Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2026-02-23 19:50:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement the traefik plugin

Browse Source 
This plugin uses a docker-compose based Traefik installation in conjunction with injected container labels to route requests. It only exposes the minimal necessary for routing traffic to docker containers. Users wishing to customize further labels may explore using the docker-options plugin to attach additional labels during the 'deploy' phase.
This commit is contained in:
Jose Diaz-Gonzalez
2022-08-10 04:17:50 -04:00
parent 45e250443c
commit 8fe122ffbd
20 changed files with 810 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@@ -3,7 +3,7 @@ Version: 0.27.10
Section: web
Priority: optional
Architecture: amd64
Depends: locales, git, cpio, curl, man-db, netcat, sshcommand (>= 0.12.0), docker-engine-cs (>= 17.05.0) | docker-engine (>= 17.05.0) | docker-io (>= 17.05.0) | docker.io (>= 17.05.0) | docker-ce (>= 17.05.0) | docker-ee (>= 17.05.0) | moby-engine, docker-image-labeler (>= 0.2.2), lambda-builder, net-tools, netrc, software-properties-common, parallel, procfile-util (>= 0.11.0), python-software-properties | python3-software-properties, rsync, rsyslog, dos2unix, jq, unzip
Depends: apache2-utils, locales, git, cpio, curl, man-db, netcat, sshcommand (>= 0.12.0), docker-engine-cs (>= 17.05.0) | docker-engine (>= 17.05.0) | docker-io (>= 17.05.0) | docker.io (>= 17.05.0) | docker-ce (>= 17.05.0) | docker-ee (>= 17.05.0) | moby-engine, docker-image-labeler (>= 0.2.2), lambda-builder, net-tools, netrc, software-properties-common, parallel, procfile-util (>= 0.11.0), python-software-properties | python3-software-properties, rsync, rsyslog, dos2unix, jq, unzip
Recommends: herokuish (>= 0.3.4), bash-completion, dokku-update, dokku-event-listener
Pre-Depends: gliderlabs-sigil, nginx (>= 1.8.0) | openresty, dnsutils, cgroupfs-mount | cgroup-lite, plugn (>= 0.3.0), sudo, python3, debconf
Maintainer: Jose Diaz-Gonzalez <dokku@josediazgonzalez.com>

229
docs/networking/proxies/traefik.md Normal file
View File

@@ -0,0 +1,229 @@
# Traefik Configuration
Dokku provides integration with the [Traefik](https://traefik.io/) proxy service by utilizing the Docker label-based integration implemented by Traefik.
```
traefik:report [<app>] [<flag>] # Displays a traefik report for one or more apps
traefik:logs [--num num] [--tail] # Display traefik log output
traefik:set <app> <property> (<value>) # Set or clear an traefik property for an app
traefik:show-config <app> # Display traefik compose config
traefik:start # Starts the traefik server
traefik:stop # Stops the traefik server
```
## Usage
> Warning: As using multiple proxy plugins on a single Dokku installation can lead to issues routing requests to apps, doing so should be avoided. As the default proxy implementation is nginx, users are encouraged to stop the nginx service before switching to Traefik.
The Traefik plugin has specific rules for routing requests:
- Traefik integration is exposed via docker labels attached to containers. Changes in labels require either app deploys or rebuilds.
- While Traefik will respect labels associated with other containers, only `web` containers have Traefik labels injected by the plugin.
- Only `http:80` and `https:443` port mappings are supported.
- If no `http:80` mapping is found, the first `http` port mapping is used for http requests.
- If no `https:443` mapping is found, the first `https` port mapping is used for http requests.
- If no `https` mapping is found, the container port from `http:80` will be used for https requests.
### Switching to Traefik
To use the Traefik plugin, use the `proxy:set` command for the app in question:
```shell
dokku proxy:set node-js-app traefik
```
This will enable the docker label-based Traefik integration. All future deploys will inject the correct labels for Traefik to read and route requests to containers. Due to the docker label-based integration used by Traefik, a single deploy or rebuild will be required before requests will route successfully.
```shell
dokku ps:rebuild node-js-app
```
Any changes to domains or port mappings will also require either a deploy or rebuild.
### Starting Traefik container
Traefik can be started via the `traefik:start` command. This will start a Traefik container via the `docker compose up` command.
```shell
dokku traefik:start
```
### Stopping the Traefik container
Traefik may be stopped via the `traefik:stop` command.
```shell
dokku traefik:stop
```
The Traefik container will be stopped and removed from the system. If the container is not running, this command will do nothing.
### Showing the Traefik compose config
For debugging purposes, it may be useful to show the Traefik compose config. This can be achieved via the `traefik:show-config` command.
```shell
dokku traefik:show-config
```
### Customizing the Traefik container image
While the default Traefik image is hardcoded, users may specify an alternative by setting the `image` property with the `--global` flag:
```shell
dokku traefik:set --global image traefik:v2.8
```
#### Checking the Traefik container's logs
It may be necessary to check the Traefik container's logs to ensure that Traefik is operating as expected. This can be performed with the `traefik:logs` command.
```shell
dokku traefik:logs
```
This command also supports the following modifiers:
```shell
--num NUM # the number of lines to display
--tail # continually stream logs
```
You can use these modifiers as follows:
```shell
dokku traefik:logs --tail --num 10
```
The above command will show logs continually from the vector container, with an initial history of 10 log lines
### Changing the Traefik log level
Traefik log output is set to `ERROR` by default. It may be changed by setting the `log-level` property with the `--global` flag:
```shell
dokku traefik:set --global log-level DEBUG
```
After modifying, the Traefik container will need to be restarted.
### Enabling letsencrypt integration
By default, letsencrypt is disabled and https port mappings are ignored. To enable, set the `letsencrypt-email` property with the `--global` flag:
```shell
dokku traefik:set --global letsencrypt-email automated@dokku.sh
```
After enabling, apps will need to be rebuilt and the Traefik container will need to be restarted. All http requests will then be redirected to https.
### API Access
Traefik exposes an API and Dashboard, which Dokku disables by default for security reasons. It can be exposed and customized as described below.
#### Enabling the api
> Warning: Users enabling the dashboard should also enable api basic auth.
By default, the api is disabled. To enable, set the `api` property with the `--global` flag:
```shell
dokku traefik:set --global api true
```
After enabling, the Traefik container will need to be restarted.
#### Enabling the dashboard
> Warning: Users enabling the dashboard should also enable api basic auth.
By default, the dashboard is disabled. To enable, set the `dashboard` property with the `--global` flag:
```shell
dokku traefik:set --global dashboard true
```
After enabling, the Traefik container will need to be restarted.
#### Enabling api basic auth
Users enabling either the api or dashboard are encouraged to enable basic auth. This will apply _only_ to the api/dashboard, and not to apps. To enable, set the `basic-auth-username` and `basic-auth-password` properties with the `--global` flag:. Both must be set or basic auth will not be enabled.
```shell
dokku traefik:set --global basic-auth-username username
dokku traefik:set --global basic-auth-password password
```
After enabling, the Traefik container will need to be restarted.
#### Customizing the api hostname
The hostname used for the api and dashboard is set to `traefik.dokku.me` by default. It can be customized by setting the `api-vhost` property with the `--global` flag:
```shell
dokku traefik:set --global api-vhost lb.dokku.me
```
After enabling, the Traefik container will need to be restarted.
## Displaying Traefik reports for an app
You can get a report about the app's Traefik config using the `traefik:report` command:
```shell
dokku traefik:report
```
```
=====> node-js-app traefik information
Traefik api enabled: false
Traefik api vhost: traefik.dokku.me
Traefik basic auth password: password
Traefik basic auth username: user
Traefik dashboard enabled: false
Traefik image: traefik:v2.8
Traefik letsencrypt email:
Traefik log level: ERROR
=====> python-app traefik information
Traefik api enabled: false
Traefik api vhost: traefik.dokku.me
Traefik basic auth password: password
Traefik basic auth username: user
Traefik dashboard enabled: false
Traefik image: traefik:v2.8
Traefik letsencrypt email:
Traefik log level: ERROR
=====> ruby-app traefik information
Traefik api enabled: false
Traefik api vhost: traefik.dokku.me
Traefik basic auth password: password
Traefik basic auth username: user
Traefik dashboard enabled: false
Traefik image: traefik:v2.8
Traefik letsencrypt email:
Traefik log level: ERROR
```
You can run the command for a specific app also.
```shell
dokku traefik:report node-js-app
```
```
=====> node-js-app traefik information
Traefik api enabled: false
Traefik api vhost: traefik.dokku.me
Traefik basic auth password: password
Traefik basic auth username: user
Traefik dashboard enabled: false
Traefik image: traefik:v2.8
Traefik letsencrypt email:
Traefik log level: ERROR
```
You can pass flags which will output only the value of the specific information you want. For example:
```shell
dokku traefik:report node-js-app --traefik-api-enabled
```

1
docs/template.html
View File

@@ -176,6 +176,7 @@
<a href="/{{NAME}}/networking/proxy-management/" class="list-group-item">Proxy Management</a>
<a href="/{{NAME}}/networking/proxies/nginx/" class="list-group-item">Nginx Proxy</a>
<a href="/{{NAME}}/networking/proxies/traefik/" class="list-group-item">Traefik Proxy</a>
<a href="#" class="list-group-item disabled">Advanced Usage</a>

3
dokku
View File

@@ -141,6 +141,9 @@ execute_dokku_cmd() {
nginx | nginx:*)
local PLUGIN_NAME=${PLUGIN_NAME/nginx/nginx-vhosts}
;;
traefik | traefik:*)
local PLUGIN_NAME=${PLUGIN_NAME/traefik/traefik-vhosts}
;;
deploy | cleanup | url | urls | report)
local PLUGIN_NAME="00_dokku-standard"
;;

146
plugins/traefik-vhosts/command-functions Executable file
View File

@@ -0,0 +1,146 @@
#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_AVAILABLE_PATH/traefik-vhosts/internal-functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
cmd-traefik-report() {
declare desc="displays a traefik report for one or more apps"
declare cmd="traefik:report"
[[ "$1" == "$cmd" ]] && shift 1
declare APP="$1" INFO_FLAG="$2"
if [[ -n "$APP" ]] && [[ "$APP" == --* ]]; then
INFO_FLAG="$APP"
APP=""
fi
if [[ -z "$APP" ]] && [[ -z "$INFO_FLAG" ]]; then
INFO_FLAG="true"
fi
if [[ -z "$APP" ]]; then
for app in $(dokku_apps); do
cmd-traefik-report-single "$app" "$INFO_FLAG" | tee || true
done
else
cmd-traefik-report-single "$APP" "$INFO_FLAG"
fi
}
cmd-traefik-report-single() {
declare APP="$1" INFO_FLAG="$2"
if [[ "$INFO_FLAG" == "true" ]]; then
INFO_FLAG=""
fi
verify_app_name "$APP"
local flag_map=(
"--traefik-api-enabled: $(fn-traefik-api-enabled)"
"--traefik-api-vhost: $(fn-traefik-api-vhost)"
"--traefik-basic-auth-password: $(fn-traefik-basic-auth-password)"
"--traefik-basic-auth-username: $(fn-traefik-basic-auth-username)"
"--traefik-dashboard-enabled: $(fn-traefik-dashboard-enabled)"
"--traefik-image: $(fn-traefik-image)"
"--traefik-letsencrypt-email: $(fn-traefik-letsencrypt-email)"
"--traefik-log-level: $(fn-traefik-log-level)"
)
if [[ -z "$INFO_FLAG" ]]; then
dokku_log_info2_quiet "${APP} traefik information"
for flag in "${flag_map[@]}"; do
key="$(echo "${flag#--}" | cut -f1 -d' ' | tr - ' ')"
dokku_log_verbose "$(printf "%-30s %-25s" "${key^}" "${flag#*: }")"
done
else
local match=false
local value_exists=false
for flag in "${flag_map[@]}"; do
valid_flags="${valid_flags} $(echo "$flag" | cut -d':' -f1)"
if [[ "$flag" == "${INFO_FLAG}:"* ]]; then
value=${flag#*: }
size="${#value}"
if [[ "$size" -ne 0 ]]; then
echo "$value" && match=true && value_exists=true
else
match=true
fi
fi
done
[[ "$match" == "true" ]] || dokku_log_fail "Invalid flag passed, valid flags:${valid_flags}"
fi
}
cmd-traefik-logs() {
declare desc="display traefik logs from command line"
declare cmd="traefik:logs"
[[ "$1" == "$cmd" ]] && shift 1
local NUM="100" TAIL=false
local TEMP=$(getopt -o htn: --long help,tail,num: -n 'dokku traefik:logs' -- "$@")
local EXIT_CODE="$?"
if [[ "$EXIT_CODE" != 0 ]]; then
fn-traefik-logs-usage >&2
exit 1
fi
eval set -- "$TEMP"
while true; do
case "$1" in
-t | --tail)
local TAIL=true
shift
;;
-n | --num)
local NUM="$2"
shift 2
;;
--)
shift
break
;;
*) dokku_log_fail "Internal error" ;;
esac
done
fn-traefik-logs "$TAIL" "$NUM"
}
cmd-traefik-show-config() {
declare desc="display traefik config"
declare cmd="traefik:show-config"
[[ "$1" == "$cmd" ]] && shift 1
local TMP_COMPOSE_FILE=$(mktemp "/tmp/dokku-${DOKKU_PID}-${FUNCNAME[0]}.XXXXXX")
trap "rm -rf '$TMP_COMPOSE_FILE' >/dev/null" RETURN INT TERM EXIT
fn-traefik-template-compose-file "$TMP_COMPOSE_FILE"
cat "$TMP_COMPOSE_FILE"
}
cmd-traefik-start() {
declare desc="Starts the traefik server"
declare cmd="traefik:start"
[[ "$1" == "$cmd" ]] && shift 1
local TMP_COMPOSE_FILE=$(mktemp "/tmp/dokku-${DOKKU_PID}-${FUNCNAME[0]}.XXXXXX")
trap "rm -rf '$TMP_COMPOSE_FILE' >/dev/null" RETURN INT TERM EXIT
touch "${DOKKU_LIB_ROOT}/data/traefik/traefik-acme.json"
chmod 600 "${DOKKU_LIB_ROOT}/data/traefik/traefik-acme.json"
fn-traefik-template-compose-file "$TMP_COMPOSE_FILE"
"$DOCKER_BIN" compose -f "$TMP_COMPOSE_FILE" -p traefik up -d --quiet-pull
}
cmd-traefik-stop() {
declare desc="Starts the traefik server"
declare cmd="traefik:start"
[[ "$1" == "$cmd" ]] && shift 1
local TMP_COMPOSE_FILE=$(mktemp "/tmp/dokku-${DOKKU_PID}-${FUNCNAME[0]}.XXXXXX")
trap "rm -rf '$TMP_COMPOSE_FILE' >/dev/null" RETURN INT TERM EXIT
touch "${DOKKU_LIB_ROOT}/data/traefik/traefik-acme.json"
chmod 600 "${DOKKU_LIB_ROOT}/data/traefik/traefik-acme.json"
fn-traefik-template-compose-file "$TMP_COMPOSE_FILE"
"$DOCKER_BIN" compose -f "$TMP_COMPOSE_FILE" -p traefik down --remove-orphans
}

16
plugins/traefik-vhosts/commands Executable file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env bash
[[ " traefik:help help " == *" $1 "* ]] || exit "$DOKKU_NOT_IMPLEMENTED_EXIT"
source "$PLUGIN_AVAILABLE_PATH/traefik-vhosts/help-functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
case "$1" in
help | traefik:help)
cmd-traefik-help "$@"
;;
*)
exit "$DOKKU_NOT_IMPLEMENTED_EXIT"
;;
esac

19
plugins/traefik-vhosts/core-post-deploy Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
trigger-traefik-vhosts-core-post-deploy() {
declare desc="traefik-vhosts core-post-deploy plugin trigger"
declare trigger="core-post-deploy"
declare APP="$1"
local HAS_NETWORK_CONFIG
if [[ "$(plugn trigger proxy-type "$APP")" != "traefik" ]]; then
return
fi
dokku_log_info1 "Routing app via traefik"
}
trigger-traefik-vhosts-core-post-deploy "$@"

121
plugins/traefik-vhosts/docker-args-process-deploy Executable file
View File

@@ -0,0 +1,121 @@
#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
trigger-traefik-vhosts-docker-args-process-deploy() {
declare desc="nginx-vhosts core-post-deploy plugin trigger"
declare trigger="docker-args-process-deploy"
declare APP="$1" IMAGE_SOURCE_TYPE="$2" IMAGE_TAG="$3" PROC_TYPE="$4" CONTAINER_INDEX="$5"
local app_domains is_app_listening output proxy_container_port proxy_host_port port_map proxy_port_map proxy_scheme proxy_schemes traefik_domains
local proxy_container_http_port proxy_container_http_port_candidate proxy_host_http_port_candidate
local proxy_container_https_port proxy_container_https_port_candidate proxy_host_https_port_candidate
local app_urls_path="$DOKKU_ROOT/$APP/URLS"
local STDIN=$(cat)
if [[ "$PROC_TYPE" != "web" ]]; then
return
fi
if [[ "$(plugn trigger proxy-type "$APP")" != "traefik" ]]; then
return
fi
if [[ "$(plugn trigger proxy-is-enabled "$APP")" != "true" ]]; then
return
fi
if ! plugn trigger domains-vhost-enabled "$APP" 2>/dev/null; then
return
fi
# run this silently or the output will be set as a label
plugn trigger domains-setup "$APP" >/dev/null
# ensure we have a port mapping
plugn trigger proxy-configure-ports "$APP"
# gather port mapping information
# we only support proxying a single port for http and https listeners
# so this block parses the port mappings and tries to find the correct
# mapping to expose
is_app_listening="false"
proxy_port_map="$(plugn trigger config-get "$APP" DOKKU_PROXY_PORT_MAP)"
for port_map in $proxy_port_map; do
proxy_scheme="$(awk -F ':' '{ print $1 }' <<<"$port_map")"
proxy_host_port="$(awk -F ':' '{ print $2 }' <<<"$port_map")"
proxy_container_port="$(awk -F ':' '{ print $3 }' <<<"$port_map")"
if [[ "$proxy_scheme" == "http" ]]; then
is_app_listening="true"
if [[ -z "$proxy_container_http_port_candidate" ]]; then
proxy_container_http_port_candidate="$proxy_container_port"
proxy_host_http_port_candidate="$proxy_host_port"
fi
if [[ "$proxy_host_port" == "80" ]] && [[ -z "$proxy_container_http_port" ]]; then
proxy_container_http_port="$proxy_container_port"
fi
fi
if [[ "$proxy_scheme" == "https" ]]; then
is_app_listening="true"
if [[ -z "$proxy_container_https_port_candidate" ]]; then
proxy_container_https_port_candidate="$proxy_container_port"
proxy_host_https_port_candidate="$proxy_host_port"
fi
if [[ "$proxy_host_port" == "443" ]] && [[ -z "$proxy_container_https_port" ]]; then
proxy_container_https_port="$proxy_container_port"
fi
fi
done
# add the labels for traefik here
# any `http:80` port mapping is treated as a `web` traefik entrypoint
# any `https:443` port mapping is treated as a `websecure` traefik entrypoint
if [[ -n "$is_app_listening" ]]; then
app_domains="$(plugn trigger domains-list "$APP")"
if [[ -n "$app_domains" ]]; then
traefik_domains="$(echo "$app_domains" | xargs)"
traefik_domains="${traefik_domains// /\\\`,\\\`}"
fi
output="--label traefik.enable=true"
if [[ -n "$proxy_container_http_port" ]] || [[ -n "$proxy_container_http_port_candidate" ]]; then
if [[ -z "$proxy_container_http_port" ]]; then
dokku_log_warn "Warning: http:80 port mapping not found"
dokku_log_warn "Utilizing first http port mapping, http:$proxy_host_http_port_candidate:$proxy_container_http_port_candidate"
proxy_container_http_port="$proxy_container_http_port_candidate"
fi
output="$output --label traefik.http.services.$APP-$PROC_TYPE.loadbalancer.server.port=$proxy_container_http_port"
output="$output --label traefik.http.routers.$APP-$PROC_TYPE.entrypoints=web"
if [[ -n "$traefik_domains" ]]; then
output="$output --label \"traefik.http.routers.$APP-$PROC_TYPE.rule=Host(\\\`$traefik_domains\\\`)\""
echo "# THIS FILE IS GENERATED BY DOKKU - DO NOT EDIT, YOUR CHANGES WILL BE OVERWRITTEN" >"$app_urls_path"
xargs -I{} echo "http://{}" <<<"$(echo "${app_domains}" | tr ' ' '\n' | sort -u)" >>"$app_urls_path"
fi
fi
if [[ -n "$proxy_container_https_port" ]] || [[ -n "$proxy_container_https_port_candidate" ]]; then
if [[ -z "$proxy_container_https_port" ]]; then
dokku_log_warn "Warning: https:443 port mapping not found"
dokku_log_warn "Utilizing first https port mapping, http:$proxy_host_https_port_candidate:$proxy_container_https_port_candidate"
proxy_container_https_port="$proxy_container_https_port_candidate"
fi
output="$output --label traefik.http.services.$APP-$PROC_TYPE-secure.loadbalancer.server.port=$proxy_container_https_port"
output="$output --label traefik.http.routers.$APP-$PROC_TYPE-secure.entrypoints=websecure"
if [[ -n "$traefik_domains" ]]; then
output="$output --label \"traefik.http.routers.$APP-$PROC_TYPE-secure.rule=Host(\\\`$traefik_domains\\\`)\""
echo "# THIS FILE IS GENERATED BY DOKKU - DO NOT EDIT, YOUR CHANGES WILL BE OVERWRITTEN" >"$app_urls_path"
xargs -I{} echo "https://{}" <<<"$(echo "${app_domains}" | tr ' ' '\n' | sort -u)" >>"$app_urls_path"
fi
fi
fi
echo -n "$STDIN$output"
}
trigger-traefik-vhosts-docker-args-process-deploy "$@"

36
plugins/traefik-vhosts/help-functions Executable file
View File

@@ -0,0 +1,36 @@
#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
cmd-traefik-help() {
declare desc="help command"
declare CMD="$1"
local plugin_name="traefik"
local plugin_description="Manage mounted volumes"
if [[ "$CMD" == "${plugin_name}:help" ]]; then
echo -e "Usage: dokku ${plugin_name}[:COMMAND]"
echo ''
echo "$plugin_description"
echo ''
echo 'Additional commands:'
fn-help-content | sort | column -c2 -t -s,
elif [[ $(ps -o command= $PPID) == *"--all"* ]]; then
fn-help-content
else
cat <<help_desc
$plugin_name, $plugin_description
help_desc
fi
}
fn-help-content() {
declare desc="return help content"
cat <<help_content
traefik:report [<app>] [<flag>], Displays an traefik report for one or more apps
traefik:set <app> <property> (<value>), Set or clear an traefik property for an app
traefik:show-config <app>, Display traefik compose config
traefik:start, Starts the traefik server
traefik:stop, Stops the traefik server
help_content
}

17
plugins/traefik-vhosts/install Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_CORE_AVAILABLE_PATH/common/property-functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
trigger-traefik-install() {
declare desc="installs the traefik plugin"
declare trigger="install"
mkdir -p "${DOKKU_LIB_ROOT}/data/traefik"
chown -R "${DOKKU_SYSTEM_USER}:${DOKKU_SYSTEM_GROUP}" "${DOKKU_LIB_ROOT}/data/traefik"
fn-plugin-property-setup "traefik"
}
trigger-traefik-install "$@"

89
plugins/traefik-vhosts/internal-functions Executable file
View File

@@ -0,0 +1,89 @@
#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_CORE_AVAILABLE_PATH/common/property-functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
fn-traefik-logs() {
declare desc="shows the logs for the traefik container"
declare TAIL="$1" NUM="$2"
local dokku_logs_args=("--tail" "$NUM")
if [[ "$TAIL" == "true" ]]; then
dokku_logs_args+=("--follow")
fi
"$DOCKER_BIN" logs traefik-traefik-1 "${dokku_logs_args[@]}"
}
fn-traefik-logs-usage() {
declare desc="logs specific usage"
echo "Usage: dokku traefik:logs"
echo " display recent traefik log output"
echo ""
echo " -n, --num NUM # the number of lines to display"
echo " -t, --tail # continually stream logs"
}
fn-traefik-template-compose-file() {
declare desc="templates out the compose file"
declare OUTPUT_PATH="$1"
local COMPOSE_TEMPLATE="$PLUGIN_AVAILABLE_PATH/traefik-vhosts/templates/compose.yml.sigil"
local basic_auth basic_auth_password basic_auth_username
CUSTOM_COMPOSE_TEMPLATE="$(plugn trigger traefik-template-source "$APP")"
if [[ -n "$CUSTOM_COMPOSE_TEMPLATE" ]]; then
COMPOSE_TEMPLATE="$CUSTOM_COMPOSE_TEMPLATE"
fi
basic_auth_password="$(fn-traefik-basic-auth-password)"
basic_auth_username="$(fn-traefik-basic-auth-username)"
if [[ -n "$basic_auth_password" ]] && [[ -n "$basic_auth_username" ]]; then
basic_auth="$(htpasswd -nb "$basic_auth_username" "$basic_auth_password" | sed -e s/\\$/\\$\\$/g)"
fi
local SIGIL_PARAMS=(TRAEFIK_API_ENABLED="$(fn-traefik-api-enabled)"
TRAEFIK_API_VHOST="$(fn-traefik-api-vhost)"
TRAEFIK_BASIC_AUTH="$basic_auth"
TRAEFIK_DASHBOARD_ENABLED="$(fn-traefik-dashboard-enabled)"
TRAEFIK_DATA_DIR="${DOKKU_LIB_ROOT}/data/traefik"
TRAEFIK_IMAGE="$(fn-traefik-image)"
TRAEFIK_LETSENCRYPT_EMAIL="$(fn-traefik-letsencrypt-email)"
TRAEFIK_LOG_LEVEL="$(fn-traefik-log-level)")
sigil -f "$COMPOSE_TEMPLATE" "${SIGIL_PARAMS[@]}" | cat -s >"$OUTPUT_PATH"
}
fn-traefik-api-enabled() {
fn-plugin-property-get-default "traefik" "--global" "api-enabled" "false"
}
fn-traefik-api-vhost() {
fn-plugin-property-get-default "traefik" "--global" "api-vhost" "traefik.dokku.me"
}
fn-traefik-basic-auth-password() {
fn-plugin-property-get-default "traefik" "--global" "basic-auth-password" ""
}
fn-traefik-basic-auth-username() {
fn-plugin-property-get-default "traefik" "--global" "basic-auth-username" ""
}
fn-traefik-dashboard-enabled() {
fn-plugin-property-get-default "traefik" "--global" "dashboard-enabled" "false"
}
fn-traefik-image() {
fn-plugin-property-get-default "traefik" "--global" "image" "traefik:v2.8"
}
fn-traefik-letsencrypt-email() {
fn-plugin-property-get-default "traefik" "--global" "letsencrypt-email" ""
}
fn-traefik-log-level() {
local log_level
log_level="$(fn-plugin-property-get-default "traefik" "--global" "log-level" "ERROR")"
echo "${log_level^^}"
}

4
plugins/traefik-vhosts/plugin.toml Normal file
View File

@@ -0,0 +1,4 @@
[plugin]
description = "dokku core traefik-vhosts plugin"
version = "0.27.10"
[plugin.config]

6
plugins/traefik-vhosts/subcommands/default Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_AVAILABLE_PATH/traefik-vhosts/help-functions"
cmd-traefik-help "traefik:help"

6
plugins/traefik-vhosts/subcommands/logs Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env bash
source "$PLUGIN_AVAILABLE_PATH/traefik-vhosts/command-functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
cmd-traefik-logs "$@"

6
plugins/traefik-vhosts/subcommands/report Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env bash
source "$PLUGIN_AVAILABLE_PATH/traefik-vhosts/command-functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
cmd-traefik-report "$@"

37
plugins/traefik-vhosts/subcommands/set Executable file
View File

@@ -0,0 +1,37 @@
#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_CORE_AVAILABLE_PATH/common/property-functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
cmd-traefik-set() {
declare desc="set or clear an traefik property for an app"
declare cmd="traefik:set"
[[ "$1" == "$cmd" ]] && shift 1
declare APP="$1" KEY="$2" VALUE="$3"
local VALID_KEYS=("api-enabled" "api-vhost" "dashboard-enabled" "basic-auth-username" "basic-auth-password" "image" "letsencrypt-email" "log-level")
local GLOBAL_KEYS=("api-enabled" "api-vhost" "dashboard"-enabled "basic-auth-username" "basic-auth-password" "image" "letsencrypt-email" "log-level")
[[ -z "$KEY" ]] && dokku_log_fail "No key specified"
if ! fn-in-array "$KEY" "${VALID_KEYS[@]}"; then
dokku_log_fail "Invalid key specified, valid keys include: api-enabled api-vhost dashboard-enabled basic-auth-username basic-auth-password image letsencrypt-email log-level"
fi
if ! fn-in-array "$KEY" "${GLOBAL_KEYS[@]}"; then
if [[ "$APP" == "--global" ]]; then
dokku_log_fail "The key '$KEY' cannot be set globally"
fi
verify_app_name "$APP"
fi
if [[ -n "$VALUE" ]]; then
dokku_log_info2_quiet "Setting ${KEY} to ${VALUE}"
fn-plugin-property-write "traefik" "$APP" "$KEY" "$VALUE"
else
dokku_log_info2_quiet "Unsetting ${KEY}"
fn-plugin-property-delete "traefik" "$APP" "$KEY"
fi
}
cmd-traefik-set "$@"

7
plugins/traefik-vhosts/subcommands/show-config Executable file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_AVAILABLE_PATH/traefik-vhosts/command-functions"
cmd-traefik-show-config "$@"

6
plugins/traefik-vhosts/subcommands/start Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_AVAILABLE_PATH/traefik-vhosts/command-functions"
cmd-traefik-start "$@"

6
plugins/traefik-vhosts/subcommands/stop Executable file
View File

@@ -0,0 +1,6 @@
#!/usr/bin/env bash
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_AVAILABLE_PATH/traefik-vhosts/command-functions"
cmd-traefik-stop "$@"

54
plugins/traefik-vhosts/templates/compose.yml.sigil Normal file
View File

@@ -0,0 +1,54 @@
---
version: "3.3"
services:
traefik:
image: "{{ $.TRAEFIK_IMAGE }}"
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --api={{ $.TRAEFIK_API_ENABLED }}
- --api.dashboard={{ $.TRAEFIK_DASHBOARD_ENABLED }}
- --log.level={{ $.TRAEFIK_LOG_LEVEL }}
- --log.format=json
{{ if $.TRAEFIK_LETSENCRYPT_EMAIL }}
- --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.leresolver.acme.email={{ $.TRAEFIK_LETSENCRYPT_EMAIL }}
- --certificatesresolvers.leresolver.acme.storage=/acme.json
- --certificatesresolvers.leresolver.acme.tlschallenge=true
{{ end }}
labels:
# Dashboard
- "traefik.http.routers.api.rule=Host(`{{ $.TRAEFIK_API_VHOST }}`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.entrypoints=web{{ if $.TRAEFIK_LETSENCRYPT_EMAIL }}secure{{ end }}"
- "traefik.http.routers.middlewares=auth"
{{ if $.TRAEFIK_BASIC_AUTH }}
- "traefik.http.middlewares.auth.basicauth.users={{ $.TRAEFIK_BASIC_AUTH }}"
{{ end }}
{{ if $.TRAEFIK_LETSENCRYPT_EMAIL }}
- "traefik.http.routers.api.tls.certresolver=leresolver"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
{{ end }}
network_mode: bridge
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "{{ $.TRAEFIK_DATA_DIR }}/traefik-acme.json:/acme.json"