diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dc014014..cb054857 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,12 +25,13 @@ jobs: build: needs: prepare_jobs name: dargstack rgen - uses: dargmuesli/github-actions/.github/workflows/dargstack-rgen.yml@2.0.0-beta.13 - if: needs.prepare_jobs.outputs.pr_found == 'false' || github.event_name == 'pull_request' + uses: dargmuesli/github-actions/.github/workflows/dargstack-rgen.yml@2.2.0-beta.5 + with: + SKIP: ${{ needs.prepare_jobs.outputs.pr_found == 'true' && github.event_name != 'pull_request' }} release-semantic: needs: build name: Semantic Release - uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.0.0-beta.13 + uses: dargmuesli/github-actions/.github/workflows/release-semantic.yml@2.2.0-beta.5 permissions: contents: write secrets: diff --git a/.github/workflows/release-schedule.yml b/.github/workflows/release-schedule.yml index 65519d1e..c4776517 100644 --- a/.github/workflows/release-schedule.yml +++ b/.github/workflows/release-schedule.yml @@ -8,7 +8,7 @@ on: jobs: release-schedule: name: "Release: Scheduled" - uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.0.0-beta.13 + uses: dargmuesli/github-actions/.github/workflows/release-schedule.yml@2.1.1-beta.1 secrets: PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} with: diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f96079c..b24f5ee0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,101 @@ +## [6.0.0-beta.12](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.11...6.0.0-beta.12) (2024-06-06) + + +### Bug Fixes + +* **deps:** update ghcr.io/maevsi/maevsi to v4.9.3 ([2137c30](https://github.com/maevsi/maevsi_stack/commit/2137c308d6233a2d122b82d606ebabee7498e6ba)) + +## [6.0.0-beta.11](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.10...6.0.0-beta.11) (2024-06-06) + + +### Bug Fixes + +* **traefik:** do not remove entrypoint in production ([ce0df8e](https://github.com/maevsi/maevsi_stack/commit/ce0df8eb2fec054b98748c607eabe77fadbd7cc0)) + +## [6.0.0-beta.10](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.9...6.0.0-beta.10) (2024-06-06) + + +### Bug Fixes + +* **redirect:** re-add redirect regex ([b840c59](https://github.com/maevsi/maevsi_stack/commit/b840c591928fd2aa40128d2ac1ddef3f1a9e7751)) + +## [6.0.0-beta.9](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.8...6.0.0-beta.9) (2024-06-06) + + +### Bug Fixes + +* **traefik:** remove whole port definition on production ([31710ee](https://github.com/maevsi/maevsi_stack/commit/31710eeb71603ab2ceea186c9ebdf31d223f3cff)) + +## [6.0.0-beta.8](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.7...6.0.0-beta.8) (2024-06-06) + + +### Features + +* **cloudflared:** add environment variable ([868ba1c](https://github.com/maevsi/maevsi_stack/commit/868ba1c7476ab0f9152a576ef737b662892b9b3b)) + +## [6.0.0-beta.7](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.6...6.0.0-beta.7) (2024-06-06) + + +### Features + +* **production:** add command to cloudflare service ([f822483](https://github.com/maevsi/maevsi_stack/commit/f822483cc6ee7217dbd3675fffd6552c050dfb80)) + +## [6.0.0-beta.6](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.5...6.0.0-beta.6) (2024-06-06) + + +### Features + +* **prod:** add cloudflared service to production deployment ([2c04195](https://github.com/maevsi/maevsi_stack/commit/2c041955e8dd05bcf0c7faa59ba70988b4a29dd0)) + +## [6.0.0-beta.5](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.4...6.0.0-beta.5) (2024-06-04) + + +### Bug Fixes + +* **traefik:** remove host_ip property ([dd6fcaa](https://github.com/maevsi/maevsi_stack/commit/dd6fcaac10a51524af77ccb8a64a0bdc22d2921b)) + +## [6.0.0-beta.4](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.3...6.0.0-beta.4) (2024-06-04) + + +### Features + +* **infra:** remove redirect and use port 80 for incoming connections ([353dade](https://github.com/maevsi/maevsi_stack/commit/353dade03ccb22ac5ee281e60c852ee3213d79d6)) + +## [6.0.0-beta.3](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.2...6.0.0-beta.3) (2024-05-27) + + +### Bug Fixes + +* **ci:** test pull request ([102c2b0](https://github.com/maevsi/maevsi_stack/commit/102c2b0b6aa68b9ea6dee42de387592776347312)) +* **ci:** test pull request ([d001388](https://github.com/maevsi/maevsi_stack/commit/d0013886ae23a9d1106ac7eae09f8ba2f2b6cff9)) +* **ci:** test pull request ([8dea724](https://github.com/maevsi/maevsi_stack/commit/8dea724f65180dcec9e0a03895cc729d178430a0)) +* revert "ci: specify pull request types instead of late checking" ([7b47d0e](https://github.com/maevsi/maevsi_stack/commit/7b47d0ec8eee416a3c30d75703ae989ebbdc108b)) + +## [6.0.0-beta.2](https://github.com/maevsi/maevsi_stack/compare/6.0.0-beta.1...6.0.0-beta.2) (2024-05-23) + + +### Bug Fixes + +* **ci:** update dargmuesli/github-actions to v2.1.1-beta.1 ([60cb03d](https://github.com/maevsi/maevsi_stack/commit/60cb03deba0dc7ac9123435623a2c176a5f4a6c5)) +* **jobber:** deactivate virtual environment when done ([79e1de3](https://github.com/maevsi/maevsi_stack/commit/79e1de379c6eaab345af2e0c57c65213d08d1e88)) +* revert "feat(traefik)!: use localhost" ([71a2c01](https://github.com/maevsi/maevsi_stack/commit/71a2c012f28420c3f9cea63d3a95b4654fa74210)) + +## [6.0.0-beta.1](https://github.com/maevsi/maevsi_stack/compare/5.2.3...6.0.0-beta.1) (2024-05-23) + + +### ⚠ BREAKING CHANGES + +* **traefik:** use localhost + +### Features + +* **traefik:** use localhost ([34f0902](https://github.com/maevsi/maevsi_stack/commit/34f09025ab29e971414c88712fac62ab61d1c53a)) + + +### Bug Fixes + +* **deps:** update ghcr.io/maevsi/maevsi to v4.9.0 ([5d12b12](https://github.com/maevsi/maevsi_stack/commit/5d12b12f23fbee322b006b6d89100f9add33cab5)) + ## [5.2.6](https://github.com/maevsi/maevsi_stack/compare/5.2.5...5.2.6) (2024-06-04) diff --git a/README.md b/README.md index 06210d50..798fed11 100644 --- a/README.md +++ b/README.md @@ -165,6 +165,10 @@ This project is deployed in accordance to the [DargStack template](https://githu Values in square brackets are [Docker secrets](https://docs.docker.com/engine/swarm/secrets/). + - ### `cloudflared` ![production](https://img.shields.io/badge/-production-informational.svg?style=flat-square) + + You can configure the secure tunnel at [dash.cloudflare.com](https://dash.cloudflare.com/). + - ### `grafana` You can access the observation dashboard at [grafana.localhost](https://grafana.localhost/). diff --git a/package.json b/package.json index f443e2b9..2a62c40e 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "maevsi_stack", "private": true, - "version": "5.2.6", + "version": "6.0.0-beta.12", "description": "DargStack configuration for maevsi.", "repository": "https://github.com/maevsi/maevsi_stack.git", "author": "Jonas Thelemann ", diff --git a/src/development/stack.yml b/src/development/stack.yml index bff66c9c..5ae599d2 100644 --- a/src/development/stack.yml +++ b/src/development/stack.yml @@ -99,7 +99,7 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.routers.adminer.middlewares=redirectscheme + - traefik.http.routers.adminer.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.adminer.rule=Host(`adminer.${STACK_DOMAIN}`) - traefik.http.routers.adminer_secure.rule=Host(`adminer.${STACK_DOMAIN}`) - traefik.http.routers.adminer_secure.tls.options=mintls13@file #DARGSTACK-REMOVE @@ -112,7 +112,7 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.routers.grafana.middlewares=redirectscheme + - traefik.http.routers.grafana.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.grafana.rule=Host(`grafana.${STACK_DOMAIN}`) - traefik.http.routers.grafana_secure.rule=Host(`grafana.${STACK_DOMAIN}`) - traefik.http.routers.grafana_secure.tls.options=mintls13@file #DARGSTACK-REMOVE @@ -152,7 +152,7 @@ services: - traefik.http.middlewares.maevsi_redirectregex.redirectregex.regex=^https?:\/\/www\.${STACK_DOMAIN}\/(.*) - traefik.http.middlewares.maevsi_redirectregex.redirectregex.replacement=https://${STACK_DOMAIN}/$${2} - traefik.http.routers.maevsi.entryPoints=web - - traefik.http.routers.maevsi.middlewares=redirectscheme,maevsi_redirectregex + - traefik.http.routers.maevsi.middlewares=redirectscheme,maevsi_redirectregex #DARGSTACK-REMOVE - traefik.http.routers.maevsi.rule=Host(`${STACK_DOMAIN}`) || Host(`www.${STACK_DOMAIN}`) - traefik.http.routers.maevsi.service=maevsi #DARGSTACK-REMOVE - traefik.http.routers.maevsi_secure.entryPoints=web-secure @@ -196,7 +196,7 @@ services: labels: - traefik.enable=true # Minio Console - - traefik.http.routers.minio.middlewares=redirectscheme + - traefik.http.routers.minio.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.minio.rule=Host(`minio.${STACK_DOMAIN}`) - traefik.http.routers.minio.service=minio - traefik.http.routers.minio_secure.rule=Host(`minio.${STACK_DOMAIN}`) @@ -205,7 +205,7 @@ services: - traefik.http.services.minio.loadbalancer.server.port=9001 - traefik.http.services.minio.loadbalancer.passhostheader=true # Minio itself - - traefik.http.routers.s3.middlewares=redirectscheme + - traefik.http.routers.s3.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.s3.rule=Host(`s3.${STACK_DOMAIN}`) - traefik.http.routers.s3.service=s3 - traefik.http.routers.s3_secure.rule=Host(`s3.${STACK_DOMAIN}`) @@ -238,7 +238,7 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.routers.portainer.middlewares=redirectscheme + - traefik.http.routers.portainer.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.portainer.rule=Host(`portainer.${STACK_DOMAIN}`) - traefik.http.routers.portainer_secure.rule=Host(`portainer.${STACK_DOMAIN}`) - traefik.http.routers.portainer_secure.tls.options=mintls13@file #DARGSTACK-REMOVE @@ -274,7 +274,7 @@ services: - traefik.http.middlewares.postgraphile_auth.plugin.body-forward-auth.AuthUrl=http://maevsi:3000/api/auth-proxy - traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowHeaders=authorization,content-type,x-turnstile-key - traefik.http.middlewares.postgraphile_cors.headers.accessControlAllowOriginList=* - - traefik.http.routers.postgraphile.middlewares=redirectscheme + - traefik.http.routers.postgraphile.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.postgraphile.rule=Host(`postgraphile.${STACK_DOMAIN}`) - traefik.http.routers.postgraphile_secure.middlewares=postgraphile_cors,postgraphile_auth - traefik.http.routers.postgraphile_secure.rule=Host(`postgraphile.${STACK_DOMAIN}`) @@ -323,7 +323,7 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.routers.prometheus.middlewares=redirectscheme + - traefik.http.routers.prometheus.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.prometheus.rule=Host(`prometheus.${STACK_DOMAIN}`) - traefik.http.routers.prometheus_secure.rule=Host(`prometheus.${STACK_DOMAIN}`) - traefik.http.routers.prometheus_secure.tls.options=mintls13@file #DARGSTACK-REMOVE @@ -337,7 +337,7 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.routers.rabbitmq.middlewares=redirectscheme + - traefik.http.routers.rabbitmq.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.rabbitmq.rule=Host(`rabbitmq.${STACK_DOMAIN}`) - traefik.http.routers.rabbitmq_secure.rule=Host(`rabbitmq.${STACK_DOMAIN}`) - traefik.http.routers.rabbitmq_secure.tls.options=mintls13@file #DARGSTACK-REMOVE @@ -376,7 +376,7 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.routers.stomper.middlewares=redirectscheme + - traefik.http.routers.stomper.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.stomper.rule=Host(`stomper.${STACK_DOMAIN}`) - traefik.http.routers.stomper_secure.rule=Host(`stomper.${STACK_DOMAIN}`) - traefik.http.routers.stomper_secure.tls.options=mintls13@file #DARGSTACK-REMOVE @@ -416,8 +416,8 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.middlewares.redirectscheme.redirectscheme.scheme=https - - traefik.http.routers.traefik.middlewares=redirectscheme + - traefik.http.middlewares.redirectscheme.redirectscheme.scheme=https #DARGSTACK-REMOVE + - traefik.http.routers.traefik.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.traefik.rule=Host(`traefik.${STACK_DOMAIN}`) - traefik.http.routers.traefik_secure.rule=Host(`traefik.${STACK_DOMAIN}`) - traefik.http.routers.traefik_secure.service=api@internal @@ -428,15 +428,15 @@ services: constraints: - node.role == manager image: traefik:v3.0.1 - ports: - - mode: host - protocol: tcp - published: 80 - target: 80 - - mode: host - protocol: tcp - published: 443 - target: 443 + ports: #DARGSTACK-REMOVE + - mode: host #DARGSTACK-REMOVE + protocol: tcp #DARGSTACK-REMOVE + published: 80 #DARGSTACK-REMOVE + target: 80 #DARGSTACK-REMOVE + - mode: host #DARGSTACK-REMOVE + protocol: tcp #DARGSTACK-REMOVE + published: 443 #DARGSTACK-REMOVE + target: 443 #DARGSTACK-REMOVE - mode: host #DARGSTACK-REMOVE protocol: tcp #DARGSTACK-REMOVE published: 24678 #DARGSTACK-REMOVE @@ -451,7 +451,7 @@ services: deploy: labels: - traefik.enable=true - - traefik.http.routers.tusd.middlewares=redirectscheme + - traefik.http.routers.tusd.middlewares=redirectscheme #DARGSTACK-REMOVE - traefik.http.routers.tusd.rule=Host(`tusd.${STACK_DOMAIN}`) - traefik.http.routers.tusd_secure.rule=Host(`tusd.${STACK_DOMAIN}`) && (Method(`GET`) || Method(`HEAD`) || Method(`OPTIONS`) || Method(`POST`) || Method(`PUT`) || Method(`PATCH`)) - traefik.http.routers.tusd_secure.tls.options=mintls13@file #DARGSTACK-REMOVE diff --git a/src/production/production.env.template b/src/production/production.env.template index 6dffbd15..8ffc032b 100644 --- a/src/production/production.env.template +++ b/src/production/production.env.template @@ -1,3 +1,4 @@ +CLOUDFLARED_TUNNEL_TOKEN= SENTRY_CRONS= STACK_DOMAIN= TRAEFIK_ACME_EMAIL= diff --git a/src/production/production.yml b/src/production/production.yml index 4a05b26f..f9c937f4 100644 --- a/src/production/production.yml +++ b/src/production/production.yml @@ -23,6 +23,12 @@ services: labels: - (( append )) - traefik.http.routers.adminer_secure.tls.certresolver=default + cloudflared: + # You can configure the secure tunnel at [dash.cloudflare.com](https://dash.cloudflare.com/). + command: tunnel run + environment: + TUNNEL_TOKEN: ${CLOUDFLARED_TUNNEL_TOKEN} + image: cloudflare/cloudflared grafana: deploy: labels: @@ -43,6 +49,7 @@ services: deploy: labels: - (( append )) + - traefik.http.routers.maevsi.middlewares=maevsi_redirectregex - traefik.http.routers.maevsi_secure.tls.certresolver=default image: ghcr.io/maevsi/maevsi:4.9.3 user: (( prune )) @@ -52,7 +59,6 @@ services: labels: - traefik.enable=true - traefik.http.routers.maevsi_beta.entryPoints=web - - traefik.http.routers.maevsi_beta.middlewares=redirectscheme - traefik.http.routers.maevsi_beta.rule=Host(`beta.${STACK_DOMAIN}`) - traefik.http.routers.maevsi_beta_secure.entryPoints=web-secure - traefik.http.routers.maevsi_beta_secure.middlewares=maevsi_cors