From 07221d4e583a933f121786c32aca0e58ddbadedb Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Fri, 20 Apr 2018 09:22:15 +0200 Subject: [PATCH] Replace Nginx + Let's Encrypt with Traefik (see docker-compose) --- README.md | 15 +++++---- docker/docker-compose.yml | 67 +++++++++++++++++++++------------------ 2 files changed, 45 insertions(+), 37 deletions(-) diff --git a/README.md b/README.md index 2799538..c96d4f0 100644 --- a/README.md +++ b/README.md @@ -24,21 +24,20 @@ If you are interested, [check out](https://hub.docker.com/r/crazymax/) my other ### From docker-compose -* Reverse proxy with [nginx-proxy](https://github.com/jwilder/nginx-proxy) -* Creation/renewal of Let's Encrypt certificates automatically with [letsencrypt-nginx-proxy-companion](https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion) +* [Traefik](https://github.com/containous/traefik-library-image) as reverse proxy and creation/renewal of Let's Encrypt certificates ## Docker ### Environment variables -* `TZ` : The timezone assigned to the container (default to `UTC`) +* `TZ` : The timezone assigned to the container (default `UTC`) * `JLS_VIRTUAL_HOSTS` : [Virtual hosts](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) where license server will be available (comma delimited for several hosts) -* `JLS_CONTEXT` : [Context path](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) used by the license server (default to : `/`) -* `JLS_ACCESS_CONFIG` : JSON file to configure [user restrictions](https://www.jetbrains.com/help/license_server/configuring_user_restrictions.html) (default to `/data/access-config.json`) +* `JLS_CONTEXT` : [Context path](https://www.jetbrains.com/help/license_server/setting_host_and_port.html#d1010e63) used by the license server (default `/`) +* `JLS_ACCESS_CONFIG` : JSON file to configure [user restrictions](https://www.jetbrains.com/help/license_server/configuring_user_restrictions.html) (default `/data/access-config.json`) * `JLS_STATS_RECIPIENTS` : [Reports recipients](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) email addresses for stats (comma delimited) -* `JLS_REPORT_OUT_OF_LICENSE` : [Warn about lack of licenses](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) every hour following the percentage threshold (default to : `0` = disabled) +* `JLS_REPORT_OUT_OF_LICENSE` : [Warn about lack of licenses](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) every hour following the percentage threshold (default `0`) * `JLS_SMTP_SERVER` : SMTP server host to use for sending [stats](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html) (stats disabled if empty) -* `JLS_SMTP_PORT` : SMTP server port (default to `25`) +* `JLS_SMTP_PORT` : SMTP server port (default `25`) * `JLS_SMTP_USERNAME` : SMTP username (auth disabled if empty) * `JLS_SMTP_PASSWORD` : SMTP password (auth disabled if empty) * `JLS_STATS_FROM` : [From address](https://www.jetbrains.com/help/license_server/detailed_server_usage_statistics.html#d461e40) for stats emails @@ -57,6 +56,8 @@ If you are interested, [check out](https://hub.docker.com/r/crazymax/) my other Docker compose is the recommended way to run this image. You can use the following [docker compose template](docker/docker-compose.yml), then run the container : ```bash +touch acme.json +chmod 600 acme.json docker-compose up -d docker-compose logs -f ``` diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 95cea92..b475f99 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -1,41 +1,48 @@ version: '3' services: - proxy: - image: jwilder/nginx-proxy:alpine - labels: - - com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true + traefik: + image: traefik:alpine + command: + - --logLevel=INFO + - --defaultentrypoints=http,https + - --entryPoints=Name:http Address::80 Redirect.EntryPoint:https + - --entryPoints=Name:https Address::443 TLS + - --docker + - --docker.exposedbydefault=false + - --docker.domain=example.com + - --acme=false + - --acme.acmelogging=true + - --acme.email=webmaster@example.com + - --acme.storage=acme.json + - --acme.entryPoint=https + - --acme.onhostrule=true + - --acme.httpchallenge=true ports: - - 80:80 - - 443:443 + - target: 80 + published: 80 + protocol: tcp + mode: host + - target: 443 + published: 443 + protocol: tcp + mode: host volumes: - - ./proxy/conf.d:/etc/nginx/conf.d:rw - - ./proxy/vhost.d:/etc/nginx/vhost.d:rw - - ./proxy/html:/usr/share/nginx/html:rw - - ./proxy/certs:/etc/nginx/certs:ro - - /etc/localtime:/etc/localtime:ro - - /var/run/docker.sock:/tmp/docker.sock:ro - restart: always - - letsencrypt: - image: jrcs/letsencrypt-nginx-proxy-companion - depends_on: - - proxy - volumes: - - ./proxy/certs:/etc/nginx/certs:rw - - ./proxy/vhost.d:/etc/nginx/vhost.d:rw - - ./proxy/html:/usr/share/nginx/html:rw - - /etc/localtime:/etc/localtime:ro - - /var/run/docker.sock:/var/run/docker.sock:ro + - ./acme.json:/acme.json + - /var/run/docker.sock:/var/run/docker.sock restart: always app: image: crazymax/jetbrains-license-server:latest depends_on: - - letsencrypt - - proxy + - traefik volumes: - - ./data:/data + - jetbrains-license-server:/data + labels: + - traefik.enable=true + - traefik.backend=jetbrains-license-server + - traefik.port=80 + - traefik.frontend.rule=Host:jetbrains-license-server.example.com,an-other-host.example.com environment: - TZ=Europe/Paris - JLS_VIRTUAL_HOSTS=jetbrains-license-server.example.com,an-other-host.example.com @@ -49,7 +56,7 @@ services: - JLS_SMTP_PASSWORD= - JLS_STATS_FROM=jetbrains@example.com - JLS_STATS_TOKEN=1BFC67F51AAF99E85C2347B72E62C - - VIRTUAL_HOST=jetbrains-license-server.example.com - - LETSENCRYPT_HOST=jetbrains-license-server.example.com - - LETSENCRYPT_EMAIL=webmaster@example.com restart: always + +volumes: + jetbrains-license-server: