From 535e976db145c1d2b4128d9e4089188c40e43df3 Mon Sep 17 00:00:00 2001
From: hcornet <hcornet@tips-of-mine.fr>
Date: Wed, 1 Jan 2025 19:11:53 +0100
Subject: [PATCH] update

---
 .env                | 11 +++++++
 configs/traefik.yml | 23 ++++-----------
 docker-compose.yml  | 70 +++++++++++++++++++++++++++++++++++++++------
 3 files changed, 78 insertions(+), 26 deletions(-)

diff --git a/.env b/.env
index fbda53e..3e6ace5 100644
--- a/.env
+++ b/.env
@@ -1 +1,12 @@
 CF_DNS_API_TOKEN=
+ROOT_DOMAIN=tips-of-mine.com
+HTTP_TIMEOUT=60
+POLLING_INTERVAL=10
+PROPAGATION_TIMEOUT=3600
+TTL=300
+PROVIDERS_GOOGLE_CLIENT_ID=<GOOGLE CLIENT ID>
+PROVIDERS_GOOGLE_CLIENT_SECRET=<GOOGLE CLIENT SECRET>
+SECRET=RandomTextGoesHere
+WHITELIST=<YOUR GOOGLE ACCOUNT EMAIL>
+LOG_LEVEL=DEBUG
+ZONE_ID=<YOUR CLOUDFLARE ZONE ID>
\ No newline at end of file
diff --git a/configs/traefik.yml b/configs/traefik.yml
index 1414a9f..cffe6dc 100644
--- a/configs/traefik.yml
+++ b/configs/traefik.yml
@@ -75,33 +75,22 @@ providers:
     directory: /etc/traefik/dynamic
     watch: true
   providersThrottleDuration: 10
+  swarmMode: false
 
 certificatesResolvers:
-  staging:
-    acme:
-      email: admin@tips-of-mine.com
-      storage: /var/traefik/certs/acme.json
-      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
-      keyType: EC256
-      dnsChallenge:
-        provider: staging
-        resolvers:
-          - "1.1.1.1:53"
-          - "1.0.0.1:53"
-      tlschallenge: true
-#      httpChallenge:
-#        entryPoint: http
-  production:
+  letsencrypt:
     acme:
       email: admin@tips-of-mine.com
       storage: /var/traefik/certs/acme.json
       caServer: "https://acme-v02.api.letsencrypt.org/directory"
       keyType: EC256
       dnsChallenge:
-        provider: production
+        provider: letsencrypt
         resolvers:
+          - "8.8.8.8:53"
           - "1.1.1.1:53"
           - "1.0.0.1:53"
+        delaybeforecheck: 300
       tlschallenge: true
 #      httpchallenge:
 #        entrypoint: http
@@ -111,7 +100,7 @@ api:
   dashboard: true
 
 log:
-  level: DEBUG
+  level: ${LOG_LEVEL:-INFO}"
   filepath: "/var/log/traefik/traefik.log"
   format: json
 #  default: "common"
diff --git a/docker-compose.yml b/docker-compose.yml
index b6612b3..062964e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,6 +35,28 @@ services:
       - "./logs:/var/log/traefik:rw"
     environment:
       - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
+      - CLOUDFLARE_DNS_API_TOKEN_FILE=/run/secrets/cf_token
+      - CLOUDFLARE_HTTP_TIMEOUT=${HTTP_TIMEOUT}
+      - CLOUDFLARE_POLLING_INTERVAL=${POLLING_INTERVAL}
+      - CLOUDFLARE_PROPAGATION_TIMEOUT=${PROPAGATION_TIMEOUT}
+      - CLOUDFLARE_TTL=${TTL}
+# Swarm config
+#    deploy:
+#      restart_policy:
+#        condition: any
+#        delay: 5s
+#        max_attempts: 3
+#        window: 120s
+#      update_config:
+#        delay: 10s
+#        order: start-first
+#        parallelism: 1
+#      rollback_config:
+#        parallelism: 0
+#        order: stop-first
+#      placement:
+#        constraints:
+#          - node.role == manager
     networks:
       - back_network
       - front_network
@@ -52,11 +74,13 @@ services:
     networks:
       - front_network
 
-# whoami
-  whoami:
-    container_name: traefik-whoami
-    hostname: traefik-whoami
+### whoami-externe
+  whoami-externe:
+    container_name: traefik-whoami-externe
+    hostname: traefik-whoami-externe
     image: traefik/whoami:latest
+    command:
+       - --name=externe
     restart: unless-stopped
     networks:
       - front_network
@@ -64,12 +88,40 @@ services:
       - "traefik.enable=true"
       - "traefik.docker.network=front_network"
 # HTTP
-      - "traefik.http.routers.whoami-http.rule=Host(`whoami.tips-of-mine.com`)"
-      - "traefik.http.routers.whoami-http.entrypoints=http"
+      - "traefik.http.routers.whoami-externe-http.rule=Host(`whoami-externe.tips-of-mine.com`)"
+      - "traefik.http.routers.whoami-externe-http.entrypoints=http"
 # HTTPS
-      - "traefik.http.routers.whoami-https.rule=Host(`whoami.tips-of-mine.com`)"
-      - "traefik.http.routers.whoami-https.entrypoints=https"
-      - "traefik.http.routers.whoami-https.tls=true"
+      - "traefik.http.routers.whoami-externe-https.rule=Host(`whoami-externe.tips-of-mine.com`)"
+      - "traefik.http.routers.whoami-externe-https.entrypoints=https"
+      - "traefik.http.routers.whoami-externe-https.tls=true"
+      - "traefik.http.routers.whoami-externe-https.service=whoami-externe-service"
+# Middleware
+      - "traefik.http.routers.whoami-externe-https.middlewares=forward-auth"
+# Service
+      - "traefik.http.services.whoami-externe-service.loadbalancer.server.port=80"
+
+### whoami-interne
+  whoami-interne:
+    container_name: traefik-whoami-interne
+    hostname: traefik-whoami-interne
+    image: traefik/whoami:latest
+    command:
+       - --name=interne
+    restart: unless-stopped
+    networks:
+      - front_network
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=front_network"
+# HTTP
+      - "traefik.http.routers.whoami-interne-http.rule=Host(`whoami-interne.tips-of-mine.com`)"
+      - "traefik.http.routers.whoami-interne-http.entrypoints=http"
+# HTTPS
+      - "traefik.http.routers.whoami-interne-https.rule=Host(`whoami-interne.tips-of-mine.com`)"
+      - "traefik.http.routers.whoami-interne-https.entrypoints=https"
+      - "traefik.http.routers.whoami-interne-https.tls=true"
+      - "traefik.http.routers.whoami-interne-https.service=whoami-interne-service"
 # Middleware
 # Service
+      - "traefik.http.services.whoami-interne-service.loadbalancer.server.port=80"