From eb0c94131388f659fa014d533386e6081a8c9583 Mon Sep 17 00:00:00 2001
From: Luis Coutinho <luis@luiscoutinho.pt>
Date: Sat, 9 Feb 2019 11:25:21 +0000
Subject: [PATCH] Add traefik (#1916)

* Add mosquitto broker
* Add documetation to mosquitto
* Add traefik
---
 DOCUMENTATION/content/documentation/index.md | 82 +++++++++++++++++++-
 docker-compose.yml                           | 18 +++++
 env-example                                  |  7 ++
 traefik/Dockerfile                           |  7 ++
 traefik/acme.json                            |  0
 traefik/traefik.toml                         | 23 ++++++
 6 files changed, 136 insertions(+), 1 deletion(-)
 create mode 100644 traefik/Dockerfile
 create mode 100644 traefik/acme.json
 create mode 100644 traefik/traefik.toml

diff --git a/DOCUMENTATION/content/documentation/index.md b/DOCUMENTATION/content/documentation/index.md
index 743d11e0..089e4ecf 100644
--- a/DOCUMENTATION/content/documentation/index.md
+++ b/DOCUMENTATION/content/documentation/index.md
@@ -1121,6 +1121,87 @@ docker-compose up -d grafana
 
 
 
+<br>
+<a name="Use-Traefik"></a>
+## Use Traefik
+
+To use Traefik you need to do some changes in `traefik/trafik.toml` and `docker-compose.yml`.
+
+1 - Open `traefik.toml` and change the `e-mail` property in `acme` section.
+
+2 - Change your domain in `acme.domains`. For example: `main = "example.org"`
+
+2.1 - If you have subdomains, you must add them to `sans` property in `acme.domains` section.
+
+```bash
+[[acme.domais]]
+  main = "example.org"
+  sans = ["monitor.example.org", "pma.example.org"]
+```
+
+3 - If you need to add basic authentication (https://docs.traefik.io/configuration/entrypoints/#basic-authentication), you just need to add the following text after `[entryPoints.https.tls]`:
+
+```bash
+[entryPoints.https.auth.basic]
+  users = ["user:password"]
+```
+
+4 - You need to change the `docker-compose.yml` file to match the Traefik needs. If you want to use Traefik, you must not expose the ports of each container to the internet, but specify some labels.
+
+4.1 For example, let's try with NGINX. You must have:
+
+```bash
+nginx:
+  build:
+    context: ./nginx
+    args:
+      - PHP_UPSTREAM_CONTAINER=${NGINX_PHP_UPSTREAM_CONTAINER}
+      - PHP_UPSTREAM_PORT=${NGINX_PHP_UPSTREAM_PORT}
+      - CHANGE_SOURCE=${CHANGE_SOURCE}
+  volumes:
+    - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}
+    - ${NGINX_HOST_LOG_PATH}:/var/log/nginx
+    - ${NGINX_SITES_PATH}:/etc/nginx/sites-available
+  depends_on:
+    - php-fpm
+  networks:
+    - frontend
+    - backend
+  labels:
+    - traefik.backend=nginx
+    - traefik.frontend.rule=Host:example.org
+    - traefik.port=80
+```
+
+instead of
+
+```bash
+nginx:
+  build:
+    context: ./nginx
+    args:
+      - PHP_UPSTREAM_CONTAINER=${NGINX_PHP_UPSTREAM_CONTAINER}
+      - PHP_UPSTREAM_PORT=${NGINX_PHP_UPSTREAM_PORT}
+      - CHANGE_SOURCE=${CHANGE_SOURCE}
+  volumes:
+    - ${APP_CODE_PATH_HOST}:${APP_CODE_PATH_CONTAINER}
+    - ${NGINX_HOST_LOG_PATH}:/var/log/nginx
+    - ${NGINX_SITES_PATH}:/etc/nginx/sites-available
+    - ${NGINX_SSL_PATH}:/etc/nginx/ssl
+  ports:
+    - "${NGINX_HOST_HTTP_PORT}:80"
+    - "${NGINX_HOST_HTTPS_PORT}:443"
+  depends_on:
+    - php-fpm
+  networks:
+    - frontend
+    - backend
+```
+
+
+
+
+
 <br>
 <a name="Use-Mosquitto"></a>
 ## Use Mosquitto (MQTT Broker)
@@ -1144,7 +1225,6 @@ docker-compose up -d mosquitto
 
 
 
-
 <br>
 <a name="CodeIgniter"></a>
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 7ed9f9f9..693ed2e0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1331,6 +1331,24 @@ services:
           aliases:
             - fetchmail
 
+### TRAEFIK #########################################
+    traefik:
+      build:
+        context: ./traefik
+      command: --docker
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+      ports:
+        - "${TRAEFIK_HOST_HTTP_PORT}:80"
+        - "${TRAEFIK_HOST_HTTPS_PORT}:443"
+      networks:
+        - frontend
+        - backend
+      labels:
+        - traefik.backend=traefik
+        - traefik.frontend.rule=Host:monitor.localhost
+        - traefik.port=8080
+
 ### MOSQUITTO Broker #########################################
     mosquitto:
       build:
diff --git a/env-example b/env-example
index ca17871f..d4f127fc 100644
--- a/env-example
+++ b/env-example
@@ -623,6 +623,13 @@ MAILU_WEBMAIL=rainloop
 # Dav server implementation (value: radicale, none)
 MAILU_WEBDAV=radicale
 
+
+### TRAEFIK #################################################
+
+TRAEFIK_HOST_HTTP_PORT=80
+TRAEFIK_HOST_HTTPS_PORT=443
+
+
 ### MOSQUITTO #################################################
 
 MOSQUITTO_PORT=9001
diff --git a/traefik/Dockerfile b/traefik/Dockerfile
new file mode 100644
index 00000000..73825fd4
--- /dev/null
+++ b/traefik/Dockerfile
@@ -0,0 +1,7 @@
+FROM traefik:1.7.5-alpine
+
+LABEL maintainer="Luis Coutinho <luis@luiscoutinho.pt>"
+
+COPY traefik.toml acme.json /
+
+RUN chmod 600 /acme.json
diff --git a/traefik/acme.json b/traefik/acme.json
new file mode 100644
index 00000000..e69de29b
diff --git a/traefik/traefik.toml b/traefik/traefik.toml
new file mode 100644
index 00000000..5875b94c
--- /dev/null
+++ b/traefik/traefik.toml
@@ -0,0 +1,23 @@
+defaultEntryPoints = ["http", "https"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+      entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+
+[web]
+address = ":8080"
+[acme]
+email = "email@example.org"
+storage = "acme.json"
+entryPoint = "https"
+onHostRule = true
+  [acme.httpChallenge]
+    entryPoint = "http"
+
+[[acme.domais]]
+  main = "localhost"