diff --git a/.env.example b/.env.example new file mode 100644 index 00000000..eeac1fc8 --- /dev/null +++ b/.env.example @@ -0,0 +1,2 @@ +AEOLUS_DOCKER_TAG=nightly +AEOLUS_HOST=aeolus-test.artemis.cit.tum.de \ No newline at end of file diff --git a/.github/workflows/deploy-production.yml b/.github/workflows/deploy-production.yml new file mode 100644 index 00000000..f8667166 --- /dev/null +++ b/.github/workflows/deploy-production.yml @@ -0,0 +1,23 @@ +name: Deploy to Aeolus Production + +on: + workflow_dispatch: + inputs: + docker-tag: + description: 'Docker tag to deploy (e.g. 1.0.0 or latest, default: latest)' + required: true + default: 'latest' + branch-name: + description: 'Branch name to deploy (default: develop)' + required: true + default: 'develop' + +jobs: + deploy: + uses: ./.github/workflows/deploy.yaml + with: + docker-tag: latest + branch-name: develop + environment-name: Aeolus Production + environment-url: https://aeolus.artemis.cit.tum.de + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/deploy-test.yaml b/.github/workflows/deploy-test.yaml new file mode 100644 index 00000000..cfdacad7 --- /dev/null +++ b/.github/workflows/deploy-test.yaml @@ -0,0 +1,172 @@ +name: Deploy to Aeolus Test + +on: + pull_request: + types: [labeled] + +jobs: + # Get an up-to-date version of the label list. github.event.pull_request.labels seems to sometimes be outdated + # if the run was waiting for a while, which can cause duplicate deployments + get-labels: + runs-on: ubuntu-latest + outputs: + labels: ${{ steps.get-labels.outputs.result }} + steps: + - name: Get PR labels + id: get-labels + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const response = await github.rest.issues.listLabelsOnIssue({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.issue.number + }) + const labels = response.data + return labels.map(label => label.name) + + + # Check that the build job has run successfully before deploying + check-build-status: + needs: [ get-labels ] + runs-on: ubuntu-latest + # Only run workflow if the added label is a deploy label + if: contains(needs.get-labels.outputs.labels, 'deploy:aeolus-test') + steps: + - name: Get latest successful build for branch + id: check_build + uses: octokit/request-action@v2.x + with: + route: GET /repos/${{ github.repository }}/actions/workflows/build.yaml/runs?event=pull_request&status=success&head_sha=${{ github.event.pull_request.head.sha }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + # Remove deployment-error label if new run is started + - uses: actions-ecosystem/action-remove-labels@v1 + if: fromJSON(steps.check_build.outputs.data).total_count > 0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + labels: | + deployment-error + + # In case of invalid build status, remove deploy labels + - uses: actions-ecosystem/action-remove-labels@v1 + if: fromJSON(steps.check_build.outputs.data).total_count == 0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + labels: | + deploy:aeolus-test + + - name: Check if latest push had successful build + if: fromJSON(steps.check_build.outputs.data).total_count == 0 + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '### ❌ Unable to deploy to test server ❌\nThe docker build needs to run through before deploying.' + }) + core.setFailed('The build needs to run through first. Please wait for the build to finish and then try again.') + + # Compute the tag to use for the docker image + compute-tag: + needs: [ check-build-status ] + runs-on: ubuntu-latest + outputs: + tag: ${{ steps.compute-tag.outputs.result }} + steps: + - name: Compute Tag + uses: actions/github-script@v6 + id: compute-tag + with: + result-encoding: string + script: | + if (context.eventName === "pull_request") { + return "pr-" + context.issue.number; + } + if (context.eventName === "release") { + return "latest"; + } + if (context.eventName === "push") { + if (context.ref.startsWith("refs/tags/")) { + return context.ref.slice(10); + } + if (context.ref === "refs/heads/develop") { + return "develop"; + } + } + return "FALSE"; + + # Run pre-deployment steps + pre-deployment: + needs: [ compute-tag ] + runs-on: ubuntu-latest + steps: + - uses: actions-ecosystem/action-remove-labels@v1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + labels: | + deploy:aeolus-test + + - name: Check "lock:aeolus-test" label + uses: actions/github-script@v6 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const opts = github.rest.issues.listForRepo.endpoint.merge({ + owner: context.repo.owner, + repo: context.repo.repo, + labels: ['lock:aeolus-test'] + }) + const issues = await github.paginate(opts) + if (issues.length == 1 && (!context.issue || issues[0].number != context.issue.number)) { + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: `### ❌ Unable to deploy to test server ❌\Aeolus Testserver is already in use by PR #${issues[0].number}.` + }) + core.setFailed(`Aeolus Testserver is already in use by PR #${issues[0].number}.`); + } else if (issues.length > 1) { + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '### ❌ Unable to deploy to test server ❌\Aeolus Testserver is already in use by multiple PRs. Check PRs with label "lock:aeolus-test"!' + }) + core.setFailed('Aeolus Testserver is already in use by multiple PRs. Check PRs with label "lock:aeolus-test"!'); + } else if (context.issue && context.issue.number) { + await github.rest.issues.addLabels({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + labels: ['lock:aeolus-test'] + }) + } + + # Deploy to the test servers + deploy: + needs: [ compute-tag, pre-deployment ] + uses: ./.github/workflows/deploy.yaml + with: + docker-tag: ${{ needs.compute-tag.outputs.tag }} + branch-name: ${{ github.event.pull_request.head.ref }} + environment-name: aeolus test + environment-url: https://aeolus-test.artemis.cit.tum.de + secrets: inherit + + + # Check that the build job has run successfully otherwise add an error label + add-error-label: + needs: [ check-build-status, compute-tag, pre-deployment, deploy ] + runs-on: ubuntu-latest + if: ${{ failure() }} + steps: + - name: Add error label + uses: actions-ecosystem/action-add-labels@v1 + with: + labels: deployment-error \ No newline at end of file diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml new file mode 100644 index 00000000..60f6ec77 --- /dev/null +++ b/.github/workflows/deploy.yaml @@ -0,0 +1,72 @@ +name: Deploy + +on: + workflow_call: + inputs: + docker-tag: + required: true + type: string + branch-name: + required: true + type: string + environment-name: + required: true + type: string + environment-url: + required: true + type: string + secrets: + DEPLOYMENT_GATEWAY_SSH_KEY: + required: true + +concurrency: deploy + +env: + RAW_URL: https://raw.githubusercontent.com/${{ github.repository }}/${{ github.sha }} + + +jobs: + deploy: + runs-on: ubuntu-latest + + environment: + name: ${{ inputs.environment-name }} + url: ${{ inputs.environment-url }} + + env: + DOCKER_TAG: ${{ inputs.docker-tag }} + BRANCH_NAME: ${{ inputs.branch-name }} + DEPLOYMENT_USER: ${{ vars.DEPLOYMENT_USER }} + DEPLOYMENT_HOST: ${{ vars.DEPLOYMENT_HOST }} + DEPLOYMENT_DIRECTORY: ${{ vars.DEPLOYMENT_DIRECTORY }} + DEPLOYMENT_HOST_PUBLIC_KEYS: ${{ vars.DEPLOYMENT_HOST_PUBLIC_KEYS }} + GATEWAY_USER: ${{ vars.GATEWAY_USER }} + GATEWAY_HOST: ${{ vars.GATEWAY_HOST }} + GATEWAY_HOST_PUBLIC_KEY: ${{ vars.GATEWAY_HOST_PUBLIC_KEY }} + + steps: + # Download aeolus-deployment script from GH without cloning the Repository + - name: Fetch Aeolus Deployment CLI + run: | + wget ${{ env.RAW_URL }}/deployment/aeolus-deployment + chmod +x aeolus-deployment + + # Configure SSH Key + - name: Setup SSH Keys and known_hosts + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + GATEWAY_SSH_KEY: "${{ secrets.DEPLOYMENT_GATEWAY_SSH_KEY }}" + DEPLOYMENT_SSH_KEY: "${{ secrets.DEPLOYMENT_SSH_KEY }}" + run: | + mkdir -p ~/.ssh + ssh-agent -a $SSH_AUTH_SOCK > /dev/null + ssh-add - <<< $GATEWAY_SSH_KEY + ssh-add - <<< $DEPLOYMENT_SSH_KEY + cat - <<< $GATEWAY_HOST_PUBLIC_KEY >> ~/.ssh/known_hosts + cat - <<< $(sed 's/\\n/\n/g' <<< "$DEPLOYMENT_HOST_PUBLIC_KEYS") >> ~/.ssh/known_hosts + + - name: Deploy Aeolus with Docker + env: + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + run: | + ./aeolus-deployment docker-deploy "$DEPLOYMENT_USER@$DEPLOYMENT_HOST" -g "$GATEWAY_USER@$GATEWAY_HOST" -t $DOCKER_TAG -b $BRANCH_NAME -d $DEPLOYMENT_DIRECTORY -y \ No newline at end of file diff --git a/deployment/aeolus-deployment b/deployment/aeolus-deployment new file mode 100644 index 00000000..a60afd12 --- /dev/null +++ b/deployment/aeolus-deployment @@ -0,0 +1,223 @@ +#!/usr/bin/env bash + +######################################################################################################################## +# Script: aeolus-deployment # +# # +# Description: Provides a Wrapper to conveniently perform common operations on Aeolus Servers. # +# This assumes a standardized server configuration and properly configured SSH access. # +# Run aeolus-deployment -h for usage information. This script is originally from # +# https://github.com/ls1intum/Pyris and was adapted for the Aeolus project. # +# # +# Orig. Author: Timor Morrien # +# Orig. Email: timor.morrien@tum.de @hialus # +# Adapted by: Andreas Resch # +# # +######################################################################################################################## + + +# Function: Ask User for Confirmation, if -y flag is not used +# +# @param question +interactive=true +function user_confirmation { + if [ $interactive = true ]; then + echo $1 + read -p "Do you want to continue? [Y/n] " response + if [[ ! $response =~ ^([yY][eE][sS]|[yY])$ ]]; then + echo "Aborted." + exit 0 + fi + fi +} + +# Function: Perform Deployment to Server via Docker +# Expects the pyris-docker.sh script to be present on the remote server +# +# @param deployment host +# @param gateway host +# @param pr tag +# @param pr branch +# @param deployment directory +function docker_deploy { + local _deployment_host=$1 + local _gateway_host=$2 + local _pr_tag=$3 + local _pr_branch=$4 + local _deployment_directory=$5 + user_confirmation "About to start a deployment of PR $_pr_tag ($_pr_branch) on remote server $_deployment_host using gateway server $_gateway_host" + + ssh -J "$_gateway_host" -o "StrictHostKeyChecking=no" "$_deployment_host" << COMMAND +mkdir -p $_deployment_directory +cd $_deployment_directory +sudo /usr/bin/bash $_deployment_directory/pyris-docker.sh restart $3 $4 +COMMAND +} + +# Function: Check for -h Flag +# +# @param callback function to display help menu +# @param $@ +function extract_help_flag { + callback=$1; shift + + local OPTIND + while getopts ":h" opt; do + case ${opt} in + h ) + $callback + exit 0 + ;; + \? ) + printf 'Invalid Option: -%s\n\n' "${OPTARG}" 1>&2 + $callback + exit 1 + ;; + esac + done + shift $((OPTIND -1)) +} + +# Function: Print general usage information +function general_help { + cat << HELP +Usage: + ./$(basename $0) [options] + +Commands: + docker-deploy Deploy to remote Aeolus Server. + +General Options: + -h Show help. +HELP +} + +# Function: Print docker-deploy usage information +function docker_deploy_help { + cat << HELP +Usage: + ./$(basename $0) docker-deploy [options] + +Options: + [user@]hostname + -g Gateway [user@]hostname. + -t Docker tag that should be deployed. + -b GitHub branch that should be deployed. + -d Deployment directory + -y Automatic yes to prompts. Assume "yes" as answer to all prompts and run non-interactively. +HELP +} + +######################################################################################################################## +# Subcommand Menus # +######################################################################################################################## + + +# Function: Display Docker Deployment Subcommand Menu +# +# @param $@ +function docker_deploy_menu { + extract_help_flag docker_deploy_help "${@}" + + server=$1; shift + # Handle missing server + if [ -z "$server" ] + then + docker_deploy_help + exit 1 + fi + + local gateway='' + local tag='' + local branch='' + local directory='' + + local OPTIND + while getopts ":hyg:t:b:d:" opt; do + case ${opt} in + h ) + deploy_help + exit 0 + ;; + y ) + interactive=false + ;; + g ) + gateway=$OPTARG + ;; + t ) + tag=$OPTARG + ;; + b ) + branch=$OPTARG + ;; + d ) + directory=$OPTARG + ;; + \? ) + printf 'Invalid Option: -%s\n\n' "$OPTARG" 1>&2 + docker_deploy_help + exit 1 + ;; + esac + done + if [ $OPTIND -eq 1 ]; then + printf "Invalid Option: backup requires an argument\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + shift $((OPTIND -1)) + + if [ -z "${gateway}" ]; then + printf "Require gateway to perform deployment.\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + + if [ -z "${tag}" ]; then + printf "Require docker tag to perform deployment.\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + + if [ -z "${branch}" ]; then + printf "Require branch name to perform deployment.\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + + if [ -z "${directory}" ]; then + printf "Require deployment directory to perform deployment.\n\n" 1>&2 + docker_deploy_help + exit 1 + fi + + docker_deploy "$server" "$gateway" "$tag" "$branch" "$directory" +} + +######################################################################################################################## +# Main Menu # +######################################################################################################################## + + +# Parse options to the `aeolus-deplyoment.sh` command +extract_help_flag general_help "${@}" + +# read subcommand `aeolus-deplyoment.sh subcommand server` in variable and remove base command from argument list +subcommand=$1; shift + +# Handle empty subcommand +if [ -z "${subcommand}" ]; then + general_help + exit 1 +fi + +case "$subcommand" in + docker-deploy) + docker_deploy_menu "${@}" + ;; + *) + printf 'Invalid Command: %s\n\n' "${subcommand}" 1>&2 + general_help + exit 1 + ;; +esac \ No newline at end of file diff --git a/deployment/aeolus-docker b/deployment/aeolus-docker new file mode 100644 index 00000000..89302741 --- /dev/null +++ b/deployment/aeolus-docker @@ -0,0 +1,92 @@ +#!/usr/bin/env bash + +# Adapted from https://github.com/ls1intum/Pyris +# this script is used to start the Aeolus docker containers, and must be available on the deployment server + +PROJECT_DIR="/opt/aeolus/deployment" +COMPOSE_FILE="traefik/docker-compose.yml" +ENV_FILE="/opt/aeolus/docker.env" + +# Function: Print general usage information +function general_help { + cat << HELP +Usage: + ./$(basename "$0") [options] + +Commands: + start Start Aeolus + stop Stop the Aeolus api. + restart Restart Aeolus. + run Run any docker compose subcommand of your choice +HELP +} + +function start { + local pr_tag=$1 + local pr_branch=$2 + + echo "Starting aeolus with PR tag: $pr_tag and branch: $pr_branch" + rm -rf Pyris + git clone https://github.com/ls1intum/Aeolus.git -b "$pr_branch" Aeolus + sed -i "s/AEOLUS_DOCKER_TAG=.*/AEOLUS_DOCKER_TAG='$pr_tag'/g" $ENV_FILE + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" up -d --pull always --no-build +} + +function stop { + # TODO: In the future extract pr_tag and pr_branch from env + + echo "Stopping aeolus" + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" stop pyris-app +} + +function restart { + stop "$@" + start "$@" +} + +function aeolus_logs { + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" logs -f aeolus-api +} + +function all_logs { + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" logs -f +} + +function run_docker_compose_cmd { + docker compose --project-directory "$PROJECT_DIR" -f "$PROJECT_DIR/$COMPOSE_FILE" --env-file "$ENV_FILE" "$@" +} + +# read subcommand `aeolus-docker subcommand server` in variable and remove base command from argument list +subcommand=$1; shift + +# Handle empty subcommand +if [ -z "$subcommand" ]; then + general_help + exit 1 +fi + +case "$subcommand" in + start) + start "$@" + ;; + stop) + stop "$@" + ;; + restart) + restart "$@" + ;; + logs-aeolus) + aeolus_logs "$@" + ;; + logs) + all_logs "$@" + ;; + run) + run_docker_compose_cmd "$@" + ;; + *) + printf 'Invalid Command: %s\n\n' "$subcommand" 1>&2 + general_help + exit 1 + ;; +esac \ No newline at end of file diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml index a4ecd796..12451e14 100644 --- a/deployment/docker-compose.yml +++ b/deployment/docker-compose.yml @@ -1,51 +1,17 @@ services: playground: - container_name: aeolus-playground hostname: aeolus-playground - image: ghcr.io/ls1intum/aeolus/playground:nightly + image: ghcr.io/ls1intum/aeolus/playground:${AEOLUS_DOCKER_TAG:-latest} pull_policy: if_not_present restart: unless-stopped - labels: - - "traefik.enable=true" - - "traefik.http.routers.aeolus-playground.rule=(Host(``) && !PathPrefix(`/api`))" - - "traefik.http.routers.aeolus-playground.entrypoints=https" - - "traefik.http.routers.aeolus-playground.tls=true" - - "traefik.http.routers.aeolus-playground.tls.certResolver=leresolver" - - 'traefik.services.aeolus-playground.loadbalancer.passHostHeader=true' - networks: - - traefik api: - container_name: aeolus-api hostname: aeolus-api - image: ghcr.io/ls1intum/aeolus/api:nightly + image: ghcr.io/ls1intum/aeolus/api:${AEOLUS_DOCKER_TAG:-latest} pull_policy: if_not_present restart: unless-stopped - environment: - BAMBOO_GENERATOR_API_HOST: "http://aeolus-bamboo-api:8091" - labels: - - "traefik.enable=true" - - "traefik.http.routers.aeolus-api.rule=(Host(``) && PathPrefix(`/api`))" - - "traefik.http.routers.aeolus-api.entrypoints=https" - - "traefik.http.routers.aeolus-api.tls=true" - - "traefik.http.routers.aeolus-api.tls.certResolver=leresolver" - - 'traefik.services.aeolus-api.loadbalancer.passHostHeader=true' - - "traefik.http.middlewares.aeolus-api.stripprefix.prefixes=/api" - - 'traefik.http.routers.aeolus-api.middlewares=aeolus-api' - networks: - - traefik bamboo-api: - container_name: aeolus-bamboo-api hostname: aeolus-bamboo-api - image: ghcr.io/ls1intum/aeolus/bamboo-generator:nightly + image: ghcr.io/ls1intum/aeolus/bamboo-generator:${AEOLUS_DOCKER_TAG:-latest} command: "--api" pull_policy: if_not_present restart: unless-stopped - labels: - - "traefik.enable=false" - networks: - - traefik - - -networks: - traefik: - external: true \ No newline at end of file diff --git a/deployment/traefik/.gitignore b/deployment/traefik/.gitignore new file mode 100644 index 00000000..8d890664 --- /dev/null +++ b/deployment/traefik/.gitignore @@ -0,0 +1,2 @@ +acme.json +traefik.log \ No newline at end of file diff --git a/deployment/traefik/docker-compose.yml b/deployment/traefik/docker-compose.yml new file mode 100644 index 00000000..f70d7a7f --- /dev/null +++ b/deployment/traefik/docker-compose.yml @@ -0,0 +1,67 @@ +# ---------------------------------------------------------------------------------------------------------------------- +# Deployment with Traefik +# ---------------------------------------------------------------------------------------------------------------------- + +services: + playground: + extends: + file: ../docker-compose.yml + service: playground + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - 'traefik.http.routers.aeolus-playground.rule=(HostRegexp(`{host:.+}`) && !PathPrefix("/api"))' + - "traefik.http.routers.aeolus-playground.entrypoints=https" + - "traefik.http.routers.aeolus-playground.tls=true" + - "traefik.http.routers.aeolus-playground.tls.certResolver=leresolver" + - "traefik.services.aeolus-playground.loadbalancer.passHostHeader=true" + networks: + - traefik + api: + extends: + file: ../docker-compose.yml + service: api + environment: + BAMBOO_GENERATOR_API_HOST: "http://aeolus-bamboo-api:8091" + labels: + - "traefik.enable=true" + - "traefik.docker.network=traefik" + - 'traefik.http.routers.aeolus-api.rule=(HostRegexp(`{host:.+}`) && PathPrefix("/api"))' + - "traefik.http.routers.aeolus-api.entrypoints=https" + - "traefik.http.routers.aeolus-api.tls=true" + - "traefik.http.routers.aeolus-api.tls.certResolver=leresolver" + - 'traefik.services.aeolus-api.loadbalancer.passHostHeader=true' + - "traefik.http.middlewares.aeolus-api.stripprefix.prefixes=/api" + - "traefik.http.routers.aeolus-api.middlewares=aeolus-api" + networks: + - traefik + bamboo-api: + extends: + file: ../docker-compose.yml + service: bamboo-api + networks: + - traefik + traefik: + container_name: traefik + image: traefik:latest + restart: unless-stopped + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./traefik.yaml:/traefik.yaml + # Configuration for the file provider (needed for host networking and default TLS Options) + - ./traefik-provider.yaml:/traefik-provider.yaml + - ./acme.json:/acme.json + - ./traefik.log:/traefik.log + labels: + - 'traefik.enable=false' + - "traefik.docker.network=traefik" + networks: + - traefik + ports: + - 80:80/tcp + - 443:443/tcp + extra_hosts: + - "host.docker.internal:host-gateway" + +networks: + traefik: diff --git a/deployment/traefik/traefik-provider.yaml b/deployment/traefik/traefik-provider.yaml new file mode 100644 index 00000000..7fa0ccd0 --- /dev/null +++ b/deployment/traefik/traefik-provider.yaml @@ -0,0 +1,19 @@ +tls: + options: + default: + sniStrict: true + minVersion: VersionTLS12 + curvePreferences: + - secp521r1 + - secp384r1 + cipherSuites: + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + mintls13: + minVersion: VersionTLS13 diff --git a/deployment/traefik/traefik.yaml b/deployment/traefik/traefik.yaml new file mode 100644 index 00000000..1e452844 --- /dev/null +++ b/deployment/traefik/traefik.yaml @@ -0,0 +1,31 @@ +log: + level: DEBUG + filePath: /traefik.log +docker: + watch: true + exposedbydefault: false +providers: + docker: + endpoint: unix:///var/run/docker.sock + file: + filename: /traefik-provider.yaml +entryPoints: + http: + address: :80/tcp + http: + redirections: + entrypoint: + to: https + scheme: https + https: + address: :443/tcp + http: + tls: + certResolver: leresolver +certificatesResolvers: + leresolver: + acme: + email: letsencrypt@resch.io + storage: acme.json + tlsChallenge: {} +retry: {} \ No newline at end of file