After first pre-commit processing

author: Matthew Lemon <y@yulqen.org> 2024-05-13 17:26:25 +0100
committer: Matthew Lemon <y@yulqen.org> 2024-05-13 17:26:25 +0100
commit: efbbd480ddc62e695123d31c31d233b0df5155bd (patch)
tree: bc2fb465edd5050d83c97f280b1aac8e023fe3e5 /compose/production/traefik
2 files changed, 80 insertions, 0 deletions
diff --git a/compose/production/traefik/Dockerfile b/compose/production/traefik/Dockerfile
new file mode 100644
index 0000000..d54bf27
--- /dev/null
+++ b/compose/production/traefik/Dockerfile
@@ -0,0 +1,5 @@
+FROM docker.io/traefik:2.11.2
+RUN mkdir -p /etc/traefik/acme \
+  && touch /etc/traefik/acme/acme.json \
+  && chmod 600 /etc/traefik/acme/acme.json
+COPY ./compose/production/traefik/traefik.yml /etc/traefik
diff --git a/compose/production/traefik/traefik.yml b/compose/production/traefik/traefik.yml
new file mode 100644
index 0000000..4c274d1
--- /dev/null
+++ b/compose/production/traefik/traefik.yml
@@ -0,0 +1,75 @@
+log:
+  level: INFO
+
+entryPoints:
+  web:
+    # http
+    address: ':80'
+    http:
+      # https://doc.traefik.io/traefik/routing/entrypoints/#entrypoint
+      redirections:
+        entryPoint:
+          to: web-secure
+
+  web-secure:
+    # https
+    address: ':443'
+
+  flower:
+    address: ':5555'
+
+certificatesResolvers:
+  letsencrypt:
+    # https://doc.traefik.io/traefik/https/acme/#lets-encrypt
+    acme:
+      email: 'y@yulqen.org'
+      storage: /etc/traefik/acme/acme.json
+      # https://doc.traefik.io/traefik/https/acme/#httpchallenge
+      httpChallenge:
+        entryPoint: web
+
+http:
+  routers:
+    web-secure-router:
+      rule: 'Host(`resources.joannalemon.com`)'
+      entryPoints:
+        - web-secure
+      middlewares:
+        - csrf
+      service: django
+      tls:
+        # https://doc.traefik.io/traefik/routing/routers/#certresolver
+        certResolver: letsencrypt
+
+    flower-secure-router:
+      rule: 'Host(`resources.joannalemon.com`)'
+      entryPoints:
+        - flower
+      service: flower
+      tls:
+        # https://doc.traefik.io/traefik/master/routing/routers/#certresolver
+        certResolver: letsencrypt
+
+  middlewares:
+    csrf:
+      # https://doc.traefik.io/traefik/master/middlewares/http/headers/#hostsproxyheaders
+      # https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
+      headers:
+        hostsProxyHeaders: ['X-CSRFToken']
+
+  services:
+    django:
+      loadBalancer:
+        servers:
+          - url: http://django:5000
+
+    flower:
+      loadBalancer:
+        servers:
+          - url: http://flower:5555
+
+providers:
+  # https://doc.traefik.io/traefik/master/providers/file/
+  file:
+    filename: /etc/traefik/traefik.yml
+    watch: true
author	Matthew Lemon <y@yulqen.org>	2024-05-13 17:26:25 +0100
committer	Matthew Lemon <y@yulqen.org>	2024-05-13 17:26:25 +0100
commit	efbbd480ddc62e695123d31c31d233b0df5155bd (patch)
tree	bc2fb465edd5050d83c97f280b1aac8e023fe3e5 /compose/production/traefik