forked from github.com/pypiserver
Updated Docker Compose example with HTTPS configuration using Traefik (#295)
This commit is contained in:
parent
c932451cd5
commit
6589170cfb
|
@ -786,6 +786,12 @@ Please see `nginx's HTTPS docs for more details <http://nginx.org/en/docs/http/c
|
|||
Getting and keeping your certificates up-to-date can be simplified using,
|
||||
for example, using `certbot and letsencrypt <https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04>`_.
|
||||
|
||||
Traefik
|
||||
~~~~~~~
|
||||
|
||||
It is also possible to use `Traefik <https://docs.traefik.io/>`_ to put pypiserver behind HTTPS on port 443, with
|
||||
automatic HTTP redirection using Docker Compose. Please see the provided `<docker-compose.yml>`_ example for more information.
|
||||
|
||||
Utilizing the API
|
||||
-----------------
|
||||
|
||||
|
|
|
@ -71,3 +71,79 @@ services:
|
|||
target: /data/packages
|
||||
ports:
|
||||
- "8082:8080"
|
||||
|
||||
# ##############################################################################
|
||||
# Authenticated and serve local packages via HTTPS using Traefik
|
||||
# ##############################################################################
|
||||
# This one combines the two configurations above and uses Traefik for HTTPS and
|
||||
# with automatic HTTP redirect.
|
||||
# Remember to change "your.domain.com" and "your@email.com" with your domain
|
||||
# and email address respectively.
|
||||
#
|
||||
# The pypiserver will be available at: https://your.domain.com
|
||||
# The Traefik dashboard will be available at: https://your.domain.com/dashboard/
|
||||
#
|
||||
# A Traefik user can be added using the htpasswd tool:
|
||||
# htpasswd -sc traefik/usersfile username
|
||||
# ##############################################################################
|
||||
|
||||
pypiserver-https:
|
||||
image: pypiserver/pypiserver:latest
|
||||
volumes:
|
||||
- type: bind
|
||||
source: ./auth
|
||||
target: /data/auth
|
||||
- type: bind
|
||||
source: ./packages
|
||||
target: /data/packages
|
||||
command: -P /data/auth/.htpasswd -a update,download,list /data/packages
|
||||
labels:
|
||||
# Expose container to Traefik
|
||||
- "traefik.enable=true"
|
||||
|
||||
# Configure the route
|
||||
- "traefik.http.routers.flask.rule=Host(`your.domain.com`)"
|
||||
# - "traefik.http.routers.flask.rule=Host(`pypi.docker.localhost`)"
|
||||
- "traefik.http.routers.flask.entrypoints=websecure"
|
||||
- "traefik.http.routers.flask.tls=true"
|
||||
- "traefik.http.routers.flask.tls.certresolver=leresolver"
|
||||
traefik:
|
||||
image: traefik:v2.1
|
||||
volumes:
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
- "./traefik:/etc/traefik:ro"
|
||||
- "./traefik/acme:/etc/traefik/acme"
|
||||
command:
|
||||
- "--entrypoints.web.address=:80"
|
||||
- "--entrypoints.websecure.address=:443"
|
||||
- "--providers.docker=true"
|
||||
- "--providers.docker.exposedbydefault=false"
|
||||
- "--api.dashboard=true"
|
||||
- "--certificatesresolvers.leresolver.acme.email=your@email.com"
|
||||
- "--certificatesresolvers.leresolver.acme.storage=/etc/traefik/acme/acme.json"
|
||||
- "--certificatesresolvers.leresolver.acme.httpChallenge=true"
|
||||
- "--certificatesresolvers.leresolver.acme.httpChallenge.entrypoint=web"
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
labels:
|
||||
# Expose container to Traefik
|
||||
- "traefik.enable=true"
|
||||
|
||||
# Dashboard
|
||||
- "traefik.http.routers.traefik.rule=Host(`your.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||
# - "traefik.http.routers.traefik.rule=Host(`traefik.docker.localhost`)"
|
||||
- "traefik.http.routers.traefik.entrypoints=websecure"
|
||||
- "traefik.http.routers.traefik.tls=true"
|
||||
- "traefik.http.routers.traefik.tls.certresolver=leresolver"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.routers.traefik.middlewares=authtraefik"
|
||||
- "traefik.http.middlewares.authtraefik.basicauth.usersfile=/etc/traefik/usersfile"
|
||||
|
||||
# Global redirect to HTTPS
|
||||
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
|
||||
- "traefik.http.routers.http-catchall.entrypoints=web"
|
||||
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
||||
|
||||
# Middleware redirect
|
||||
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
||||
|
|
Loading…
Reference in New Issue