bump to 1.55 / see changelog

commit 51e65a3
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 18:33:07 2018 -0500

    update changelog

commit 1b3fb66
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 18:29:37 2018 -0500

    readme update

commit ded9ba6
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 18:26:18 2018 -0500

    readme update

commit cb1ccb7
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 18:21:50 2018 -0500

    readme update

commit a8c6ff5
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 17:57:49 2018 -0500

    traefik

commit 64a454c
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 17:53:58 2018 -0500

    traefik

commit a694647
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 17:51:47 2018 -0500

    traefik

commit e8ca33d
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 17:48:33 2018 -0500

    traefik

commit f415876
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 17:44:35 2018 -0500

    traefik

commit 5e0445a
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 17:26:42 2018 -0500

    traefik with auth

commit 76d7d32
Author: Pascal Andy <[email protected]>
Date:   Mon Dec 17 17:19:42 2018 -0500

    traefik with auth

Signed-off-by: Pascal Andy <[email protected]>

Author: pascalandy

CHANGELOG.md

@@ -1,11 +1,14 @@
 
 # Changelog
 
+## 1.55
+- traefik is now using Authentification
+
 ## 1.54
-d2b3a5fa readme udpate
-bump to caddy 0.11.1
-bump to traefik 1.7.6
-remove static files for webapps
+- d2b3a5fa readme udpate
+- bump to caddy 0.11.1
+- bump to traefik 1.7.6
+- remove static files for webapps
 
 ## 1.53
 - Added portainer with its agent

traefik_stack5/README.md

@@ -1,14 +1,13 @@
 ## Introduction
 
-This docker stack will run many services (Traefik, Socat, Portainer, Nginx, Caddy, Whoami) in one simple copy-paste command. Please also refer the the [README](https://github.com/pascalandy/docker-stack-this/blob/master/README.md) at the root of this repo.
-
+This docker stack will run many services (Traefik (with Authentification), Socat, Portainer, Nginx, Caddy, Whoami) in one simple copy-paste command. Please also refer the the [README](https://github.com/pascalandy/docker-stack-this/blob/master/README.md) at the root of this repo.
 
 ## Start here
 1. Go to http://labs.play-with-docker.com/ 
 2. Create *one instance*. Wait for the node to provision
 3. Copy-paste:
 
-#### STABLE setup (recommanded)
+## Stable setup (recommanded)
 
 ```
 echo "CONFIGURE ENV_VAR" && \
@@ -25,11 +24,11 @@ cd "$ENV_MONOREPO" && \
 ./runup.sh;
 ```
 
-#### EDGE setup (not recommanded)
+#### Edge setup (NOT recommanded)
 
 ```
 echo "CONFIGURE ENV_VAR" && \
-ENV_EDGE_BRANCH="1.54";
+ENV_EDGE_BRANCH="1.55";
 ENV_MONOREPO="traefik_stack5";
 
 echo "Setup the stack" && \
@@ -42,64 +41,99 @@ cd "$ENV_MONOREPO" && \
 ./runup.sh;
 ```
 
-The script `runup.sh` will do the hard and deplo the stacks for us. Once deployed, you will see: 
+This will run `play-with-docker-setup.sh` and `runup.sh`. These scripts will do the hard of deploying the stacks for us.
 
 
 #### See your stacks
 
 ```
 $ docker stack ls
 
-NAME                SERVICES
-toolmonitor         1
-toolproxy           2
-toolweb             3
+NAME                SERVICES            ORCHESTRATOR
+toolgui             2                   Swarm
+toolproxy           2                   Swarm
+toolwebapp          4                   Swarm
 ```
 
 
 #### See your services
 
 ```
-$ docker service ls
-
-ID                  NAME                    MODE                REPLICAS            IMAGE                        PORTS
-q1oombe6uumc        toolmonitor_portainer   replicated          1/1                 portainer/portainer:1.15.5
-8k1ev71vqmdn        toolproxy_socat         replicated          1/1                 devmtl/socatproxy:1.0B
-uvcjqggv66pe        toolproxy_traefik       replicated          1/1                 traefik:1.5.0-rc2-alpine     *:80->80/tcp,*:8080->8080/tcp
-mgpw3g2301mg        toolweb_home            replicated          2/2                 abiosoft/caddy:0.10.10
-tim2vt8w9jzj        toolweb_who1            replicated          2/2                 nginx:1.13.7-alpine
-y1r259m435y5        toolweb_who2            replicated          2/2                 emilevauge/whoami:latest
+docker service ls
+
+ID                  NAME                MODE                REPLICAS            IMAGE                            PORTS
+ckqzv21zr7ox        toolgui_agent       global              1/1                 portainer/agent:latest
+pop0b3w13byv        toolgui_portainer   replicated          1/1                 portainer/portainer:latest
+q7sj4lhtvozp        toolproxy_socat     replicated          1/1                 devmtl/socatproxy:1.1
+lb3ztruy38lp        toolproxy_traefik   replicated          1/1                 traefik:1.7.6-alpine             *:80->80/tcp, *:443->443/tcp, *:8080->8080/tcp
+dl1mxwuwq1v5        toolwebapp_home     replicated          2/2                 abiosoft/caddy:0.11.1-no-stats
+72th62aghchk        toolwebapp_who1     replicated          2/2                 nginx:1.15-alpine
+ajdrevkyolv1        toolwebapp_who2     replicated          2/2                 emilevauge/whoami:latest
+x3nop1l52lok        toolwebapp_who3     replicated          2/2                 emilevauge/whoami:latest
 ```
 
 ## Confirm that your services (containers) are running
+
 1. When you see that all services are deployed, click on `80` to see the static landing page.
-2. From the same URL generated by play-with-docker, in the address bar of your browser, add `/who1/` or `/who2/` or `/portainer/` to access other services.
+2. From the same URL generated by play-with-docker, in the address bar of your browser, add `/who1/` or `/who2/` or `/who3/` or `/portainer/` to access other services.
+
 
+#### Full URL example
 
-#### Example
 ```
 http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/
 http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/who1/
 http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/who2/
+http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/who3/
 http://pwd10-0-7-3-80.host1.labs.play-with-docker.com/portainer/
 ```
 
 The container for the first URL is actually named `home`.
 
+
 #### Web apps details:
 - **/** = [caddy](https://github.com/pascalandy/caddy-securityheader)
 - **/who1/** = [caddy](https://github.com/pascalandy/caddy-securityheader)
 - **/who2/** = [whoami](https://hub.docker.com/r/emilevauge/whoami/)
 - **/portainer/** = [portainer](https://hub.docker.com/r/portainer/portainer/)
 
-Portainer requires a slash `/` at the end of the path. There is something to tweak with Traefik Labels in order for it to accept the proxy the request without the slash `/` at the end.
 
-#### About Caddy
+## How to acces Traefik
+
+![traefik](https://user-images.githubusercontent.com/6694151/50121682-86334d80-0227-11e9-8f25-93dd8714d306.jpg)
+
+
+#### Traefik password
+
+**user**: admin / **pass**: changethispass
+
+This password is encrypted in our configs `.configs/traefik.toml`
+
+To quickly generate yours with htpasswd, use my container:
+
+```
+docker run --rm -it devmtl/alpinefire:3.8-D sh -c 'htpasswd -Bbn admin changethispass'  
+``` 
+
+This will display:
+
+``` 
+admin:$2y$05$pAfipn3.brdHMI2eWGnYH.84XYqLozp1sUPi36/l54UAwv.zGLtNC
+```
+
+Insert this string in your `.configs/traefik.toml`.
+
+#### What is Traefik?
+
+[Traefik](https://docs.traefik.io/configuration/backends/docker/) is a powerful layer 7 reverse proxy. Once running, the proxy will give you access to many web apps. I think this is a solid use cases to understand how this reverse-proxy works.
+
+#### Traefik version 
+
+In `toolproxy.yml` look for something like `traefik:1.7.6`.
 
-I made a solid container out of it. See details:
-https://github.com/pascalandy/caddy-securityheader
+In some mono-repo I **my own traefik image**. Feel free to use the official images. It will not break anything.
 
-#### Anything special about this mono repo?
+#### Other stuff to know?
 
 - This stack does not use ACME (https://). ACME is a pain while developping … reaching limits, etc.
 - If you don’t want to use socat, checkout the monorepo `traefik-manager-noacme`
@@ -115,7 +149,6 @@ https://github.com/pascalandy/caddy-securityheader
 
 ![docker-stack-this-stack5_17](https://user-images.githubusercontent.com/6694151/49540848-1922ce00-f89f-11e8-9fdc-b6fce70825c8.jpg)
 
-
 ## All commands
 In the active path, just execute those bash-scripts:
 
@@ -125,24 +158,9 @@ In the active path, just execute those bash-scripts:
 
 **Bonus!** `./runctop.sh` is not a stack but a simple docker run to see the memory consumed by each containers.
 
-
-## What is Traefik?
-[Traefik](https://docs.traefik.io/configuration/backends/docker/) is a powerful layer 7 reverse proxy. Once running, the proxy will give you access to many web apps. I think this is a solid use cases to understand how this reverse-proxy works.
-
-
-#### Traefik version 
-In `toolproxy.yml` look for something like `traefik:1.7.4`.
-
-In some mono-repo I **my own traefik image**. Feel free to use the official images. It will not break anything.
-
-
-## Backlog
-Here is what’s missing to make this stack perfect?
+## ToDo
 
-- Secure traefik dashboard
 - Use SSL endpoints (ACME)
-- Fix the need to use a trailing slash `/` at the end of Portainer service
-
 
 ## Contributing
 
@@ -160,21 +178,7 @@ Thanks to the power of communities, this is where `1 + 1 = 3`.
 - View the **GNU** license information at https://github.com/pascalandy/GNU-GENERAL-PUBLIC-LICENSE
 - This Git repo is available at https://github.com/pascalandy/docker-stack-this
 
-
-## Author
-
-In the world of OSS (open source software) most people refer themselves as maintainers. The thing is… I hate this expression. It feels heavy and not fun. I much prefer author.
-
-
-#### Hosting
-
-Looking to **kick-start your website** (static page + a CMS) ? Take a look at [play-with-ghost](http://play-with-ghost.com/) (another project I shared). It allows you to see and edit websites made with **Ghost**. In short, you can try Ghost on the spot without having to sign up! Just use the dummy email & password provided.
-
-#### I’m looking for help
-
-If you have solid skills 🤓 with Docker Swarm, Linux bash and the gang and you’re looking to help a startup to launch a solid project, I would love to get to know you. Buzz me 👋 on Twitter [@askpascalandy](https://twitter.com/askpascalandy). You can see the things that are done and the things we have to do [here](http://firepress.org/blog/technical-challenges-we-are-facing-now/).
-
-I’m looking for bright and caring people to join this [journey](http://firepress.org/blog/tag/from-the-heart/) with me.
+## Keep in touch
 
 ```
  ____                     _      _              _
@@ -185,4 +189,6 @@ I’m looking for bright and caring people to join this [journey](http://firepre
                                                   |___/
 ```
 
-Shared by [Pascal Andy](https://pascalandy.com/blog/now/). Find me on [Twitter](https://twitter.com/askpascalandy).
+- Pascal Andy’s [« now page »](https://pascalandy.com/blog/now/)
+- Follow me on [Twitter](https://twitter.com/askpascalandy)
+- Find more Ghost Themes on [play-with-ghost.com](https://play-with-ghost.com/)

traefik_stack5/config_and_vars.sh

@@ -18,4 +18,4 @@ set -o pipefail         # Use last non-zero exit code in a pipeline
 # USE CAPITAL VARS to indicate this VAR comes from outside
 
 # Not used in docker-compose at the moment
-readonly TRAEFIK_IMG="traefik:1.7.5-alpine"
+echo "no vars here";

traefik_stack5/configs/acme.json

@@ -1,22 +1,27 @@
 defaultEntryPoints = ["http"]
 
 [entryPoints]
- [entryPoints.http]
- address = ":80"
-# compress = false
-#   [entryPoints.http.redirect]
-#      entryPoint = "https"
+  [entryPoints.dashboard]
+    address = ":8080"
+    [entryPoints.dashboard.auth]
+      [entryPoints.dashboard.auth.basic]
+        users = ["admin:$2y$05$pAfipn3.brdHMI2eWGnYH.84XYqLozp1sUPi36/l54UAwv.zGLtNC"]
+  [entryPoints.http]
+    address = ":80"
+#      [entryPoints.http.redirect]
+#        entryPoint = "https"
 #  [entryPoints.https]
-#  address = ":443"
-#    [entryPoints.https.tls]
-#      [[entryPoints.https.tls.certificates]]
-#      CertFile = "/etc/traefik/domain.com.cert"
-#      KeyFile = "/etc/traefik/domain.com.key"
+#    address = ":443"
+#      [entryPoints.https.tls]
+
+[api]
+entrypoint="dashboard"
 
 #[acme]
-#email = [email protected]"
-#storage = "/etc/traefik/acme.json"
+#email = "your_email@your_domain.net"
+#storage = "acme.json"
 #entryPoint = "https"
-#onDemand = true
-#OnHostRule = true
-#acmeLogging = true
+#caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
+#onHostRule = true
+#  [acme.httpChallenge]
+#  entryPoint = "http"

traefik_stack5/configs/traefik.toml

@@ -81,7 +81,7 @@ function main() {
 function goto_myscript() {
 
     # play-with-docker is ready
-    docker run --rm devmtl/figlet:1.0 lauching stacks; sleep 2; echo;
+    docker run --rm devmtl/figlet:1.0 Lauching stacks; sleep 2; echo;
 
     # Stop
     echo; echo "If existing, remove stacks: "
@@ -113,6 +113,7 @@ function goto_myscript() {
     echo "Start the stacks ...";
 
     # traefik
+    chmod 600 ./configs/acme.json
     docker stack deploy toolproxy -c toolproxy.yml;
     echo; sleep 1;
 

traefik_stack5/runup.sh

@@ -53,6 +53,8 @@ services:
     networks:
       - ntw_front
       - ntw_proxy
+    volumes:
+      - ./configs/acme.json:/acme.json
     configs:
       - source: traefik.toml
         target: /etc/traefik/traefik.toml
@@ -63,7 +65,6 @@ services:
       --docker.watch \
       --debug=true \
       --logLevel=WARN \
-      --web \
       --web.metrics.prometheus \
       --web.metrics.prometheus.buckets="0.1,0.3,1.2,5.0" \
       --web.address=:8080
@@ -89,10 +90,6 @@ services:
         - "traefik.enable=true"
         - "traefik.logLevel=DEBUG"
         - "traefik.port=8080"
-        - "traefik.passHostHeader=true"
-        - "traefik.frontend.entryPoints=http"
-        - "traefik.backend.loadbalancer.method=wrr"
-        - "traefik.backend.loadbalancer.swarm=true"
 
 
 # by Pascal Andy | https://pascalandy.com/