From dd869fae0e8fb0932f7443129307f57e6613d568 Mon Sep 17 00:00:00 2001 From: Leif Madsen Date: Wed, 8 Mar 2017 16:12:47 -0500 Subject: [PATCH] Add initial traefik support Adding initial traefik support to start wrapping our web services with a reverse proxy to keep the number of ports being exposed much simpler. Closes #93 --- .env | 2 ++ docker-compose.yml | 50 ++++++++++++++++++++++++++++++---------------- 2 files changed, 35 insertions(+), 17 deletions(-) create mode 100644 .env diff --git a/.env b/.env new file mode 100644 index 0000000..176d8a6 --- /dev/null +++ b/.env @@ -0,0 +1,2 @@ +PROXY_DOMAIN=toad.tld +PROXY_LOG_LEVEL=DEBUG diff --git a/docker-compose.yml b/docker-compose.yml index 9a7e53d..af25255 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,15 +1,27 @@ +# vim: tabstop=2 shiftwidth=2 expandtab version: '2' # docker-compose file to launch jenkins_master/ELK stack instead of VM. services: + proxy: + image: traefik + command: --web --docker --docker.domain=${PROXY_DOMAIN} --docker.exposedbydefault=false --logLevel=${PROXY_LOG_LEVEL} + ports: + - "80:80" + - "8080:8080" + - "443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /dev/null:/traefik.toml jenkins_master: build: context: ./dockerfiles dockerfile: centos7_base - container_name: jenkins_master entrypoint: /sbin/init privileged: true + depends_on: + - proxy security_opt: - seccomp:unconfined volumes: @@ -19,15 +31,18 @@ services: - ./container_data/jenkins/data:/var/lib/jenkins/userContent - ./container_data/jenkins/log:/var/log/jenkins - ./container_data/jenkins/jobs:/etc/jenkins_jobs - entrypoint: /sbin/init - ports: - - "8080:8080" + labels: + - "traefik.enable=true" + - "traefik.backend=jenkins_master" + - "traefik.frontend.rule=Host:${PROXY_DOMAIN};Path:/jenkins" + - "traefik.port=8080" + expose: + - "8080" logstash: build: context: ./dockerfiles dockerfile: centos7_base - container_name: logstash entrypoint: /sbin/init privileged: true security_opt: @@ -38,15 +53,13 @@ services: - ./:/opt/toad - ./container_data/logstash/config:/etc/logstash/conf.d - ./container_data/logstash/log:/var/log/logstash/logstash.log - entrypoint: /sbin/init - ports: - - "5044:5044" + expose: + - "5044" elasticsearch: build: context: ./dockerfiles dockerfile: centos7_base - container_name: elasticsearch entrypoint: /sbin/init privileged: true security_opt: @@ -58,17 +71,17 @@ services: - ./container_data/elasticsearch/log:/var/log/elasticsearch - ./container_data/elasticsearch/data:/var/lib/elasticsearch - ./container_data/elasticsearch/config:/etc/elasticsearch - entrypoint: /sbin/init - ports: - - "9200:9200" + expose: + - "9200" kibana: build: context: ./dockerfiles dockerfile: centos7_base - container_name: kibana entrypoint: /sbin/init privileged: true + depends_on: + - proxy security_opt: - seccomp:unconfined volumes: @@ -76,7 +89,10 @@ services: - /sys/fs/cgroup:/sys/fs/cgroup:ro - ./:/opt/toad - ./container_data/kibana/config:/opt/kibana/config - entrypoint: /sbin/init - ports: - - "443:443" - - "5601:5601" + labels: + - "traefik.enable=true" + - "traefik.backend=kibana" + - "traefik.frontend.rule=Host:${PROXY_DOMAIN};Path:/kibana" + - "traefik.port=5601" + expose: + - "5601"