init commit

traefik/etc/com.rskio.ca.crt

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIF/zCCA+egAwIBAgIUUiRAdfNY8+cPZkIoKgYmCaHwb6wwDQYJKoZIhvcNAQEL
+BQAwgY0xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwG
+RGVudmVyMRIwEAYDVQQKDAlSc2tpbyBMdGQxFDASBgNVBAsMC0RldmVsb3BtZW50
+MREwDwYDVQQDDAhyc2tpby1jYTEdMBsGCSqGSIb3DQEJARYObG9zdEByc2tpby5j
+b20wIBcNMjUwMzA0MDc0NDQwWhgPMjA1MjA3MjAwNzQ0NDBaMIGNMQswCQYDVQQG
+EwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjESMBAGA1UE
+CgwJUnNraW8gTHRkMRQwEgYDVQQLDAtEZXZlbG9wbWVudDERMA8GA1UEAwwIcnNr
+aW8tY2ExHTAbBgkqhkiG9w0BCQEWDmxvc3RAcnNraW8uY29tMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEArCrI30KsrX1fywvJt3klEZXmOZaFFIl+p86c
+DC80HpBQ4YRlkWrXYor5jVPNNZMSAx9Vcu8DVqRjysHtRpajgQtNdWrpmbqH/F1r
+gcdHciedTJqxnE3JAA95hVJYewWsvInUzcgmsvYehEUGnYvFeN+rxfDBMiUDFcav
+r+FyNk51PTUb+zRdGwwrLvBN86Kc8oyjK7T8q8c10BHD0ESDOY4SeRU0ap0VpsVN
+EaGfuO5+eHqUMXj5OvoI8mzjPVZ/ELLDlFRxQVZAzcLRAXIHzIXlt2ROl5dypXyE
+l++0kVZBBk0qVLk95r8w+sYzaMH5zPUp4UFQjLFSSgyCpWpzwWrbyOdvDzcVJ3As
+8A/8lqSThbCIbHLXllqQO0Oi3oSZQm/Crn3aQw5kOUwYEyJvnlSXXMcvkHVQgLv/
+Uhl0OlQfSjwIEzL0Ezti/9kmAVHUvxBbEWu2zq5g8/3zzaVU6FX9EdPNsVTTk9Qw
+RxslLWWtUtlkhtOjD6EoruboFDxlTC7sfTrWsUF9+5O11xbowmvHPycs2QE8fn13
+paYmMLMq4XNtjErKKlYUh12/Ysca91FwUX6+JQtygzrwf0kX1ZY5oW+QpjnRAL+q
++7JD+uP14VrsJTN781e615icI0RcMvpyfnf2za6TZR8U0bov224M+kdgaAKae2jb
+h/cjLVsCAwEAAaNTMFEwHQYDVR0OBBYEFL5x8cKfmeYPZ/bcm4p6xfCWwwVHMB8G
+A1UdIwQYMBaAFL5x8cKfmeYPZ/bcm4p6xfCWwwVHMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggIBAATyoT95B5MiXmbt6PW00Gkn16RBLORTFJ6CrRB8
+J03bSYUk8H4xyT9C4jvi+HDQD66zPaMmMwoy5sSx0XUdNa+wZNTztUaKiDa9XPyU
+osztloZgH6heheyls4TCexHDmVjwPndYXLDg9X8gUIdw2hFYcjrtyRFeUuDIvQ8b
+XVrTAZ3iaPWsPYEV+PvY3EaSbTLJWmTEIbYEbx3XGIkSSsYTEqJqWaMkxlHxTJK+
+mruk7mqGeCNgyrbX7jvyxqF+U0lWG2dgw+2z70+c4uOfA3hVAcZDQAXHT1DOdDde
+WnZ1g0WH/VktF61ldd7F34ljBfVsGTvfem/gwHdjplf8eavw6L8f4bV1UbM3j7TM
+rtaNN4+Gb+1gmBMzkHpQFMF1jQifrDEhytnpRd6CP0rtzYjg6IwcRdeTTQtsI1y9
+hiEP+FRsZbj2QV7wNMfmCQG8/QAsrAVaAho6MmTlPoZaIXdiVBJPALBkfJUIUII4
+OqgAWF4uAqxQx1iUOkeq/+RQtUCMQol0k20UBA4rGQbw7WjCYhJq1DdCsYsCka6N
+rUfTI5tZSM9bUNbCabsn56OWERx0KRjY4hTZqrlbjOpnAuOF0qqUcxLhgwgtLbWz
+5eJz/ulkMtv/1woK0EqPHiDl4DqX1PIGNQFxTFJqvOC7a4Emokij6VOiz96H7mqK
+Oxh9
+-----END CERTIFICATE-----

traefik/etc/dynamic.yml

@@ -0,0 +1,56 @@
+tls:
+  options:
+    docs:
+      minVersion: VersionTLS13
+      cipherSuites:
+        - TLS_AES_256_GCM_SHA384
+        - TLS_AES_128_GCM_SHA256
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_FALLBACK_SCSV
+    dashboard:
+      minVersion: VersionTLS13
+      cipherSuites:
+        - TLS_AES_256_GCM_SHA384
+        - TLS_AES_128_GCM_SHA256
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_FALLBACK_SCSV
+      clientAuth:
+        caFiles:
+          - /etc/traefik/com.rskio.ca.crt
+        clientAuthType: RequireAndVerifyClientCert
+
+http:
+  routers:
+    traefik-dashboard:
+      rule: "Host(`oxy.rskio.com`)"
+      service: "api@internal"
+      entryPoints:
+        - "websecure"
+      middlewares:
+        - "redirect-dashboard"
+      tls:
+        options: dashboard@file
+        certResolver: rskio_certresolver
+  middlewares:
+    redirect-dashboard:
+      redirectRegex:
+        regex: "^https?://([^/]+)/?$"
+        replacement: "https://${1}/dashboard/"
+        permanent: true
+    secureHeaders:
+      headers:
+        browserXssFilter: true
+        contentTypeNosniff: true
+        forceSTSHeader: true
+        frameDeny: true
+        referrerPolicy: "same-origin"
+        sslRedirect: true
+        stsSeconds: 31536000

traefik/etc/traefik.yml

@@ -0,0 +1,44 @@
+global:
+  checkNewVersion: false
+  sendAnonymousUsage: false
+
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          priority: 10
+  websecure:
+    address: :443
+    http3:
+      advertisedPort: 443
+
+certificatesResolvers:
+  rskio_certresolver:
+    acme:
+      tlsChallenge: {}
+      email: rskntroot@gmail.com
+      storage: /letsencrypt/acme.json
+
+log:
+  level: INFO
+  format: json
+  filePath: /var/log/traefik/traefik.log
+
+accessLog:
+  format: json
+  filePath: /var/log/traefik/access.log
+
+api:
+  dashboard: true
+
+providers:
+  docker:
+    endpoint: unix:///var/run/docker.sock
+    network: hq_default
+    exposedByDefault: false
+  file:
+    filename: /etc/traefik/dynamic.yml
+    watch: true

traefik/log

@@ -0,0 +1 @@
+/var/log/traefik/

traefik/tls/.required.md

@@ -0,0 +1,3 @@
+# Required
+
+this dir is required to enable traefik letsencrypt