added meshcentral

added treafik

Composer/basic/docker-compose.yml

@@ -1,26 +1,78 @@
 version: "3.7"
 services:
-  # Ingress
-  caddy:
-    image: lucaslorentz/caddy-docker-proxy
+  traefik:
+    image: "traefik"
+    command:
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+      - --providers.docker
+      - --providers.docker.exposedByDefault=false
+      - --log.level=DEBUG
+      - --providers.docker.network=proxy
+      - --serversTransport.insecureSkipVerify=true 
+      - --api
+      #Lets Encrypt
+      - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+      - --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}
+      - --certificatesresolvers.letsencrypt.acme.storage=/acme.json
+      - --certificatesresolvers.letsencrypt.acme.tlschallenge=true
+      #Logging
+      - "--accesslog=true"
+      - "--accesslog.filePath=/logs/access.log"
     ports:
-      - 80:80
-      - 443:443
-    environment:
-      - CADDY_INGRESS_NETWORKS=caddy
+      - "80:80"
+      - "443:443"
     networks:
-      - caddy
+      - proxy
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-      - caddy_data:/data
-    restart: unless-stopped
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - "/var/run/docker.sock:/var/run/docker.sock:ro"
+      - "./data/letsencrypt/acme.json:/acme.json"
+      - ./data/logs/:/logs/
+    labels:
+      # Dashboard
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.rule=Host(`treafik.dev.mertens.digital`)"
+      - "traefik.http.routers.traefik.service=api@internal"
+      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      #- "traefik.http.routers.traefik.middlewares=authtraefik"
+      #- "traefik.http.middlewares.authtraefik.basicauth.users=user:$2a$12$zeG4z6/dM28JONNH54/jo.pZD0BUuzw0mbD0GFMQqe00lFYCPzKm." # user/password
+      
+      # global redirect to https
+      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
 
+      # middleware redirect
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+    restart: unless-stopped
   # Automatic Container Updates
   watchtower:
     image: containrrr/watchtower
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
   
+  whoami:
+    image:  traefik/whoami
+    command:
+       - --port=2001
+       - --name=test
+    ports:
+       - "2001:2001"
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami.entrypoints=websecure"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.dev.mertens.digital`)"
+      - "traefik.http.routers.whoami.tls=true"
+      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
+      - "traefik.http.services.whoami.loadbalancer.server.port=2001"
+
+
+
   # Cleanup unused Docker Container
   janitor:
     image: flaviostutz/docker-janitor
@@ -33,8 +85,5 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
 
 networks:
-  caddy:
-    external: true
-
-volumes:
-  caddy_data: {}
+  proxy:
+    external: true

Composer/meshcentral/README.MD

@@ -0,0 +1,41 @@
+Only working with this modified config File
+
+```
+{
+  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
+  "settings": {
+    "plugins":{"enabled": false},
+    "mongoDb": "mongodb://mongodbadmin:mongodbpasswd@mongodb:27017",
+    "cert": "mesh.dev.mertens.digital",
+    "_WANonly": true,
+    "_LANonly": true,
+    "_sessionKey": "MyReallySecretPassword1",
+    "port": 80,
+    "_aliasPort": 443,
+    "redirPort": 81,
+    "_redirAliasPort": 80,
+    "AgentPong": 300,
+    "TLSOffload": true,
+    "SelfUpdate": false,
+    "AllowFraming": false,
+    "WebRTC": false
+  },
+  "domains": {
+    "": {
+      "_title": "MyServer",
+      "_title2": "Servername",
+      "minify": true,
+      "NewAccounts": true,
+      "localSessionRecording": false,
+      "_userNameIsEmail": true,
+      "certUrl": "https://mesh.dev.mertens.digital:443"
+    }
+  },
+  "_letsencrypt": {
+    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
+    "_email": "myemail@mydomain.com",
+    "_names": "myserver.mydomain.com",
+    "production": false
+  }
+}
+```

Composer/meshcentral/docker-compose.yml

@@ -0,0 +1,54 @@
+version: '3'
+
+networks:
+  meshcentral-tier:
+    driver: bridge
+  proxy:
+    external: true
+
+services:
+  mongodb:
+    restart: always
+    container_name: mongodb
+    image: mongo:latest
+    env_file:
+      - .env
+    volumes:
+      # mongodb data-directory - A must for data persistence
+      - ./data/mongodb_data:/data/db
+    networks:
+      - meshcentral-tier
+
+  meshcentral:
+    restart: always
+    container_name: meshcentral
+    # use the official meshcentral container
+    image: ghcr.io/ylianst/meshcentral:latest
+    depends_on:
+      - mongodb
+    #ports:
+      # MeshCentral will moan and try everything not to use port 80, but you can also use it if you so desire, just change the config.json according to your needs
+      #- 443:443
+      #- 80:80
+    env_file:
+      - .env
+    volumes:
+      # config.json and other important files live here. A must for data persistence
+      - ./data/meshcentral/data:/opt/meshcentral/meshcentral-data
+      # where file uploads for users live
+      - ./data/meshcentral/user_files:/opt/meshcentral/meshcentral-files
+      # location for the meshcentral-backups - this should be mounted to an external storage
+      - ./data/meshcentral/backup:/opt/meshcentral/meshcentral-backups
+      # location for site customization files
+      - ./data/meshcentral/web:/opt/meshcentral/meshcentral-web
+    labels:
+      - 'traefik.enable=true'
+      - "traefik.http.routers.mesh.entrypoints=websecure"
+      - "traefik.http.routers.mesh.rule=Host(`mesh.dev.mertens.digital`)"
+      - "traefik.http.routers.mesh.tls=true"
+      - "traefik.http.routers.mesh.tls.certresolver=letsencrypt"
+      - "traefik.http.services.mesh.loadbalancer.server.port=80"
+      #- "traefik.http.services.mesh.loadbalancer.server.scheme=https" 
+    networks:
+      - meshcentral-tier
+      - proxy