Skip to content

Commit

Permalink
Merge pull request #130 from maevsi/beta
Browse files Browse the repository at this point in the history 
feat(traefik)!: use cloudflare tunnel
  • Loading branch information
@dargmuesli
dargmuesli authored Jun 6, 2024
2 parents 66fb5af + 1a54571 commit 80993a2
Show file tree
Hide file tree
Showing 8 changed files with 138 additions and 28 deletions.
7 changes: 4 additions & 3 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,13 @@ jobs:
build:
needs: prepare_jobs
name: dargstack rgen
uses: dargmuesli/github-actions/.github/workflows/dargstack-rgen.yml@2.0.0-beta.13
if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request'
uses: dargmuesli/github-actions/.github/workflows/dargstack-rgen.yml@2.2.0-beta.5
with:
SKIP: ${{ needs.prepare_jobs.outputs.pr_found == 'true' && github.event_name != 'pull_request' }}
release-semantic:
needs: build
name: Semantic Release
uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.0.0-beta.13
uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.2.0-beta.5
permissions:
contents: write
secrets:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-schedule.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
jobs:
release-schedule:
name: "Release: Scheduled"
uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.0.0-beta.13
uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.1.1-beta.1
secrets:
PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
with:
Expand Down
98 changes: 98 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,101 @@
## [6.0.0-beta.12](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.11...6.0.0-beta.12) (2024-06-06)


### Bug Fixes

* **deps:** update ghcr.io/maevsi/maevsi to v4.9.3 ([2137c30](https://github.com/maevsi/maevsi_stack/commit/2137c308d6233a2d122b82d606ebabee7498e6ba))

## [6.0.0-beta.11](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.10...6.0.0-beta.11) (2024-06-06)


### Bug Fixes

* **traefik:** do not remove entrypoint in production ([ce0df8e](https://github.com/maevsi/maevsi_stack/commit/ce0df8eb2fec054b98748c607eabe77fadbd7cc0))

## [6.0.0-beta.10](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.9...6.0.0-beta.10) (2024-06-06)


### Bug Fixes

* **redirect:** re-add redirect regex ([b840c59](https://github.com/maevsi/maevsi_stack/commit/b840c591928fd2aa40128d2ac1ddef3f1a9e7751))

## [6.0.0-beta.9](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.8...6.0.0-beta.9) (2024-06-06)


### Bug Fixes

* **traefik:** remove whole port definition on production ([31710ee](https://github.com/maevsi/maevsi_stack/commit/31710eeb71603ab2ceea186c9ebdf31d223f3cff))

## [6.0.0-beta.8](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.7...6.0.0-beta.8) (2024-06-06)


### Features

* **cloudflared:** add environment variable ([868ba1c](https://github.com/maevsi/maevsi_stack/commit/868ba1c7476ab0f9152a576ef737b662892b9b3b))

## [6.0.0-beta.7](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.6...6.0.0-beta.7) (2024-06-06)


### Features

* **production:** add command to cloudflare service ([f822483](https://github.com/maevsi/maevsi_stack/commit/f822483cc6ee7217dbd3675fffd6552c050dfb80))

## [6.0.0-beta.6](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.5...6.0.0-beta.6) (2024-06-06)


### Features

* **prod:** add cloudflared service to production deployment ([2c04195](https://github.com/maevsi/maevsi_stack/commit/2c041955e8dd05bcf0c7faa59ba70988b4a29dd0))

## [6.0.0-beta.5](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.4...6.0.0-beta.5) (2024-06-04)


### Bug Fixes

* **traefik:** remove host_ip property ([dd6fcaa](https://github.com/maevsi/maevsi_stack/commit/dd6fcaac10a51524af77ccb8a64a0bdc22d2921b))

## [6.0.0-beta.4](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.3...6.0.0-beta.4) (2024-06-04)


### Features

* **infra:** remove redirect and use port 80 for incoming connections ([353dade](https://github.com/maevsi/maevsi_stack/commit/353dade03ccb22ac5ee281e60c852ee3213d79d6))

## [6.0.0-beta.3](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.2...6.0.0-beta.3) (2024-05-27)


### Bug Fixes

* **ci:** test pull request ([102c2b0](https://github.com/maevsi/maevsi_stack/commit/102c2b0b6aa68b9ea6dee42de387592776347312))
* **ci:** test pull request ([d001388](https://github.com/maevsi/maevsi_stack/commit/d0013886ae23a9d1106ac7eae09f8ba2f2b6cff9))
* **ci:** test pull request ([8dea724](https://github.com/maevsi/maevsi_stack/commit/8dea724f65180dcec9e0a03895cc729d178430a0))
* revert "ci: specify pull request types instead of late checking" ([7b47d0e](https://github.com/maevsi/maevsi_stack/commit/7b47d0ec8eee416a3c30d75703ae989ebbdc108b))

## [6.0.0-beta.2](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.1...6.0.0-beta.2) (2024-05-23)


### Bug Fixes

* **ci:** update dargmuesli/github-actions to v2.1.1-beta.1 ([60cb03d](https://github.com/maevsi/maevsi_stack/commit/60cb03deba0dc7ac9123435623a2c176a5f4a6c5))
* **jobber:** deactivate virtual environment when done ([79e1de3](https://github.com/maevsi/maevsi_stack/commit/79e1de379c6eaab345af2e0c57c65213d08d1e88))
* revert "feat(traefik)!: use localhost" ([71a2c01](https://github.com/maevsi/maevsi_stack/commit/71a2c012f28420c3f9cea63d3a95b4654fa74210))

## [6.0.0-beta.1](https://github.com/maevsi/maevsi_stack/compare/5.2.3...6.0.0-beta.1) (2024-05-23)


### ⚠ BREAKING CHANGES

* **traefik:** use localhost

### Features

* **traefik:** use localhost ([34f0902](https://github.com/maevsi/maevsi_stack/commit/34f09025ab29e971414c88712fac62ab61d1c53a))


### Bug Fixes

* **deps:** update ghcr.io/maevsi/maevsi to v4.9.0 ([5d12b12](https://github.com/maevsi/maevsi_stack/commit/5d12b12f23fbee322b006b6d89100f9add33cab5))

## [5.2.6](https://github.com/maevsi/maevsi_stack/compare/5.2.5...5.2.6) (2024-06-04)


Expand Down
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,10 @@ This project is deployed in accordance to the [DargStack template](https://githu

Values in square brackets are [Docker secrets](https://docs.docker.com/engine/swarm/secrets/).

- ### `cloudflared` ![production](https://img.shields.io/badge/-production-informational.svg?style=flat-square)

You can configure the secure tunnel at [dash.cloudflare.com](https://dash.cloudflare.com/).

- ### `grafana`

You can access the observation dashboard at [grafana.localhost](https://grafana.localhost/).
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "maevsi_stack",
"private": true,
"version": "5.2.6",
"version": "6.0.0-beta.12",
"description": "DargStack configuration for maevsi.",
"repository": "https://github.com/maevsi/maevsi_stack.git",
"author": "Jonas Thelemann <e-mail+maevsi_stack@jonas-thelemann.de>",
Expand Down
44 changes: 22 additions & 22 deletions src/development/stack.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ services:
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.adminer.middlewares=redirectscheme
- traefik.http.routers.adminer.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.adminer.rule=Host(`adminer.${STACK_DOMAIN}`)
- traefik.http.routers.adminer_secure.rule=Host(`adminer.${STACK_DOMAIN}`)
- traefik.http.routers.adminer_secure.tls.options=mintls13@file #DARGSTACK-REMOVE
Expand All @@ -112,7 +112,7 @@ services:
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.grafana.middlewares=redirectscheme
- traefik.http.routers.grafana.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.grafana.rule=Host(`grafana.${STACK_DOMAIN}`)
- traefik.http.routers.grafana_secure.rule=Host(`grafana.${STACK_DOMAIN}`)
- traefik.http.routers.grafana_secure.tls.options=mintls13@file #DARGSTACK-REMOVE
Expand Down Expand Up @@ -152,7 +152,7 @@ services:
- traefik.http.middlewares.maevsi_redirectregex.redirectregex.regex=^https?:\/\/www\.${STACK_DOMAIN}\/(.*)
- traefik.http.middlewares.maevsi_redirectregex.redirectregex.replacement=https://${STACK_DOMAIN}/$${2}
- traefik.http.routers.maevsi.entryPoints=web
- traefik.http.routers.maevsi.middlewares=redirectscheme,maevsi_redirectregex
- traefik.http.routers.maevsi.middlewares=redirectscheme,maevsi_redirectregex #DARGSTACK-REMOVE
- traefik.http.routers.maevsi.rule=Host(`${STACK_DOMAIN}`) || Host(`www.${STACK_DOMAIN}`)
- traefik.http.routers.maevsi.service=maevsi #DARGSTACK-REMOVE
- traefik.http.routers.maevsi_secure.entryPoints=web-secure
Expand Down Expand Up @@ -196,7 +196,7 @@ services:
labels:
- traefik.enable=true
# Minio Console
- traefik.http.routers.minio.middlewares=redirectscheme
- traefik.http.routers.minio.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.minio.rule=Host(`minio.${STACK_DOMAIN}`)
- traefik.http.routers.minio.service=minio
- traefik.http.routers.minio_secure.rule=Host(`minio.${STACK_DOMAIN}`)
Expand All @@ -205,7 +205,7 @@ services:
- traefik.http.services.minio.loadbalancer.server.port=9001
- traefik.http.services.minio.loadbalancer.passhostheader=true
# Minio itself
- traefik.http.routers.s3.middlewares=redirectscheme
- traefik.http.routers.s3.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.s3.rule=Host(`s3.${STACK_DOMAIN}`)
- traefik.http.routers.s3.service=s3
- traefik.http.routers.s3_secure.rule=Host(`s3.${STACK_DOMAIN}`)
Expand Down Expand Up @@ -238,7 +238,7 @@ services:
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.portainer.middlewares=redirectscheme
- traefik.http.routers.portainer.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.portainer.rule=Host(`portainer.${STACK_DOMAIN}`)
- traefik.http.routers.portainer_secure.rule=Host(`portainer.${STACK_DOMAIN}`)
- traefik.http.routers.portainer_secure.tls.options=mintls13@file #DARGSTACK-REMOVE
Expand Down Expand Up @@ -274,7 +274,7 @@ services:
- traefik.http.middlewares.postgraphile_auth.plugin.body-forward-auth.AuthUrl=http://maevsi:3000/api/auth-proxy
- traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowHeaders=authorization,content-type,x-turnstile-key
- traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowOriginList=*
- traefik.http.routers.postgraphile.middlewares=redirectscheme
- traefik.http.routers.postgraphile.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.postgraphile.rule=Host(`postgraphile.${STACK_DOMAIN}`)
- traefik.http.routers.postgraphile_secure.middlewares=postgraphile_cors,postgraphile_auth
- traefik.http.routers.postgraphile_secure.rule=Host(`postgraphile.${STACK_DOMAIN}`)
Expand Down Expand Up @@ -323,7 +323,7 @@ services:
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.prometheus.middlewares=redirectscheme
- traefik.http.routers.prometheus.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.prometheus.rule=Host(`prometheus.${STACK_DOMAIN}`)
- traefik.http.routers.prometheus_secure.rule=Host(`prometheus.${STACK_DOMAIN}`)
- traefik.http.routers.prometheus_secure.tls.options=mintls13@file #DARGSTACK-REMOVE
Expand All @@ -337,7 +337,7 @@ services:
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.rabbitmq.middlewares=redirectscheme
- traefik.http.routers.rabbitmq.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.rabbitmq.rule=Host(`rabbitmq.${STACK_DOMAIN}`)
- traefik.http.routers.rabbitmq_secure.rule=Host(`rabbitmq.${STACK_DOMAIN}`)
- traefik.http.routers.rabbitmq_secure.tls.options=mintls13@file #DARGSTACK-REMOVE
Expand Down Expand Up @@ -376,7 +376,7 @@ services:
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.stomper.middlewares=redirectscheme
- traefik.http.routers.stomper.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.stomper.rule=Host(`stomper.${STACK_DOMAIN}`)
- traefik.http.routers.stomper_secure.rule=Host(`stomper.${STACK_DOMAIN}`)
- traefik.http.routers.stomper_secure.tls.options=mintls13@file #DARGSTACK-REMOVE
Expand Down Expand Up @@ -416,8 +416,8 @@ services:
deploy:
labels:
- traefik.enable=true
- traefik.http.middlewares.redirectscheme.redirectscheme.scheme=https
- traefik.http.routers.traefik.middlewares=redirectscheme
- traefik.http.middlewares.redirectscheme.redirectscheme.scheme=https #DARGSTACK-REMOVE
- traefik.http.routers.traefik.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.traefik.rule=Host(`traefik.${STACK_DOMAIN}`)
- traefik.http.routers.traefik_secure.rule=Host(`traefik.${STACK_DOMAIN}`)
- traefik.http.routers.traefik_secure.service=api@internal
Expand All @@ -428,15 +428,15 @@ services:
constraints:
- node.role == manager
image: traefik:v3.0.1
ports:
- mode: host
protocol: tcp
published: 80
target: 80
- mode: host
protocol: tcp
published: 443
target: 443
ports: #DARGSTACK-REMOVE
- mode: host #DARGSTACK-REMOVE
protocol: tcp #DARGSTACK-REMOVE
published: 80 #DARGSTACK-REMOVE
target: 80 #DARGSTACK-REMOVE
- mode: host #DARGSTACK-REMOVE
protocol: tcp #DARGSTACK-REMOVE
published: 443 #DARGSTACK-REMOVE
target: 443 #DARGSTACK-REMOVE
- mode: host #DARGSTACK-REMOVE
protocol: tcp #DARGSTACK-REMOVE
published: 24678 #DARGSTACK-REMOVE
Expand All @@ -451,7 +451,7 @@ services:
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.tusd.middlewares=redirectscheme
- traefik.http.routers.tusd.middlewares=redirectscheme #DARGSTACK-REMOVE
- traefik.http.routers.tusd.rule=Host(`tusd.${STACK_DOMAIN}`)
- traefik.http.routers.tusd_secure.rule=Host(`tusd.${STACK_DOMAIN}`) && (Method(`GET`) || Method(`HEAD`) || Method(`OPTIONS`) || Method(`POST`) || Method(`PUT`) || Method(`PATCH`))
- traefik.http.routers.tusd_secure.tls.options=mintls13@file #DARGSTACK-REMOVE
Expand Down
1 change: 1 addition & 0 deletions src/production/production.env.template
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
CLOUDFLARED_TUNNEL_TOKEN=
SENTRY_CRONS=
STACK_DOMAIN=
TRAEFIK_ACME_EMAIL=
Expand Down
8 changes: 7 additions & 1 deletion src/production/production.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,12 @@ services:
labels:
- (( append ))
- traefik.http.routers.adminer_secure.tls.certresolver=default
cloudflared:
# You can configure the secure tunnel at [dash.cloudflare.com](https://dash.cloudflare.com/).
command: tunnel run
environment:
TUNNEL_TOKEN: ${CLOUDFLARED_TUNNEL_TOKEN}
image: cloudflare/cloudflared
grafana:
deploy:
labels:
Expand All @@ -43,6 +49,7 @@ services:
deploy:
labels:
- (( append ))
- traefik.http.routers.maevsi.middlewares=maevsi_redirectregex
- traefik.http.routers.maevsi_secure.tls.certresolver=default
image: ghcr.io/maevsi/maevsi:4.9.3
user: (( prune ))
Expand All @@ -52,7 +59,6 @@ services:
labels:
- traefik.enable=true
- traefik.http.routers.maevsi_beta.entryPoints=web
- traefik.http.routers.maevsi_beta.middlewares=redirectscheme
- traefik.http.routers.maevsi_beta.rule=Host(`beta.${STACK_DOMAIN}`)
- traefik.http.routers.maevsi_beta_secure.entryPoints=web-secure
- traefik.http.routers.maevsi_beta_secure.middlewares=maevsi_cors
Expand Down

0 comments on commit 80993a2

Please sign in to comment.