nt_web_template/full-stack-fastapi-template
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Upgrade Traefik to version 2 (#199)

Browse Source 
* 🔧 Add STACK_NAME to .env for Traefik labels

*  Upgrade Docker Compose to use Traefik v2

*  Enable Traefik v2 in Docker Compose override for local development

* 🐛 Use internal HTTPS redirect in case the deployment is not through DockerSwarm.rocks
This commit is contained in:
Sebastián Ramírez
2020-05-24 23:35:49 +02:00
committed by GitHub
parent bdc40a17f6
commit e4c668d7cd
3 changed files with 106 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
{{cookiecutter.project_slug}}/.env
View File

@@ -3,6 +3,8 @@ DOMAIN=localhost
# DOMAIN=localhost.tiangolo.com # DOMAIN=localhost.tiangolo.com
# DOMAIN=dev.{{cookiecutter.domain_main}} # DOMAIN=dev.{{cookiecutter.domain_main}}
STACK_NAME={{cookiecutter.docker_swarm_stack_name_main}}
TRAEFIK_PUBLIC_NETWORK=traefik-public TRAEFIK_PUBLIC_NETWORK=traefik-public
TRAEFIK_TAG={{cookiecutter.traefik_constraint_tag}} TRAEFIK_TAG={{cookiecutter.traefik_constraint_tag}}
TRAEFIK_PUBLIC_TAG={{cookiecutter.traefik_public_constraint_tag}} TRAEFIK_PUBLIC_TAG={{cookiecutter.traefik_public_constraint_tag}}

41
{{cookiecutter.project_slug}}/docker-compose.override.yml
View File

@@ -5,17 +5,28 @@ services:
ports: ports:
- "80:80" - "80:80"
- "8090:8080" - "8090:8080"
command: --docker \ command:
--docker.watch \ # Enable Docker in Traefik, so that it reads labels from Docker services
--docker.exposedbydefault=false \ - --providers.docker
--constraints=tag==${TRAEFIK_TAG} \ # Add a constraint to only use services with the label for this stack
--logLevel=DEBUG \ # from the env var TRAEFIK_TAG
--accessLog \ - --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG}`)
--web # Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Disable Docker Swarm mode for local development
# - --providers.docker.swarmmode
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
# Enable the Dashboard and API in insecure mode for local development
- --api.insecure=true
labels: labels:
- traefik.frontend.rule=Host:${DOMAIN}
- traefik.enable=true - traefik.enable=true
- traefik.port=80 - traefik.http.routers.${STACK_NAME}-traefik-public-http.rule=Host(`${DOMAIN}`)
- traefik.http.services.${STACK_NAME}-traefik-public.loadbalancer.server.port=80
pgadmin: pgadmin:
ports: ports:
@@ -42,10 +53,10 @@ services:
# command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing # command: bash -c "while true; do sleep 1; done" # Infinite loop to keep container live doing nothing
command: /start-reload.sh command: /start-reload.sh
labels: labels:
- traefik.frontend.rule=PathPrefix:/api,/docs,/redoc
- traefik.enable=true - traefik.enable=true
- traefik.port=80 - traefik.constraint-label-stack=${TRAEFIK_TAG}
- traefik.tags=${TRAEFIK_TAG} - traefik.http.routers.${STACK_NAME}-backend-http.rule=PathPrefix(`/api`) || PathPrefix(`/docs`) || PathPrefix(`/redoc`)
- traefik.http.services.${STACK_NAME}-backend.loadbalancer.server.port=80
celeryworker: celeryworker:
volumes: volumes:
@@ -67,10 +78,10 @@ services:
args: args:
FRONTEND_ENV: dev FRONTEND_ENV: dev
labels: labels:
- traefik.frontend.rule=PathPrefix:/
- traefik.enable=true - traefik.enable=true
- traefik.port=80 - traefik.constraint-label-stack=${TRAEFIK_TAG}
- traefik.tags=${TRAEFIK_TAG} - traefik.http.routers.${STACK_NAME}-frontend-http.rule=PathPrefix(`/`)
- traefik.http.services.${STACK_NAME}-frontend.loadbalancer.server.port=80
networks: networks:
traefik-public: traefik-public:

118
{{cookiecutter.project_slug}}/docker-compose.yml
View File

@@ -2,43 +2,71 @@ version: "3.3"
services: services:
proxy: proxy:
image: traefik:v1.7 image: traefik:v2.2
networks: networks:
- ${TRAEFIK_PUBLIC_NETWORK} - ${TRAEFIK_PUBLIC_NETWORK}
- default - default
volumes: volumes:
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
command: --docker \ command:
--docker.swarmmode \ # Enable Docker in Traefik, so that it reads labels from Docker services
--docker.watch \ - --providers.docker
--docker.exposedbydefault=false \ # Add a constraint to only use services with the label for this stack
--constraints=tag==${TRAEFIK_TAG} \ # from the env var TRAEFIK_TAG
--logLevel=INFO \ - --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `${TRAEFIK_TAG}`)
--accessLog \ # Do not expose all Docker services, only the ones explicitly exposed
--web - --providers.docker.exposedbydefault=false
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Enable the Dashboard and API
- --api
deploy: deploy:
placement: placement:
constraints: constraints:
- node.role == manager - node.role == manager
labels: labels:
# For the configured domain # Enable Traefik for this service, to make it available in the public network
- traefik.frontend.rule=Host:${DOMAIN}
# For a domain with and without 'www'
# Comment the previous line above and un-comment the line below
# - "traefik.frontend.rule=Host:www.${DOMAIN},${DOMAIN}"
- traefik.enable=true - traefik.enable=true
- traefik.port=80 # Use the traefik-public network (declared below)
- traefik.tags=${TRAEFIK_PUBLIC_TAG}
- traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK} - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK}
- traefik.frontend.entryPoints=http,https # Use the custom label "traefik.constraint-label=traefik-public"
- traefik.frontend.redirect.entryPoint=https # This public Traefik will only use services with this label
# Uncomment the config line below to detect and redirect www to non-www (or the contrary) - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG}
# The lines above for traefik.frontend.rule are needed too # traefik-http set up only to use the middleware to redirect to https
# - "traefik.frontend.redirect.regex=^https?://(www.)?(${DOMAIN})/(.*)" - traefik.http.middlewares.${STACK_NAME}-https-redirect.redirectscheme.scheme=https
# To redirect from non-www to www un-comment the line below - traefik.http.middlewares.${STACK_NAME}-https-redirect.redirectscheme.permanent=true
# - "traefik.frontend.redirect.replacement=https://www.${DOMAIN}/$$3" # Handle host with and without "www" to redirect to only one of them
# To redirect from www to non-www un-comment the line below # Uses environment variable DOMAIN
# - "traefik.frontend.redirect.replacement=https://${DOMAIN}/$$3" # To disable www redirection remove the Host() you want to discard, here and
# below for HTTPS
- traefik.http.routers.${STACK_NAME}-proxy-http.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`)
- traefik.http.routers.${STACK_NAME}-proxy-http.entrypoints=http
# traefik-https the actual router using HTTPS
- traefik.http.routers.${STACK_NAME}-proxy-https.rule=Host(`${DOMAIN}`) || Host(`www.${DOMAIN}`)
- traefik.http.routers.${STACK_NAME}-proxy-https.entrypoints=https
- traefik.http.routers.${STACK_NAME}-proxy-https.tls=true
# Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.${STACK_NAME}-proxy-https.tls.certresolver=le
# Define the port inside of the Docker service to use
- traefik.http.services.${STACK_NAME}-proxy.loadbalancer.server.port=80
# Handle domain with and without "www" to redirect to only one
# To disable www redirection remove the next line
- traefik.http.middlewares.${STACK_NAME}-www-redirect.redirectregex.regex=^https?://(www.)?(${DOMAIN})/(.*)
# Redirect a domain with www to non-www
# To disable it remove the next line
- traefik.http.middlewares.${STACK_NAME}-www-redirect.redirectregex.replacement=https://${DOMAIN}/$${3}
# Redirect a domain without www to www
# To enable it remove the previous line and uncomment the next
# - traefik.http.middlewares.${STACK_NAME}-www-redirect.redirectregex.replacement=https://www.${DOMAIN}/$${3}
# Middleware to redirect www, to disable it remove the next line
- traefik.http.routers.${STACK_NAME}-proxy-https.middlewares=${STACK_NAME}-www-redirect
# Middleware to redirect www, and redirect HTTP to HTTPS
# to disable www redirection remove the section: ${STACK_NAME}-www-redirect,
- traefik.http.routers.${STACK_NAME}-proxy-http.middlewares=${STACK_NAME}-www-redirect,${STACK_NAME}-https-redirect
db: db:
image: postgres:12 image: postgres:12
@@ -64,13 +92,17 @@ services:
- .env - .env
deploy: deploy:
labels: labels:
- traefik.frontend.rule=Host:pgadmin.${DOMAIN}
- traefik.enable=true - traefik.enable=true
- traefik.port=5050
- traefik.tags=${TRAEFIK_PUBLIC_TAG}
- traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK} - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK}
- traefik.frontend.entryPoints=http,https - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG}
- traefik.frontend.redirect.entryPoint=https - traefik.http.routers.${STACK_NAME}-pgadmin-http.rule=Host(`pgadmin.${DOMAIN}`)
- traefik.http.routers.${STACK_NAME}-pgadmin-http.entrypoints=http
- traefik.http.routers.${STACK_NAME}-pgadmin-http.middlewares=${STACK_NAME}-https-redirect
- traefik.http.routers.${STACK_NAME}-pgadmin-https.rule=Host(`pgadmin.${DOMAIN}`)
- traefik.http.routers.${STACK_NAME}-pgadmin-https.entrypoints=https
- traefik.http.routers.${STACK_NAME}-pgadmin-https.tls=true
- traefik.http.routers.${STACK_NAME}-pgadmin-https.tls.certresolver=le
- traefik.http.services.${STACK_NAME}-pgadmin.loadbalancer.server.port=5050
queue: queue:
image: rabbitmq:3 image: rabbitmq:3
@@ -93,13 +125,17 @@ services:
# - "--broker_api=http://guest:guest@queue:15672/api//" # - "--broker_api=http://guest:guest@queue:15672/api//"
deploy: deploy:
labels: labels:
- traefik.frontend.rule=Host:flower.${DOMAIN}
- traefik.enable=true - traefik.enable=true
- traefik.port=5555
- traefik.tags=${TRAEFIK_PUBLIC_TAG}
- traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK} - traefik.docker.network=${TRAEFIK_PUBLIC_NETWORK}
- traefik.frontend.entryPoints=http,https - traefik.constraint-label=${TRAEFIK_PUBLIC_TAG}
- traefik.frontend.redirect.entryPoint=https - traefik.http.routers.${STACK_NAME}-flower-http.rule=Host(`flower.${DOMAIN}`)
- traefik.http.routers.${STACK_NAME}-flower-http.entrypoints=http
- traefik.http.routers.${STACK_NAME}-flower-http.middlewares=${STACK_NAME}-https-redirect
- traefik.http.routers.${STACK_NAME}-flower-https.rule=Host(`flower.${DOMAIN}`)
- traefik.http.routers.${STACK_NAME}-flower-https.entrypoints=https
- traefik.http.routers.${STACK_NAME}-flower-https.tls=true
- traefik.http.routers.${STACK_NAME}-flower-https.tls.certresolver=le
- traefik.http.services.${STACK_NAME}-flower.loadbalancer.server.port=5555
backend: backend:
image: '${DOCKER_IMAGE_BACKEND}:${TAG-latest}' image: '${DOCKER_IMAGE_BACKEND}:${TAG-latest}'
@@ -119,10 +155,10 @@ services:
INSTALL_DEV: ${INSTALL_DEV-false} INSTALL_DEV: ${INSTALL_DEV-false}
deploy: deploy:
labels: labels:
- traefik.frontend.rule=PathPrefix:/api,/docs,/redoc
- traefik.enable=true - traefik.enable=true
- traefik.port=80 - traefik.constraint-label-stack=${TRAEFIK_TAG}
- traefik.tags=${TRAEFIK_TAG} - traefik.http.routers.${STACK_NAME}-backend-http.rule=PathPrefix(`/api`) || PathPrefix(`/docs`) || PathPrefix(`/redoc`)
- traefik.http.services.${STACK_NAME}-backend.loadbalancer.server.port=80
celeryworker: celeryworker:
image: '${DOCKER_IMAGE_CELERYWORKER}:${TAG-latest}' image: '${DOCKER_IMAGE_CELERYWORKER}:${TAG-latest}'
@@ -150,10 +186,10 @@ services:
FRONTEND_ENV: ${FRONTEND_ENV-production} FRONTEND_ENV: ${FRONTEND_ENV-production}
deploy: deploy:
labels: labels:
- traefik.frontend.rule=PathPrefix:/
- traefik.enable=true - traefik.enable=true
- traefik.port=80 - traefik.constraint-label-stack=${TRAEFIK_TAG}
- traefik.tags=${TRAEFIK_TAG} - traefik.http.routers.${STACK_NAME}-frontend-http.rule=PathPrefix(`/`)
- traefik.http.services.${STACK_NAME}-frontend.loadbalancer.server.port=80
volumes: volumes:
app-db-data: app-db-data: