Skip to content

Commit

Permalink
disable https
Browse files Browse the repository at this point in the history
  • Loading branch information
@rikukissa
rikukissa committed Sep 14, 2024
1 parent 58ff5bf commit 9d2d9f9
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 71 deletions.
56 changes: 8 additions & 48 deletions infrastructure/docker-compose.app.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,17 +64,12 @@ services:
- 'traefik.enable=true'
- 'traefik.http.routers.${STACK}__countryconfig.rule=(Host(`countryconfig.${STACK}.{{hostname}}`) || Host(`registry.${STACK}.{{hostname}}`)) && !Path(`/email`) && !Path(`/notification`) && !Path(`/dashboards/queries.json`)'
- 'traefik.http.services.${STACK}__countryconfig.loadbalancer.server.port=3040'
- 'traefik.http.routers.${STACK}__countryconfig.tls=true'
- 'traefik.http.routers.${STACK}__countryconfig.tls.certresolver=certResolver'
- 'traefik.http.routers.${STACK}__countryconfig.entrypoints=web,websecure'
- 'traefik.http.routers.${STACK}__countryconfig.entrypoints=web'
- 'traefik.http.routers.${STACK}__countryconfig.middlewares=gzip-compression'
- 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net'
- 'traefik.http.middlewares.${STACK}__countryconfig.headers.customresponseheaders.Pragma=no-cache'
- 'traefik.http.middlewares.${STACK}__countryconfig.headers.customresponseheaders.Cache-control=no-store'
- 'traefik.http.middlewares.${STACK}__countryconfig.headers.customresponseheaders.X-Robots-Tag=none'
- 'traefik.http.middlewares.${STACK}__countryconfig.headers.stsseconds=31536000'
- 'traefik.http.middlewares.${STACK}__countryconfig.headers.stsincludesubdomains=true'
- 'traefik.http.middlewares.${STACK}__countryconfig.headers.stspreload=true'
# This is an invalid IP range, effectively blocking all IPs from accessing below paths.
# It's only meant to be accessed from the internal docker network.
- 'traefik.http.middlewares.${STACK}__block-internal-routes.ipwhitelist.sourcerange=255.255.255.255'
Expand Down Expand Up @@ -135,17 +130,12 @@ services:
- 'traefik.enable=true'
- 'traefik.http.routers.${STACK}__login.rule=Host(`login.${STACK}.{{hostname}}`)'
- 'traefik.http.services.${STACK}__login.loadbalancer.server.port=80'
- 'traefik.http.routers.${STACK}__login.tls=true'
- 'traefik.http.routers.${STACK}__login.tls.certresolver=certResolver'
- 'traefik.http.routers.${STACK}__login.entrypoints=web,websecure'
- 'traefik.http.routers.${STACK}__login.entrypoints=web'
- 'traefik.http.routers.${STACK}__login.middlewares=gzip-compression'
- 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net'
- 'traefik.http.middlewares.${STACK}__login.headers.customresponseheaders.Pragma=no-cache'
- 'traefik.http.middlewares.${STACK}__login.headers.customresponseheaders.Cache-control=no-store'
- 'traefik.http.middlewares.${STACK}__login.headers.customresponseheaders.X-Robots-Tag=none'
- 'traefik.http.middlewares.${STACK}__login.headers.stsseconds=31536000'
- 'traefik.http.middlewares.${STACK}__login.headers.stsincludesubdomains=true'
- 'traefik.http.middlewares.${STACK}__login.headers.stspreload=true'
replicas: 1
networks:
- {{STACK}}_app_net
Expand All @@ -171,9 +161,7 @@ services:
- 'traefik.http.routers.${STACK}__client.rule=Host(`register.${STACK}.{{hostname}}`,`${STACK}.{{hostname}}`)'
- 'traefik.http.routers.${STACK}__client.middlewares=${STACK}__test-replacepathregex,gzip-compression'
- 'traefik.http.services.${STACK}__client.loadbalancer.server.port=80'
- 'traefik.http.routers.${STACK}__client.tls=true'
- 'traefik.http.routers.${STACK}__client.tls.certresolver=certResolver'
- 'traefik.http.routers.${STACK}__client.entrypoints=web,websecure'
- 'traefik.http.routers.${STACK}__client.entrypoints=web'
- 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net'

- 'traefik.http.middlewares.${STACK}__test-replacepathregex.redirectregex.permanent=true'
Expand All @@ -182,9 +170,6 @@ services:
- 'traefik.http.middlewares.${STACK}__client.headers.customresponseheaders.Pragma=no-cache'
- 'traefik.http.middlewares.${STACK}__client.headers.customresponseheaders.Cache-control=no-store'
- 'traefik.http.middlewares.${STACK}__client.headers.customresponseheaders.X-Robots-Tag=none'
- 'traefik.http.middlewares.${STACK}__client.headers.stsseconds=31536000'
- 'traefik.http.middlewares.${STACK}__client.headers.stsincludesubdomains=true'
- 'traefik.http.middlewares.${STACK}__client.headers.stspreload=true'
replicas: 1
networks:
- {{STACK}}_app_net
Expand Down Expand Up @@ -232,17 +217,12 @@ services:
- 'traefik.enable=true'
- 'traefik.http.routers.${STACK}__gateway.rule=Host(`gateway.${STACK}.{{hostname}}`)'
- 'traefik.http.services.${STACK}__gateway.loadbalancer.server.port=7070'
- 'traefik.http.routers.${STACK}__gateway.tls=true'
- 'traefik.http.routers.${STACK}__gateway.tls.certresolver=certResolver'
- 'traefik.http.routers.${STACK}__gateway.entrypoints=web,websecure'
- 'traefik.http.routers.${STACK}__gateway.entrypoints=web'
- 'traefik.http.routers.${STACK}__gateway.middlewares=gzip-compression'
- 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net'
- 'traefik.http.middlewares.${STACK}__gateway.headers.customresponseheaders.Pragma=no-cache'
- 'traefik.http.middlewares.${STACK}__gateway.headers.customresponseheaders.Cache-control=no-store'
- 'traefik.http.middlewares.${STACK}__gateway.headers.customresponseheaders.X-Robots-Tag=none'
- 'traefik.http.middlewares.${STACK}__gateway.headers.stsseconds=31536000'
- 'traefik.http.middlewares.${STACK}__gateway.headers.stsincludesubdomains=true'
- 'traefik.http.middlewares.${STACK}__gateway.headers.stspreload=true'
replicas: 1
networks:
- {{STACK}}_app_net
Expand Down Expand Up @@ -418,16 +398,11 @@ services:
- 'traefik.enable=true'
- 'traefik.http.routers.${STACK}__auth.rule=Host(`auth.${STACK}.{{hostname}}`)'
- 'traefik.http.services.${STACK}__auth.loadbalancer.server.port=4040'
- 'traefik.http.routers.${STACK}__auth.tls=true'
- 'traefik.http.routers.${STACK}__auth.tls.certresolver=certResolver'
- 'traefik.http.routers.${STACK}__auth.entrypoints=web,websecure'
- 'traefik.http.routers.${STACK}__auth.entrypoints=web'
- 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net'
- 'traefik.http.middlewares.${STACK}__auth.headers.customresponseheaders.Pragma=no-cache'
- 'traefik.http.middlewares.${STACK}__auth.headers.customresponseheaders.Cache-control=no-store'
- 'traefik.http.middlewares.${STACK}__auth.headers.customresponseheaders.X-Robots-Tag=none'
- 'traefik.http.middlewares.${STACK}__auth.headers.stsseconds=31536000'
- 'traefik.http.middlewares.${STACK}__auth.headers.stsincludesubdomains=true'
- 'traefik.http.middlewares.${STACK}__auth.headers.stspreload=true'
replicas: 1
networks:
- {{STACK}}_app_net
Expand Down Expand Up @@ -491,16 +466,11 @@ services:
- 'traefik.enable=true'
- 'traefik.http.routers.${STACK}__webhooks.rule=Host(`webhooks.${STACK}.{{hostname}}`)'
- 'traefik.http.services.${STACK}__webhooks.loadbalancer.server.port=2525'
- 'traefik.http.routers.${STACK}__webhooks.tls=true'
- 'traefik.http.routers.${STACK}__webhooks.tls.certresolver=certResolver'
- 'traefik.http.routers.${STACK}__webhooks.entrypoints=web,websecure'
- 'traefik.http.routers.${STACK}__webhooks.entrypoints=web'
- 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net'
- 'traefik.http.middlewares.${STACK}__webhooks.headers.customresponseheaders.Pragma=no-cache'
- 'traefik.http.middlewares.${STACK}__webhooks.headers.customresponseheaders.Cache-control=no-store'
- 'traefik.http.middlewares.${STACK}__webhooks.headers.customresponseheaders.X-Robots-Tag=none'
- 'traefik.http.middlewares.${STACK}__webhooks.headers.stsseconds=31536000'
- 'traefik.http.middlewares.${STACK}__webhooks.headers.stsincludesubdomains=true'
- 'traefik.http.middlewares.${STACK}__webhooks.headers.stspreload=true'
replicas: 1
networks:
- {{STACK}}_app_net
Expand Down Expand Up @@ -540,16 +510,11 @@ services:
- 'traefik.enable=true'
- 'traefik.http.routers.${STACK}__config.rule=Host(`config.${STACK}.{{hostname}}`) && !Path(`/dashboardQueries`)'
- 'traefik.http.services.${STACK}__config.loadbalancer.server.port=2021'
- 'traefik.http.routers.${STACK}__config.tls=true'
- 'traefik.http.routers.${STACK}__config.tls.certresolver=certResolver'
- 'traefik.http.routers.${STACK}__config.entrypoints=web,websecure'
- 'traefik.http.routers.${STACK}__config.entrypoints=web'
- 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net'
- 'traefik.http.middlewares.${STACK}__config.headers.customresponseheaders.Pragma=no-cache'
- 'traefik.http.middlewares.${STACK}__config.headers.customresponseheaders.Cache-control=no-store'
- 'traefik.http.middlewares.${STACK}__config.headers.customresponseheaders.X-Robots-Tag=none'
- 'traefik.http.middlewares.${STACK}__config.headers.stsseconds=31536000'
- 'traefik.http.middlewares.${STACK}__config.headers.stsincludesubdomains=true'
- 'traefik.http.middlewares.${STACK}__config.headers.stspreload=true'
- 'traefik.http.middlewares.${STACK}__block-internal-routes.ipwhitelist.sourcerange=255.255.255.255'
- 'traefik.http.routers.${STACK}__block-dashboard-queries.rule=Host(`countryconfig.${STACK}.{{hostname}}`) && Path(`/dashboardQueries`)'
- 'traefik.http.routers.${STACK}__block-dashboard-queries.middlewares=${STACK}__block-internal-routes'
Expand Down Expand Up @@ -718,16 +683,11 @@ services:
- 'traefik.enable=true'
- 'traefik.http.routers.${STACK}__metabase.rule=Host(`metabase.${STACK}.{{hostname}}`)'
- 'traefik.http.services.${STACK}__metabase.loadbalancer.server.port=4444'
- 'traefik.http.routers.${STACK}__metabase.tls=true'
- 'traefik.http.routers.${STACK}__metabase.tls.certresolver=certResolver'
- 'traefik.http.routers.${STACK}__metabase.entrypoints=web,websecure'
- 'traefik.http.routers.${STACK}__metabase.entrypoints=web'
- 'traefik.docker.network=dependencies_{{STACK}}_dependencies_net'
- 'traefik.http.middlewares.${STACK}__metabase.headers.customresponseheaders.Pragma=no-cache'
- 'traefik.http.middlewares.${STACK}__metabase.headers.customresponseheaders.Cache-control=no-store'
- 'traefik.http.middlewares.${STACK}__metabase.headers.customresponseheaders.X-Robots-Tag=none'
- 'traefik.http.middlewares.${STACK}__metabase.headers.stsseconds=31536000'
- 'traefik.http.middlewares.${STACK}__metabase.headers.stsincludesubdomains=true'
- 'traefik.http.middlewares.${STACK}__metabase.headers.stspreload=true'
replicas: 1
placement:
constraints:
Expand Down
26 changes: 3 additions & 23 deletions infrastructure/docker-compose.dependencies.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,30 +19,17 @@ services:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /data/traefik/acme.json:/acme.json
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --providers.docker.swarmMode=true
- --api.dashboard=true
- --api.insecure=true
- --log.level=WARNING
- --certificatesresolvers.certResolver.acme.email=riku@opencrvs.org
- --certificatesresolvers.certResolver.acme.storage=acme.json
- --certificatesresolvers.certResolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
- --certificatesresolvers.certResolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.certResolver.acme.httpchallenge=true
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.web.http.redirections.entrypoint.permanent=true
- --serverstransport.insecureskipverify=true
- --entrypoints.websecure.address=:443
- --accesslog=true
- --accesslog.format=json
- --ping=true
Expand Down Expand Up @@ -173,9 +160,7 @@ services:
- 'traefik.enable=true'
- 'traefik.http.routers.kibana.rule=Host(`kibana.{{hostname}}`)'
- 'traefik.http.services.kibana.loadbalancer.server.port=5601'
- 'traefik.http.routers.kibana.tls=true'
- 'traefik.http.routers.kibana.tls.certresolver=certResolver'
- 'traefik.http.routers.kibana.entrypoints=web,websecure'
- 'traefik.http.routers.kibana.entrypoints=web'
- 'traefik.docker.network=traefik_net'
- 'traefik.http.middlewares.traefik.headers.stsseconds=31536000'
- 'traefik.http.middlewares.traefik.headers.stsincludesubdomains=true'
Expand Down Expand Up @@ -311,18 +296,13 @@ services:
- 'traefik.docker.network=traefik_net'
# Console
- 'traefik.http.routers.minio-console.rule=Host(`minio-console.{{hostname}}`)'
- 'traefik.http.routers.minio-console.entrypoints=websecure'
- 'traefik.http.routers.minio-console.tls.certresolver=certResolver'
- 'traefik.http.routers.minio-console.entrypoints=web'
- 'traefik.http.routers.minio-console.service=minio-console'
- 'traefik.http.services.minio-console.loadbalancer.server.port=9001'
# API
- 'traefik.http.routers.minio.rule=Host(`minio.{{hostname}}`)'
- 'traefik.http.routers.minio.entrypoints=websecure,web'
- 'traefik.http.routers.minio.tls.certresolver=certResolver'
- 'traefik.http.routers.minio.tls=true'
- 'traefik.http.routers.minio.entrypoints=web'
- 'traefik.http.routers.minio.service=minio'
- 'traefik.http.routers.minio.middlewares=minio-https-redirect'
- 'traefik.http.middlewares.minio-https-redirect.redirectscheme.scheme=https'
- 'traefik.http.services.minio.loadbalancer.server.port=9000'

minio-mc:
Expand Down

0 comments on commit 9d2d9f9

Please sign in to comment.