pascalandy
diff --git a/‎traefik_stack6/README-tmp.md‎
Lines changed: 48 additions & 0 deletions b/‎traefik_stack6/README-tmp.md‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎traefik_stack6/README.md‎
Lines changed: 172 additions & 1 deletion b/‎traefik_stack6/README.md‎
Lines changed: 172 additions & 1 deletion
diff --git a/‎traefik_stack6/REFERENCES.md‎
Lines changed: 0 additions & 1 deletion b/‎traefik_stack6/REFERENCES.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎traefik_stack6/dynamic_conf.yml‎
Lines changed: 59 additions & 0 deletions b/‎traefik_stack6/dynamic_conf.yml‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎traefik_stack6/htdocs/index.html‎
Lines changed: 14 additions & 0 deletions b/‎traefik_stack6/htdocs/index.html‎
Lines changed: 14 additions & 0 deletions
@@ -0,0 +1,48 @@
+wip
+
+
+
+
+### List routers
+
+```
+curl -s --user myuser:changemeplease http://localhost:8080/api/http/routers | jq
+```
+
+### webapps
+
+add an old Apache httpd
+
+
+### basic auth
+
+Execute:
+
+```
+USER=myuser
+PW=changemeplease
+
+docker run ctr.run/github.com/firepress-org/alpine:master \
+  sh -c "htpasswd -nbB ${USER} ${PW}" | sed -e 's/\$/\$\$/g'
+```
+
+Will output:
+
+```
+myuser:$$2y$$05$$jxN.6f/TMXWaf1ftsC9u2O4il1vPd5CHGW9Mi7kc3u30fpHYs57Ni
+```
+
+We use **sed** in order to duplicate the $ sign. Else, bash would interpret single $ as a variable.
+  
+### Generate acme.json
+
+```bash
+mkdir -pv ./configs && \
+touch ./configs/acme.json && \
+chmod 600 acme.json;
+```
+
+### Sources
+
+- https://moritzvd.com/upgrade-traefik-2/
+- https://containo.us/blog/traefik-2-0-docker-101-fc2893944b9d/
@@ -1 +1,172 @@
-wip
+## What is this?
+
+Using a **one-liner**, this docker stack will run many services (Traefik (with auth), Socat, Portainer, Nginx, Caddy, Whoami) in a straightforward copy-paste command.
+
+You may also refer the [README](https://github.com/pascalandy/docker-stack-this/blob/master/README.md) at the root of this repo.
+
+## Start here
+1. Go to http://labs.play-with-docker.com/ 
+2. Create **one** instance
+3. Copy-paste this one-liner:
+
+#### Stable setup (recommended)
+
+```
+ENV_BRANCH="master"
+ENV_MONOREPO="traefik_stack5"
+
+# On play-with-docker, install common apps
+apk update && apk upgrade && apk add --no-cache               \
+    nano bash git curl wget unzip openssl tar ca-certificates && \
+rm -rf /var/cache/apk/* /tmp*                                 && \
+docker swarm init --advertise-addr $(hostname -i)             && \
+git clone https://github.com/pascalandy/docker-stack-this.git && \
+cd docker-stack-this                                          && \
+git checkout ${ENV_BRANCH}                                    && \
+cd ${ENV_MONOREPO}                                            && \
+./runup.sh;
+```
+
+#### Edge setup (NOT recommended)
+
+```
+ENV_BRANCH="edge"
+ENV_MONOREPO="traefik_stack6"
+
+# On play-with-docker, install common apps
+apk update && apk upgrade && apk add --no-cache               \
+    nano bash git curl wget unzip openssl tar ca-certificates && \
+rm -rf /var/cache/apk/* /tmp*                                 && \
+docker swarm init --advertise-addr $(hostname -i)             && \
+git clone https://github.com/pascalandy/docker-stack-this.git && \
+cd docker-stack-this                                          && \
+git checkout ${ENV_BRANCH}                                    && \
+cd ${ENV_MONOREPO}                                            && \
+./runup.sh;
+```
+
+These scripts will do the hard of deploying the stacks for us.
+
+#### example
+
+![2019-08-01_16h56](https://user-images.githubusercontent.com/6694151/62326965-5ca8f880-b47d-11e9-9416-2139d514fc64.gif)
+
+## See your stacks
+
+```
+$ docker stack ls
+
+NAME                SERVICES            ORCHESTRATOR
+toolgui             2                   Swarm
+toolproxy           2                   Swarm
+toolwebapp          4                   Swarm
+```
+
+
+## See your services
+
+```
+$ docker service ls
+
+ID                  NAME                MODE                REPLICAS            IMAGE                   PORTS
+xjdsq3gxd59y        toolgui_agent       global              1/1                 portainer/agent:latest
+0h375hmmnelo        toolgui_portainer   replicated          1/1                 portainer/portainer:latest
+xim07ahqctsp        toolproxy_socat     replicated          1/1                 devmtl/socatproxy:1.2
+y249kaecel8e        toolproxy_traefik   replicated          1/1                 traefik:1.7.12          *:80->80/tcp, *:443->443/tcp, *:8080->8080/tcp
+s0061fdhvv6o        toolwebapp_home     replicated          1/1                 abiosoft/caddy:1.0.1-no-stats
+ocpk5l6yg2gt        toolwebapp_who1     replicated          1/1                 nginx:1.15-alpine
+raq5czrlhrmb        toolwebapp_who2     replicated          1/1                 emilevauge/whoami:latest
+66b1rduru5k9        toolwebapp_who3     replicated          1/1                 emilevauge/whoami:latest
+```
+
+## Confirm that your services (containers) are running
+
+1. When you see that all services are deployed, click on `80` to see the static landing page.
+2. From the same URL generated by play-with-docker, in the address bar of your browser, add `/who1` or `/who2` or `/who3` or `/portainer` to access other services.
+
+
+#### Full URL example
+
+```
+http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/
+http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/who1
+http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/who2
+http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/who3
+http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/portainer
+```
+
+The container for the first URL is named `home`.
+
+
+#### Web apps details:
+- **/** = [caddy](https://github.com/pascalandy/caddy-securityheader)
+- **/who1** = [caddy](https://github.com/pascalandy/caddy-securityheader)
+- **/who2** = [whoami](https://hub.docker.com/r/emilevauge/whoami/)
+- **/portainer** = [portainer](https://hub.docker.com/r/portainer/portainer/)
+
+For /who1 and /who2 you will see the container's Ids (5fe91baf7a3a & 78a0c7287df1) in this example
+
+```
+$ docker ps | grep whoami
+5fe91baf7a3a        emilevauge/whoami:latest         "/whoamI"                About a minute ago   Up About a minute   80/tcp                      toolwebapp_who3.1.9zk09prm85gnl0ieuuncynhxh
+78a0c7287df1        emilevauge/whoami:latest         "/whoamI"                About a minute ago   Up About a minute   80/tcp                      toolwebapp_who2.1.wj7vf83ag91ft7jgdy3gwejp4
+```
+
+
+## How to access Traefik
+
+![traefik](https://user-images.githubusercontent.com/6694151/50121682-86334d80-0227-11e9-8f25-93dd8714d306.jpg)
+
+
+#### Traefik password
+
+**user**: admin / **pass**: changethispass
+
+This password is encrypted in our configs `.configs/traefik.toml`
+
+To quickly generate yours with htpasswd, use my container:
+
+```
+docker run --rm -it devmtl/alpinefire:3.8-D sh -c 'htpasswd -Bbn admin changethispass'  
+``` 
+
+This will display:
+
+``` 
+admin:$2y$05$pAfipn3.brdHMI2eWGnYH.84XYqLozp1sUPi36/l54UAwv.zGLtNC
+```
+
+Insert this string in your `.configs/traefik.toml`.
+
+#### What is Traefik?
+
+[Traefik](https://docs.traefik.io/configuration/backends/docker/) is a powerful layer 7 reverse proxy. Once running, the proxy will give you access to many web apps. I think this is a substantial use case to understand how this reverse-proxy works.
+
+#### Traefik version 
+
+In `toolproxy.yml` look for something like `traefik:1.7.19`.
+
+#### Other stuff to know?
+
+- This stack does not use ACME (https://). ACME is a pain while developing … reaching limits, etc.
+- If you don’t want to use socat, check out the monorepo `traefik-manager-noacme`
+
+## Screenshots
+
+![docker-stack-this-stack5_11](https://user-images.githubusercontent.com/6694151/34073735-76c60ae2-e26e-11e7-85a1-755a7177b3f2.jpg)
+![docker-stack-this-stack5_12](https://user-images.githubusercontent.com/6694151/34073736-76d461c8-e26e-11e7-9aea-c8dbc049a383.jpg)
+![docker-stack-this-stack5_13](https://user-images.githubusercontent.com/6694151/34073737-76e1d998-e26e-11e7-8b7c-c619e91adadd.jpg)
+![docker-stack-this-stack5_14](https://user-images.githubusercontent.com/6694151/34073738-76f163ae-e26e-11e7-86d7-27ea62ae3284.jpg)
+![docker-stack-this-stack5_15](https://user-images.githubusercontent.com/6694151/34073739-77006d4a-e26e-11e7-8f2e-cbd4268ea403.jpg)
+![docker-stack-this-stack5_16](https://user-images.githubusercontent.com/6694151/49540846-158f4700-f89f-11e8-8e14-ceca2ff2b910.jpg)
+
+![docker-stack-this-stack5_17](https://user-images.githubusercontent.com/6694151/49540848-1922ce00-f89f-11e8-9fdc-b6fce70825c8.jpg)
+
+## All commands
+In the active path, just execute those bash-scripts:
+
+- `./runup.sh`
+- `./rundown.sh`
+
+**Bonus!** `./runctop.sh` is not a stack but a simple `docker run` to see the memory consumed by each container.
+
@@ -0,0 +1,59 @@
+# dynamic configurations
+# traefik will update them on the fly
+
+http:
+  routers:
+    my-api:
+      entryPoints:
+      # Expose on :8080 aka 'dashboard'
+        - dashboard
+      # Activate this Router if Client asks for '/dashboard' or '/api'
+      rule: "PathPrefix(`/dashboard`) || PathPrefix(`/api`)"
+      # Expose the API
+      service: api@internal
+      # Use basic auth Middleware define below 
+      middlewares:
+        - dashboard-auth
+
+    my-secure-api:
+      entryPoints:
+      # Expose via https
+        - https
+      # Activate this Router if Client requests specific subdomain and '/dashboard' or '/api'
+      rule: "Host(`dashboard.traefik.moritzvd.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+      service: api@internal
+      middlewares:
+        - dashboard-auth
+      tls:
+        # Use ACME HTTP Challgen defined in 'traefik.yml' to get valid cert
+        certResolver: myhttpchallenge
+
+    # Catch all global Router for redirects
+    https-redirect:
+      entryPoints:
+        - http
+      # Activate this Router on any Host requested
+      rule: "hostregexp(`{host:.+}`)"
+      # A service definition is mandatory that's why we use a dummy service define at the bottom
+      service: dummy
+      middlewares:
+        - redirect-to-https
+
+  middlewares:
+    dashboard-auth:
+      basicAuth:
+        users:
+          # see README.md
+          - "myuser:$$2y$$05$$jxN.6f/TMXWaf1ftsC9u2O4il1vPd5CHGW9Mi7kc3u30fpHYs57Ni"
+      
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
+
+  services:
+    # required as we defined entryPoints:http
+    dummy:
+      loadBalancer:
+        servers:
+          - url: localhost
@@ -0,0 +1,14 @@
+<!doctype html>
+<html lang=en>
+
+<head>
+    <meta charset=utf-8>
+    <title>Hello from httpd</title>
+</head>
+
+<body>
+    <h1>Hello from Apache served via a traefik reverse proxy</h1>
+    <p><img src="https://www.apache.org/foundation/press/kit/APACHE_20th_anniversary.png" width="200" alt="Apache Logo"> <img src="https://raw.githubusercontent.com/docker-library/docs/a6cc2c5f4bc6658168f2a0abbb0307acaefff80e/traefik/logo.png" width="200" alt="Traefik Logo"></p>
+</body>
+    
+</html>