init

Makefile

@@ -0,0 +1,11 @@
+default: help
+include *.mk
+
+start: docker-compose-start ##- Start
+#deploy: docker-compose-deploy ##- Deploy (start remotely)
+deploy: docker-compose-build docker-compose-deploy
+
+.PHONY: passwd
+passwd: environment
+	@echo "Changing password for user 'docker'"
+	$(load_env); docker-compose run --entrypoint htpasswd registry -cB /auth/htpasswd docker

default.env

@@ -0,0 +1,3 @@
+COMPOSE_PROJECT_NAME=traefik
+DOCKER_HOST=ssh://root@jackbot.fr
+APP_FQDN=traefik.domain

docker-compose.mk

@@ -0,0 +1,35 @@
+compose_files :=
+
+.PHONY: docker-compose-pull
+docker-compose-pull: environment ##- Pull latest containers
+	$(info *** Pulling containers ***)
+	-$(load_env); docker-compose ${compose_files} pull
+
+.PHONY: docker-compose-build
+docker-compose-build: environment ##- Build containers
+	$(info *** Building containers ***)
+	$(load_env); docker-compose ${compose_files} build
+
+.PHONY: docker-compose-start
+docker-compose-start: environment ##- Start containers
+	$(info *** Starting containers ***)
+	$(load_env); docker-compose ${compose_files} up -d
+
+.PHONY: docker-compose-stop
+docker-compose-stop: environment ##- Stop containers
+	$(info *** Stopping containers ***)
+	$(load_env); docker-compose ${compose_files} down
+
+.PHONY: docker-compose-logs
+docker-compose-logs: environment ##- Print containers logs
+	$(info *** Printing containers logs ***)
+	$(load_env); docker-compose ${compose_files} logs -f
+
+.PHONY: docker-compose-check-remote-env
+docker-compose-check-remote-env: environment ##- Check environment variables
+	$(info *** Checking env variables ***)
+	$(load_env); test $$DOCKER_HOST
+	$(load_env); test $$COMPOSE_PROJECT_NAME
+
+.PHONY: docker-compose-deploy
+docker-compose-deploy: docker-compose-check-remote-env docker-compose-start ##- Deploy containers

docker-compose.yml

@@ -0,0 +1,46 @@
+version: '3.7'
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:v2.3
+    container_name: traefik_reverse-proxy
+    restart: always
+    # Enables the web UI and tells Traefik to listen to docker
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.network=traefik_default"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+    ports:
+      # The HTTP port
+#      - "80:80"
+      # The HTTPS port
+#      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8084:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock
+#      - /home/jack/volumes/traefik/traefik.toml:/etc/traefik/traefik.toml
+#      - /home/jack/volumes/traefik/services.toml:/etc/traefik/services/services.toml
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.jackbot.fr`)"
+      - "traefik.http.routers.dashboard.entrypoints=web"
+      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
+      - "traefik.docker.network=traefik_default"
+      - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.30"
+#    - "traefik.http.routers.api.service=api@internal"
+#    - "traefik.http.routers.api.entrypoints=web"
+#    - "traefik.http.routers.api.middlewares=auth"
+#    - "traefik.http.middlewares.auth.basicauth.users=Jack:$apr1$VteRdqde$Q1o/Z5x2cUBtIhK4/6xfS0"
+    networks:
+      - traefik_default
+      - default
+
+networks:
+  traefik_default:
+#    external: true

env.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -eu
+
+stage=${1:-'default'}
+
+cat <<EOF
+COMPOSE_PROJECT_NAME=registry
+EOF
+
+case "$stage" in
+	"default")
+		cat <<-EOF
+		EOF
+		;;
+
+	"production")
+		cat <<-EOF
+		EOF
+		;;
+
+	*)
+		echo "Unknown stage $stage" >&2
+		exit 1
+		;;
+esac

environment.mk

@@ -0,0 +1,30 @@
+stage ?= default
+
+.PHONY: environment
+environment: ${stage}.env ##- Define environment variables
+	@test ${stage} || (echo 'stage not set'; exit 1)
+	@$(eval ENV_FILE?=./${stage}.env)
+	@$(eval load_env=set -a;. ${ENV_FILE};set +a)
+
+%.env: env.sh
+	@echo "Env file $@ is not found or obsolete"
+	@echo "Please update it (review and touch, or call make [-e stage=${stage}] generate-env)"; exit 1
+
+.PHONY: generate-env
+generate-env: env.sh ##- Generate environment file ${stage}.env
+	@test ${stage} || (echo 'stage not set'; exit 1)
+	@./env.sh ${stage} > ${stage}.env
+	@$(eval OVERRIDE_ENV_FILE?=./override.env)
+	@[ -f "${OVERRIDE_ENV_FILE}" ] && echo "Appending environment override"; true
+	@(([ -x "${OVERRIDE_ENV_FILE}" ] && "${OVERRIDE_ENV_FILE}") || \
+		([ -r "${OVERRIDE_ENV_FILE}" ] && cat "${OVERRIDE_ENV_FILE}") || true) | tee -a ${stage}.env
+	@echo "Environment file ${stage}.env generated"
+
+.PHONY: dump-env
+dump-env: environment ##- Dump environment
+	@echo "dump ENV_FILE: ${ENV_FILE}"
+	$(load_env); env
+
+.PHONY: shell-env
+shell-env: environment ##- Start a local shell with environment
+	@$(load_env); PS1='env$$ ' ${SHELL}

help.mk

@@ -0,0 +1,4 @@
+help: ##- Show this help.
+	@echo 'Usage: make <target> (see target list below)'
+	@echo
+	@sed -e '/#\{2\}-/!d; s/\\$$//; s/:[^#\t]*/:/; s/#\{2\}-*//' $(MAKEFILE_LIST)

override.env

@@ -0,0 +1,2 @@
+DOCKER_HOST=ssh://root@192.168.1.16
+APP_FQDN=traefik.domain