ssl / tsl and storage of document

2024-12-30 11:37:55 +01:00
parent bf2e38ad51
commit c6b32d6005
7 changed files with 74 additions and 7 deletions
--- a/templates/compose.yaml
+++ b/templates/compose.yaml
@@ -6,13 +6,19 @@ services:
            - app:php
        labels:
            - "traefik.enable=true"
-            - "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)"
-            - "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=web"
            - "traefik.docker.network=traefik"
-        {% if item.expose_port is not false -%}
-        ports:
-            - "{{ item.expose_port }}:80"
-        {% endif -%}
+            - "traefik.http.routers.frontend-{{ item.chill_environment }}.rule=Host(`{{ item.host }}`)"
+            - "traefik.http.routers.frontend-{{ item.chill_environment }}.entrypoints=websecure"
+            {%+ if item.tls_config == 'self_signed' +%}
+            - "traefik.http.routers.frontend-{{ item.chill_environment }}.tls=true"
+            {%+ endif +%}
+            {%+ if item.expose_port is not false +%}
+            - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.rule=PathPrefix(`/`)"
+            - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.entrypoints=chill{{ item.chill_environment }}"
+            {%+ if item.tls_config == 'self_signed' +%}
+            - "traefik.http.routers.frontend-exp-{{ item.chill_environment }}.tls=true"
+            {%+ endif +%}
+            {%+ endif +%}
        networks:
            - traefik
            - default
@@ -25,6 +31,7 @@ services:
            - './config/prod:/var/www/app/config/packages/prod:ro'
            - './var:/var/www/app/var:rw'
            - '/var/logs/chill:/var/www/app/logs'
+            - '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage'
        links:
            - redis
            - relatorio
--- a/templates/config/prod/chill_doc_store.yaml
+++ b/templates/config/prod/chill_doc_store.yaml
@@ -0,0 +1,3 @@
+chill_doc_store:
+    local_storage:
+        storage_path: '/var/storage'
--- a/templates/config/prod/framework.yaml
+++ b/templates/config/prod/framework.yaml
@@ -0,0 +1,3 @@
+framework:
+    trusted_proxies: '172.150.0.0/24'
+    trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
--- a/templates/traefik-compose.yaml
+++ b/templates/traefik-compose.yaml
@@ -13,17 +13,36 @@ services:
      - "--providers.docker=true"
      - "--providers.docker.exposedByDefault=false"
      - "--entryPoints.web.address=:80"
+      - "--entryPoints.websecure.address=:443"
+      {%+ for c in chills +%}
+      {%+ if c.expose_port is not false +%}
+      - "--entryPoints.chill{{ c.chill_environment }}.address=:{{ c.expose_port }}"
+      {% endif +%}
+      {% endfor +%}
+
    ports:
      # The HTTP port
      - "80:80"
+      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
+      {% for c in chills +%}
+      {% if c.expose_port is not false +%}
+      - "{{ c.expose_port }}:{{ c.expose_port }}"
+      {% endif +%}
+      {%+ endfor +%}
+
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/traefik/certs:/var/traefik/certs
    networks:
      - traefik

 networks:
  traefik:
-    name: traefik
+    name: traefik
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 172.150.0.0/24