secure traefik, in progress nextcloud

deploy.sh

@@ -0,0 +1 @@
+DOCKER_HOST="ssh://jason@10.10.20.197" docker stack deploy -c docker-compose.yml --prune home

docker-compose.yml

@@ -0,0 +1,98 @@
+version: "3.9"
+
+volumes:
+  traefik:
+  nextcloud:
+  db:
+        
+services:
+  reverse-proxy:
+    restart: always
+    # The official v2 Traefik docker image
+    image: traefik:v2.7
+    # Enables the web UI and tells Traefik to listen to docker //--api.insecure=true 
+    command: 
+     - "--api=true"
+     - "--api.dashboard=true"
+     - "--accesslog"
+     - "--log.level=DEBUG"
+     - "--providers.docker"
+     - "--providers.docker.endpoint=unix:///var/run/docker.sock"
+     - "--providers.docker.swarmMode=true"
+     - "--entrypoints.web.address=:80"
+     #- "--entrypoints.websecure.address=:443"
+     #- "--certificatesresolvers.letsencrypt.acme.email=jason@jasonplayne.com"
+     #- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/acme.json"
+     #- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
+     #- "--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock
+      - traefik:/etc/traefik
+    deploy:
+      mode: replicated
+      replicas: 1
+      endpoint_mode: vip
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.dashboard.rule=Host(`10.10.20.197`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+        - "traefik.http.routers.dashboard.service=api@internal"
+        - "traefik.http.routers.dashboard.entrypoints=web"
+        #- "traefik.http.routers.dashboard.middlewares=ipwhitelist"
+        #- "traefik.http.middlewares.dashboard.ipwhitelist.sourcerange=`127.0.0.1/32, 10.10.20.0/24`"
+        # Dummy service for Swarm port detection. The port can be any valid integer value.
+        - "traefik.http.services.dashboard-svc.loadbalancer.server.port=9999"
+    
+      placement:
+        constraints:
+          - node.role == manager
+      resources:
+        limits:
+          memory: 1G
+  
+  postgres:
+    image: postgres
+    restart: always
+    environment:
+      POSTGRES_USER: nextcloud
+      POSTGRES_PASSWORD: disgrace-quickstep-fleshy
+    volumes:
+      - db:/var/lib/postgresql/data
+    ports:
+     - "5432"
+    deploy:
+      labels:
+        - traefik.enable=false
+      mode: replicated
+      replicas: 1
+      resources:
+        limits:
+          memory: 2G
+  
+  nextcloud:
+    image: nextcloud:stable-apache
+    restart: always
+    ports:
+      - "8001:80"
+    labels:
+      - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`)
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.nextcloud.rule=Host(`cloud.playne.au`)
+        #- traefik.http.routers.nextcloud.tls=true
+        #- traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
+        #- traefik.http.routers.nextcloud.entrypoints=websecure
+        - traefik.http.routers.nextcloud.entrypoints=web
+        - traefik.http.services.nextcloud.loadbalancer.server.port=8001
+      resources:
+        limits:
+          memory: 2G
+