traefik web 설정 파일 작성

docker/compose/gitea.yaml

@@ -1,4 +1,4 @@
-version: "3"
+version: "3.9"
 
 networks:
   net-public:
@@ -6,7 +6,7 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:1.18.0
+    image: gitea/gitea:latest
     container_name: gitea
     environment:
       - USER_UID=1000
@@ -16,6 +16,7 @@ services:
       - GITEA__database__NAME=gitea
       - GITEA__database__USER=gitea
       - GITEA__database__PASSWD=gitea
+      - GITEA__webhook__ALLOWED_HOST_LIST=*
     restart: always
     networks:
       - net-public
@@ -39,4 +40,28 @@ services:
     networks:
       - net-public
     volumes:
-      - /mnt/disk1/gitea/db:/var/lib/postgresql/data
+      - /mnt/disk1/gitea/db:/var/lib/postgresql/data
+
+#  runner:
+#    image: registry.smsoft.kro.kr/gitea/act_runner:latest
+#    restart: always
+#    container_name: gitea_runner
+#    environment:
+#      - CONFIG_FILE=/config/config.yml
+#      - GITEA_INSTANCE_URL=https://git.smsoft.kro.kr
+#      - GITEA_RUNNER_REGISTRATION_TOKEN=cAIObh78BmjdEGkeoT1GSjrV7CiNvjRDRqCmVT9M
+#    volumes:
+#      - /mnt/disk1/gitea/runner/config:/config
+#      - /mnt/disk1/gitea/runner/data:/data
+#      - /var/run/docker.sock:/var/run/docker.sock
+#      - /root/cert:/cert
+#    entrypoint: ["sh", "-c"]
+#    command:
+#      - |
+#        docker context create remote-prod --docker host=https://smsoft.kr:2376,ca=/cert/ca.pem,cert=/cert/cert.pem,key=/cert/key.pem
+#        docker context create remote-dev --docker host=tcp://10.10.20.20:2375
+#        /sbin/tini -- /opt/act/run.sh
+#    networks:
+#      - net-public
+#    depends_on:
+#      - server

traefik/digital-twin.yml

@@ -1,12 +0,0 @@
-http:
-  routers:
-    dt-rt:
-      entryPoints:
-        - "web"
-      rule: "Host(`dt.devsmsoft.kro.kr`)"
-      service: "dt-sv"
-  services:
-    dt-sv:
-      loadbalancer:
-        servers:
-          - url: "http://172.30.1.31:8101"

traefik/dynamic/streaming/db.yml

@@ -1,31 +1,31 @@
 tcp:
   routers:
-    db-smsoft-main-rt:
+    db-smsoft-main:
       entryPoints:
         - "db-smsoft-main"
       rule: "HostSNI(`*`)"
-      service: "db-smsoft-main-sc"
-    db-woori-ai-rt:
+      service: "db-smsoft-main"
+    db-woori-ai:
       entryPoints:
         - "db-woori-ai"
       rule: "HostSNI(`*`)"
-      service: "db-woori-ai-sc"
-    db-hynix-rt:
+      service: "db-woori-ai"
+    db-hynix:
       entryPoints:
         - "db-hynix"
       rule: "HostSNI(`*`)"
-      service: "db-hynix-sc"
+      service: "db-hynix"
 
   services:
-    db-smsoft-main-sc:
+    db-smsoft-main:
       loadbalancer:
         servers:
           - address: "10.10.20.81:3306"
-    db-woori-ai-sc:
+    db-woori-ai:
       loadbalancer:
         servers:
           - address: "10.10.20.81:3308"
-    db-hynix-sc:
+    db-hynix:
       loadbalancer:
         servers:
           - address: "10.10.20.81:1433"

traefik/dynamic/streaming/seal.yml

@@ -0,0 +1,22 @@
+tcp:
+  routers:
+    seal-subversion:
+      entryPoints:
+        - "seal-subversion"
+      rule: "HostSNI(`*`)"
+      service: "seal-subversion"
+    seal-db:
+      entryPoints:
+        - "seal-db"
+      rule: "HostSNI(`*`)"
+      service: "seal-db"
+
+  services:
+    seal-subversion:
+      loadbalancer:
+        servers:
+          - address: "10.10.20.100:3690"
+    seal-db:
+      loadbalancer:
+        servers:
+          - address: "10.10.20.100:1521"

traefik/dynamic/streaming/ssh.yml

@@ -1,58 +1,67 @@
 tcp:
   routers:
-    ssh-swarm-1-rt:
+    ssh-swarm-1:
       entryPoints:
         - "ssh-swarm-1"
       rule: "HostSNI(`*`)"
-      service: "ssh-swarm-1-sc"
-    ssh-swarm-2-rt:
+      service: "ssh-swarm-1"
+    ssh-swarm-2:
       entryPoints:
         - "ssh-swarm-2"
       rule: "HostSNI(`*`)"
-      service: "ssh-swarm-2-sc"
-    ssh-swarm-3-rt:
+      service: "ssh-swarm-2"
+    ssh-swarm-3:
       entryPoints:
         - "ssh-swarm-3"
       rule: "HostSNI(`*`)"
-      service: "ssh-swarm-3-sc"
-    ssh-gpu-sv-rt:
+      service: "ssh-swarm-3"
+    ssh-gpu-sv:
       entryPoints:
         - "ssh-gpu-sv"
       rule: "HostSNI(`*`)"
-      service: "ssh-gpu-sc"
-    ssh-dt-sv-rt:
+      service: "ssh-gpu"
+    ssh-dt-sv:
       entryPoints:
         - "ssh-dt-sv"
       rule: "HostSNI(`*`)"
-      service: "ssh-dt-sc"
-    ssh-db-sv-rt:
+      service: "ssh-dt"
+    ssh-db-sv:
       entryPoints:
         - "ssh-dt-sv"
       rule: "HostSNI(`*`)"
-      service: "ssh-db-sc"
+      service: "ssh-db"
+    ssh-cvat-sv:
+      entryPoints:
+        - "ssh-cvat-sv"
+      rule: "HostSNI(`*`)"
+      service: "ssh-cvat"
 
   services:
-    ssh-swarm-1-sc:
+    ssh-swarm-1:
       loadbalancer:
         servers:
           - address: "10.10.20.20:22"
-    ssh-swarm-2-sc:
+    ssh-swarm-2:
       loadbalancer:
         servers:
           - address: "10.10.20.21:22"
-    ssh-swarm-3-sc:
+    ssh-swarm-3:
       loadbalancer:
         servers:
           - address: "10.10.20.22:22"
-    ssh-gpu-sc:
+    ssh-gpu:
       loadbalancer:
         servers:
           - address: "10.10.20.30:22"
-    ssh-dt-sc:
+    ssh-dt:
       loadbalancer:
         servers:
           - address: "172.30.1.31:22"
-    ssh-db-sc:
+    ssh-db:
       loadbalancer:
         servers:
-          - address: "10.10.20.81:22"
+          - address: "10.10.20.81:22"
+    ssh-cvat:
+      loadbalancer:
+        servers:
+          - address: "10.10.20.23:22"

traefik/dynamic/streaming/web.yml

@@ -1,40 +1,40 @@
 tcp:
   routers:
-    aibface-landmark-rt:
+    aibface-landmark:
       entryPoints:
         - "aibface-landmark"
       rule: "HostSNI(`*`)"
-      service: "aibface-landmark-sc"
-    aibface-skin-rt:
+      service: "aibface-landmark"
+    aibface-skin:
       entryPoints:
         - "aibface-skin"
       rule: "HostSNI(`*`)"
-      service: "aibface-skin-sc"
-    kidsnote-site-rt:
+      service: "aibface-skin"
+    kidsnote-site:
       entryPoints:
         - "kidsnote-site"
       rule: "HostSNI(`*`)"
-      service: "kidsnote-site-sc"
-    narajangteo-site-rt:
+      service: "kidsnote-site"
+    narajangteo-site:
       entryPoints:
         - "narajangteo-site"
       rule: "HostSNI(`*`)"
-      service: "narajangteo-site-sc"
+      service: "narajangteo-site"
 
   services:
-    aibface-landmark-sc:
+    aibface-landmark:
       loadbalancer:
         servers:
           - address: "10.10.20.30:16000"
-    aibface-skin-sc:
+    aibface-skin:
       loadbalancer:
         servers:
           - address: "10.10.20.30:16001"
-    kidsnote-site-sc:
+    kidsnote-site:
       loadbalancer:
         servers:
           - address: "10.10.20.20:21437"
-    narajangteo-site-sc:
+    narajangteo-site:
       loadbalancer:
         servers:
           - address: "10.10.20.20:24012"

traefik/dynamic/web/aibface.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    aibface:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`aibface.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "aibface"
+  services:
+    aibface:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.20:9082"

traefik/dynamic/web/cvat.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    cvat:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`cvat.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "cvat"
+  services:
+    cvat:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.23:8080"

traefik/dynamic/web/digital-twin.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    digital-twin:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`dt.dev.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.dev.semyeongsoft.com"
+      service: "digital-twin"
+  services:
+    digital-twin:
+      loadbalancer:
+        servers:
+          - url: "http://172.30.1.31:8101"

traefik/dynamic/web/docker.yml

@@ -0,0 +1,33 @@
+http:
+  routers:
+    docker:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`docker.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "docker"
+    registry:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`registry.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "registry"
+  services:
+    docker:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.50:9000"
+    registry:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.50:5000"

traefik/dynamic/web/gitea.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    gitea:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`git.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "gitea"
+  services:
+    gitea:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.50:3000"

traefik/dynamic/web/hyhome.yml

@@ -0,0 +1,33 @@
+http:
+  routers:
+    home-admin:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`home-admin.dev.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.dev.semyeongsoft.com"
+      service: "home-admin"
+    home-web:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`home-web.dev.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.dev.semyeongsoft.com"
+      service: "home-web"
+  services:
+    home-admin:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.20:9080"
+    home-web:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.20:9081"

traefik/dynamic/web/jenkins.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    jenkins:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`jenkins.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "jenkins"
+  services:
+    jenkins:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.50:8080"

traefik/dynamic/web/nas.yml

@@ -0,0 +1,33 @@
+http:
+  routers:
+    nas-master:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`nas.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "nas-master"
+    nas-backup:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`nas-bk.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "nas-backup"
+  services:
+    nas-master:
+      loadbalancer:
+        servers:
+          - url: "https://211.243.12.175:8003"
+    nas-backup:
+      loadbalancer:
+        servers:
+          - url: "http://172.30.1.100:5000"

traefik/dynamic/web/nexus.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    nexus:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`nexus.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "nexus"
+  services:
+    nexus:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.50:8081"

traefik/dynamic/web/seal.yml

@@ -0,0 +1,63 @@
+http:
+  routers:
+    epa:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`epa.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "epa"
+    seal:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`seal.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "seal"
+    sld:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`sld.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "sld"
+    slr:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`slr.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "slr"
+  services:
+    epa:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.100:8088"
+    seal:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.100:8087"
+    sld:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.100:8089"
+    slr:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.100:8090"

traefik/dynamic/web/sign.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    sign:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`sign.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "sign"
+  services:
+    sign:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.20:21013"

traefik/dynamic/web/voice.yml

@@ -0,0 +1,18 @@
+http:
+  routers:
+    voice:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`voice.semyeongsoft.com`)"
+      tls:
+        certResolver: smsoft-dns-challenge
+        domains:
+          - main: "semyeongsoft.com"
+            sans:
+              - "*.semyeongsoft.com"
+      service: "voice"
+  services:
+    voice:
+      loadbalancer:
+        servers:
+          - url: "http://10.10.20.20:9801"

traefik/streaming-seal.yml

@@ -1,31 +0,0 @@
-tcp:
-  routers:
-    seal-subversion-rt:
-      entryPoints:
-        - "seal-subversion"
-      rule: "HostSNI(`*`)"
-      service: "seal-subversion-sc"
-    seal-rdp-rt:
-      entryPoints:
-        - "seal-rdp"
-      rule: "HostSNI(`*`)"
-      service: "seal-rdp-sc"
-    seal-db-rt:
-      entryPoints:
-        - "seal-db"
-      rule: "HostSNI(`*`)"
-      service: "seal-db-sc"
-
-  services:
-    seal-subversion-sc:
-      loadbalancer:
-        servers:
-          - address: "10.10.20.100:3690"
-    seal-rdp-sc:
-      loadbalancer:
-        servers:
-          - address: "10.10.20.100:3389"
-    seal-db-sc:
-      loadbalancer:
-        servers:
-          - address: "10.10.20.100:1521"

traefik/traefik.yml

@@ -16,6 +16,8 @@ entryPoints:
     address: ":10031"
   ssh-db-sv:
     address: ":10081"
+  ssh-cvat-sv:
+    address: ":10023"
   # database
   db-smsoft-main:
     address: ":10233"
@@ -26,8 +28,6 @@ entryPoints:
   # seal
   seal-subversion:
     address: ":11369"
-  seal-rdp:
-    address: ":11389"
   seal-db:
     address: ":11521"
   # aibface
@@ -46,5 +46,22 @@ providers:
     directory: /etc/traefik/dynamic
     watch: true
 
+certificatesResolvers:
+  smsoft-dns-challenge:
+    acme:
+      email: daero2120@gmail.com
+      storage: /etc/traefik/acme.json
+      dnsChallenge:
+        provider: cloudflare
+
+log:
+  level: info
+  format: json
+  filePath: /etc/traefik/log/traefik.log
+
+accessLog:
+  format: json
+  filePath: /etc/traefik/log/access.log
+
 api:
   dashboard: true