xhr 'none'; vr 'none'"
|
|
|
|
- "traefik.http.middlewares.tls-header.headers.referrerPolicy=strict-origin-when-cross-origin"
|
|
|
|
- "traefik.http.middlewares.tls-chain.chain.middlewares=tls-rep,tls-header"
|
|
|
|
- "traefik.http.routers.traefik-secure.middlewares=traefik-stripprefix,tls-chain,traefik-auth"
|
|
|
|
- "traefik.http.routers.traefik-secure.tls=true"
|
|
|
|
- "traefik.http.routers.traefik-secure.tls.certresolver=sslResolver"
|
|
|
|
- "traefik.http.routers.traefik-secure.service=api@internal"
|
|
|
|
|
|
|
|
prometheus:
|
|
|
|
image: prom/prometheus:latest
|
|
|
|
restart: unless-stopped
|
|
|
|
container_name: prometheus
|
|
|
|
volumes:
|
|
|
|
- ./prometheus/:/etc/prometheus/
|
|
|
|
- prometheus:/prometheus
|
|
|
|
- /etc/timezone:/etc/timezone:ro
|
|
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
command:
|
|
|
|
- "--web.route-prefix=/"
|
2023-05-20 15:53:20 +02:00
|
|
|
- "--web.external-url=https://dash.{{ server.domain }}/prometheus"
|
2022-10-25 13:34:44 +02:00
|
|
|
- "--config.file=/etc/prometheus/prometheus.yml"
|
|
|
|
- "--storage.tsdb.path=/prometheus"
|
|
|
|
- "--web.console.libraries=/usr/share/prometheus/console_libraries"
|
|
|
|
- "--web.console.templates=/usr/share/prometheus/consoles"
|
|
|
|
networks:
|
|
|
|
- proxy
|
|
|
|
- internal
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.middlewares.prometheus-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$"
|
|
|
|
- "traefik.http.middlewares.prometheus-stripprefix.stripprefix.prefixes=/prometheus"
|
|
|
|
- "traefik.http.routers.prometheus-secure.entrypoints=https"
|
2023-05-20 15:53:20 +02:00
|
|
|
- "traefik.http.routers.prometheus-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/prometheus`)"
|
2022-10-25 13:34:44 +02:00
|
|
|
- "traefik.http.routers.prometheus-secure.middlewares=tls-chain,prometheus-stripprefix,prometheus-auth"
|
|
|
|
- "traefik.http.routers.prometheus-secure.tls=true"
|
|
|
|
- "traefik.http.routers.prometheus-secure.tls.certresolver=sslResolver"
|
|
|
|
- "traefik.http.routers.prometheus-secure.service=prometheus"
|
|
|
|
- "traefik.http.services.prometheus.loadbalancer.server.port=9090"
|
|
|
|
- "traefik.docker.network=proxy"
|
|
|
|
|
|
|
|
grafana:
|
|
|
|
image: grafana/grafana:latest
|
|
|
|
restart: unless-stopped
|
|
|
|
container_name: grafana
|
|
|
|
volumes:
|
|
|
|
- grafana:/var/lib/grafana
|
|
|
|
- ./grafana/provisioning:/etc/grafana/provisioning
|
|
|
|
- /etc/timezone:/etc/timezone:ro
|
|
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
env_file:
|
|
|
|
- grafana.env
|
|
|
|
depends_on:
|
|
|
|
- prometheus
|
|
|
|
networks:
|
|
|
|
- proxy
|
|
|
|
- internal
|
|
|
|
labels:
|
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.http.middlewares.grafana-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$"
|
|
|
|
- "traefik.http.middlewares.grafana-stripprefix.stripprefix.prefixes=/grafana"
|
|
|
|
- "traefik.http.routers.grafana-secure.entrypoints=https"
|
2023-05-20 15:53:20 +02:00
|
|
|
- "traefik.http.routers.grafana-secure.rule=Host(`dash.{{ server.domain }}`) && PathPrefix(`/grafana`)"
|
2022-10-25 13:34:44 +02:00
|
|
|
- "traefik.http.routers.grafana-secure.middlewares=tls-chain,grafana-stripprefix,grafana-auth"
|
|
|
|
- "traefik.http.routers.grafana-secure.tls=true"
|
|
|
|
- "traefik.http.routers.grafana-secure.tls.certresolver=http"
|
|
|
|
- "traefik.http.routers.grafana-secure.service=grafana"
|
|
|
|
- "traefik.http.services.grafana.loadbalancer.server.port=3000"
|
2022-10-26 21:44:25 +02:00
|
|
|
- "traefik.docker.network=proxy"
|
2023-01-05 22:54:45 +01:00
|
|
|
http_provider:
|
|
|
|
image: httpd:latest
|
|
|
|
restart: unless-stopped
|
|
|
|
container_name: http_provider
|
|
|
|
networks:
|
|
|
|
- internal
|
|
|
|
- providers
|
|
|
|
volumes:
|
|
|
|
- ./config/dynamic_conf.yaml:/usr/local/apache2/htdocs/dynamic_conf.yaml
|
2022-10-25 13:34:44 +02:00
|
|
|
|
2023-05-20 19:54:01 +02:00
|
|
|
# BACKUP
|
|
|
|
backup_prometheus:
|
|
|
|
image: offen/docker-volume-backup:latest
|
|
|
|
restart: always
|
|
|
|
environment:
|
|
|
|
BACKUP_CRON_EXPRESSION: "{{ server.backup.cron_expression }}"
|
|
|
|
BACKUP_FILENAME: "{{ server.backup.filename_date_format }}-prometheus.tar.gz"
|
|
|
|
BACKUP_LATEST_SYMLINK: prometheus.latest.tar.gz
|
|
|
|
BACKUP_EXCLUDE_REGEXP: "\\.log$$"
|
|
|
|
BACKUP_RETENTION_DAYS: "{{ server.backup.retention_days }}"
|
|
|
|
volumes:
|
|
|
|
- prometheus:/backup:ro
|
|
|
|
- {{ server.backup.folder }}/traefik:/archive
|
|
|
|
|
|
|
|
backup_grafana:
|
|
|
|
image: offen/docker-volume-backup:latest
|
|
|
|
restart: always
|
|
|
|
environment:
|
|
|
|
BACKUP_CRON_EXPRESSION: "{{ server.backup.cron_expression }}"
|
|
|
|
BACKUP_FILENAME: "{{ server.backup.filename_date_format }}-grafana.tar.gz"
|
|
|
|
BACKUP_LATEST_SYMLINK: grafana.latest.tar.gz
|
|
|
|
BACKUP_EXCLUDE_REGEXP: "\\.log$$"
|
|
|
|
BACKUP_RETENTION_DAYS: "{{ server.backup.retention_days }}"
|
|
|
|
volumes:
|
|
|
|
- grafana:/backup:ro
|
|
|
|
- {{ server.backup.folder }}/traefik:/archive
|
|
|
|
|
2022-10-25 13:34:44 +02:00
|
|
|
networks:
|
2023-01-05 22:54:45 +01:00
|
|
|
providers:
|
2022-10-25 13:34:44 +02:00
|
|
|
internal:
|
|
|
|
proxy:
|
|
|
|
external: true
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
prometheus:
|
|
|
|
grafana:
|