JulienAldon
1de2fe9ab4
Fix script environment variables Add Fefan configuration Fix gateway services file provisionning through ssh
62 lines
1.4 KiB
Bash
62 lines
1.4 KiB
Bash
#!/bin/bash
|
|
|
|
# DYNAMIC_CONFIG_LOCATION (path on vm)
|
|
# GATEWAY_REPOSITORY (path on gitea)
|
|
# TRAEFIK_USER
|
|
# TRAEFIK_BINARY
|
|
# TRAEFIK_VERSION
|
|
# TRAEFIK_CONF
|
|
|
|
source /opt/environment/.env
|
|
|
|
if ! id -u $TRAEFIK_USER >/dev/null 2>&1; then
|
|
adduser \
|
|
--system \
|
|
--shell /bin/bash \
|
|
--gecos 'Traefik reverse proxy user' \
|
|
--group \
|
|
--disabled-password \
|
|
--home /home/$TRAEFIK_USER \
|
|
$TRAEFIK_USER
|
|
fi
|
|
|
|
if [ ! -f $TRAEFIK_BINARY ]; then
|
|
wget -O /tmp/traefik.tar.gz "https://github.com/traefik/traefik/releases/download/$TRAEFIK_VERSION/traefik_${TRAEFIK_VERSION}_linux_amd64.tar.gz"
|
|
tar -zxvf /tmp/traefik.tar.gz -C /usr/local/bin traefik
|
|
chmod +x $TRAEFIK_BINARY
|
|
fi
|
|
|
|
mkdir -p /etc/traefik/certs
|
|
touch /etc/traefik/acme.json
|
|
chown $TRAEFIK_USER:$TRAEFIK_USER /etc/traefik/acme.json
|
|
chmod 600 /etc/traefik/acme.json
|
|
setcap 'cap_net_bind_service=+ep' /usr/local/bin/traefik
|
|
|
|
cat > "$TRAEFIK_CONF" <<EOF
|
|
entryPoints:
|
|
web:
|
|
address: ":80"
|
|
websecure:
|
|
address: ":443"
|
|
providers:
|
|
file:
|
|
filename: $DYNAMIC_CONFIG_LOCATION
|
|
watch: true
|
|
api:
|
|
dashboard: false
|
|
insecure: false
|
|
log:
|
|
level: INFO
|
|
accessLog: {}
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
acme:
|
|
email: julien.aldon@wanadoo.fr
|
|
storage: /etc/traefik/acme.json
|
|
httpChallenge:
|
|
entryPoint: web
|
|
EOF
|
|
|
|
systemctl enable traefik.service
|
|
systemctl start traefik.service
|