Compare commits
3 Commits
main
...
traefik-ke
| Author | SHA1 | Date | |
|---|---|---|---|
| e381ab181b | |||
| 594013bfa5 | |||
| 8a8e6e50fa |
56
.env
56
.env
@ -1,3 +1,55 @@
|
||||
# TRAEFIK ENVIRONMENTS VARS
|
||||
####################################################
|
||||
###################################################
|
||||
#### ####
|
||||
#### ENV ####
|
||||
#### ####
|
||||
###############################################
|
||||
##############################################
|
||||
|
||||
ACME_EMAIL=
|
||||
#############################################
|
||||
##############################################
|
||||
#### ####
|
||||
#### TRAEFIK ENV ####
|
||||
#### ####
|
||||
##################################################
|
||||
###################################################
|
||||
|
||||
ACME_EMAIL=
|
||||
DOMAIN=
|
||||
|
||||
#############################################
|
||||
##############################################
|
||||
#### ####
|
||||
#### KEYCLOAK ENV ####
|
||||
#### ####
|
||||
##################################################
|
||||
###################################################
|
||||
|
||||
DB_VENDOR=POSTGRES
|
||||
DB_ADDR=keycloak_db
|
||||
DB_DATABASE=postgresdb
|
||||
DB_USER=postgresuser
|
||||
DB_SCHEMA=public
|
||||
DB_PASSWORD=pa55w0rd
|
||||
KEYCLOAK_USER=admin
|
||||
KEYCLOAK_PASSWORD=5up3rPa55w0rd
|
||||
PROXY_ADDRESS_FORWARDING=true
|
||||
KEYCLOAK_WELCOME_THEME=keycloak
|
||||
KEYCLOAK_DEFAULT_THEME=keycloak
|
||||
KEYCLOAK_DOMAIN_USER=domain
|
||||
KEYCLOAK_DOMAIN_PASSWORD=password
|
||||
KEYCLOAK_DOMAIN_USER_FIRST_NAME=Administrateur
|
||||
KEYCLOAK_DOMAIN_USER_NAME=Technique
|
||||
KEYCLOAK_DOMAIN_USER_EMAIL=contact@lmail.com
|
||||
|
||||
#############################################
|
||||
##############################################
|
||||
#### ####
|
||||
#### KEYCLOAK DB ENV ####
|
||||
#### ####
|
||||
##################################################
|
||||
###################################################
|
||||
|
||||
POSTGRES_DB=postgresdb
|
||||
POSTGRES_USER=postgresuser
|
||||
POSTGRES_PASSWORD=pa55w0rd
|
||||
41
Dockerfile
Normal file
41
Dockerfile
Normal file
@ -0,0 +1,41 @@
|
||||
FROM golang:alpine as base
|
||||
#
|
||||
ARG TAG
|
||||
ARG SHA1
|
||||
ARG BUILD
|
||||
#
|
||||
ENV GITHUB_TAG ${TAG:-"dev"}
|
||||
ENV GITHUB_SHA1 ${SHA1:-""}
|
||||
ENV COMPILED ${BUILD:-"0"}
|
||||
ENV GIT_ORG=github.com/oneconcern
|
||||
ENV GIT_REPO=${GIT_ORG}/keycloak-gatekeeper
|
||||
# Release = "unreleased - dev"
|
||||
# Gitsha = "no gitsha provided"
|
||||
# Compiled = "0"
|
||||
ENV VERSIONING_FLAGS "-X ${GIT_REPO}/version.Release=${GITHUB_TAG} -X ${GIT_REPO}/version.Gitsha=${GITHUB_SHA1} -X ${GIT_REPO}/version.Compiled=${COMPILED}"
|
||||
|
||||
RUN mkdir -p /stage/data /stage/etc/ssl/certs &&\
|
||||
apk add --no-cache musl-dev gcc ca-certificates mailcap upx tzdata zip git &&\
|
||||
update-ca-certificates &&\
|
||||
cp /etc/ssl/certs/ca-certificates.crt /stage/etc/ssl/certs/ca-certificates.crt &&\
|
||||
cp /etc/mime.types /stage/etc/mime.types
|
||||
|
||||
WORKDIR /usr/share/zoneinfo
|
||||
RUN zip -r -0 /stage/zoneinfo.zip .
|
||||
|
||||
ADD go.mod /gatekeeper/go.mod
|
||||
ADD go.sum /gatekeeper/go.sum
|
||||
WORKDIR /gatekeeper
|
||||
RUN go mod download
|
||||
|
||||
ADD . /gatekeeper
|
||||
RUN LDFLAGS="-s -w -linkmode external -extldflags \"-static\" ${VERSIONING_FLAGS}" &&\
|
||||
go build -tags "nostores noforwarding" -o /stage/usr/bin/gatekeeper --ldflags "$LDFLAGS" .
|
||||
RUN upx /stage/usr/bin/gatekeeper
|
||||
|
||||
# Build the dist image
|
||||
FROM scratch
|
||||
COPY --from=base /stage /
|
||||
ENV ZONEINFO /zoneinfo.zip
|
||||
ENTRYPOINT [ "gatekeeper" ]
|
||||
CMD ["--help"]
|
||||
32
README.md
32
README.md
@ -1,35 +1,16 @@
|
||||
# TRAEFIK
|
||||
|
||||
Traefik est un applicatif pouvant servir de reverse proxy mappant les ports 80 et 443 de l'hôte et créant les routes vers les conteneurs avec leur certificats SSL.
|
||||
Cette branche vise à déployer un gatekeeper devant un service sans authentification afin de rediriger l'authentification vers une instance Keycloak via Traefik
|
||||
|
||||
## CONFIGURATION
|
||||
|
||||
- Modifier l'email pour les certificats HTTPS:
|
||||
```bash
|
||||
nano .env
|
||||
```
|
||||
- Pour ajouter un service à Traefik:
|
||||
```yml
|
||||
# MODIFIER DNS DANS CHAQUE LABELS APRES ROUTERS
|
||||
labels:
|
||||
# HTTP
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.whoami.entrypoints=web"
|
||||
# DNS
|
||||
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
|
||||
### KEYCLOAK
|
||||
|
||||
# HTTPS
|
||||
- traefik.http.routers.whoami-ssl.tls.certresolver=le
|
||||
- traefik.http.routers.whoami-ssl.entryPoints=websecure
|
||||
- traefik.http.routers.whoami-ssl.tls=true
|
||||
# DNS
|
||||
- traefik.http.routers.whoami-ssl.rule=Host(`whoami.localhost`)
|
||||
# SERVICE
|
||||
- traefik.http.routers.whoami-ssl.service=whoami
|
||||
```
|
||||
- Création du client ...
|
||||
|
||||
> Note: Les labels sont à ajouter dans le compose du service à rattacher à Traefik
|
||||
### GATEKEEPER
|
||||
|
||||
- Reporter le secret dans gatekeeper.conf ...
|
||||
|
||||
## UTILISATION
|
||||
|
||||
@ -40,4 +21,5 @@ docker-compose up -d
|
||||
|
||||
## DOCUMENTATION
|
||||
|
||||
> https://doc.traefik.io/traefik/
|
||||
> [Traefik](https://doc.traefik.io/traefik/)
|
||||
> [Keycloak](https://www.keycloak.org/documentation)
|
||||
|
||||
@ -1,12 +1,13 @@
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
|
||||
|
||||
# TRAEFIK
|
||||
traefik:
|
||||
image: traefik:v2.10
|
||||
container_name: traefik
|
||||
command:
|
||||
# For web ui traefik
|
||||
# For web ui traefik DEV
|
||||
- "--api.insecure=true"
|
||||
- "--providers.docker=true"
|
||||
- "--providers.docker.swarmmode=false"
|
||||
@ -23,7 +24,7 @@ services:
|
||||
ports:
|
||||
- "443:443"
|
||||
- "80:80"
|
||||
# The Web UI (enabled by --api.insecure=true)
|
||||
# The Web UI (enabled by --api.insecure=true) DEV
|
||||
- "8082:8080"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
@ -31,23 +32,32 @@ services:
|
||||
networks:
|
||||
traefik_net:
|
||||
|
||||
# CONTAINER EXEMPLE
|
||||
whoami:
|
||||
image: traefik/whoami
|
||||
container_name: whoami
|
||||
# GATE KEEPER
|
||||
keycloak-gatekeeper:
|
||||
image: keycloak-gatekeeper:1.0
|
||||
container_name: keycloak-gatekeeper
|
||||
build:
|
||||
context: .
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
|
||||
- "traefik.http.routers.whoami.entrypoints=web"
|
||||
|
||||
# HTTPS
|
||||
# - traefik.http.routers.whoami-ssl.rule=Host(`whoami.localhost`)
|
||||
# - traefik.http.routers.whoami-ssl.entryPoints=websecure
|
||||
# - traefik.http.routers.whoami-ssl.tls=true
|
||||
# - traefik.http.routers.whoami-ssl.service=whoami
|
||||
# - traefik.http.routers.whoami-ssl.tls.certresolver=le
|
||||
- "traefik.port=3000"
|
||||
- "traefik.frontend.rule=Host:service1.lab.com"
|
||||
- "traefik.protocol=http"
|
||||
restart: always
|
||||
networks:
|
||||
traefik_net:
|
||||
external_links:
|
||||
- traefik:auth.lab.com
|
||||
volumes:
|
||||
- ./keycloak-gatekeeper.conf:/etc/keycloak-gatekeeper.conf
|
||||
entrypoint:
|
||||
- /opt/keycloak-gatekeeper
|
||||
- --config=/etc/keycloak-gatekeeper.conf
|
||||
|
||||
|
||||
# NETWORKS
|
||||
networks:
|
||||
traefik_net:
|
||||
traefik_net:
|
||||
|
||||
# VOLUMES
|
||||
volumes:
|
||||
acme: {}
|
||||
Loading…
x
Reference in New Issue
Block a user
