diff --git a/docker/compose/gitea.yaml b/docker/compose/gitea.yaml index e1a6e46..7cb0478 100644 --- a/docker/compose/gitea.yaml +++ b/docker/compose/gitea.yaml @@ -1,4 +1,4 @@ -version: "3" +version: "3.9" networks: net-public: @@ -6,7 +6,7 @@ networks: services: server: - image: gitea/gitea:1.18.0 + image: gitea/gitea:latest container_name: gitea environment: - USER_UID=1000 @@ -16,6 +16,7 @@ services: - GITEA__database__NAME=gitea - GITEA__database__USER=gitea - GITEA__database__PASSWD=gitea + - GITEA__webhook__ALLOWED_HOST_LIST=* restart: always networks: - net-public @@ -39,4 +40,28 @@ services: networks: - net-public volumes: - - /mnt/disk1/gitea/db:/var/lib/postgresql/data \ No newline at end of file + - /mnt/disk1/gitea/db:/var/lib/postgresql/data + +# runner: +# image: registry.smsoft.kro.kr/gitea/act_runner:latest +# restart: always +# container_name: gitea_runner +# environment: +# - CONFIG_FILE=/config/config.yml +# - GITEA_INSTANCE_URL=https://git.smsoft.kro.kr +# - GITEA_RUNNER_REGISTRATION_TOKEN=cAIObh78BmjdEGkeoT1GSjrV7CiNvjRDRqCmVT9M +# volumes: +# - /mnt/disk1/gitea/runner/config:/config +# - /mnt/disk1/gitea/runner/data:/data +# - /var/run/docker.sock:/var/run/docker.sock +# - /root/cert:/cert +# entrypoint: ["sh", "-c"] +# command: +# - | +# docker context create remote-prod --docker host=https://smsoft.kr:2376,ca=/cert/ca.pem,cert=/cert/cert.pem,key=/cert/key.pem +# docker context create remote-dev --docker host=tcp://10.10.20.20:2375 +# /sbin/tini -- /opt/act/run.sh +# networks: +# - net-public +# depends_on: +# - server \ No newline at end of file diff --git a/traefik/digital-twin.yml b/traefik/digital-twin.yml deleted file mode 100644 index 9191ec4..0000000 --- a/traefik/digital-twin.yml +++ /dev/null @@ -1,12 +0,0 @@ -http: - routers: - dt-rt: - entryPoints: - - "web" - rule: "Host(`dt.devsmsoft.kro.kr`)" - service: "dt-sv" - services: - dt-sv: - loadbalancer: - servers: - - url: "http://172.30.1.31:8101" \ No newline at end of file diff --git a/traefik/streaming-db.yml b/traefik/dynamic/streaming/db.yml similarity index 68% rename from traefik/streaming-db.yml rename to traefik/dynamic/streaming/db.yml index 07db952..3f5a66f 100644 --- a/traefik/streaming-db.yml +++ b/traefik/dynamic/streaming/db.yml @@ -1,31 +1,31 @@ tcp: routers: - db-smsoft-main-rt: + db-smsoft-main: entryPoints: - "db-smsoft-main" rule: "HostSNI(`*`)" - service: "db-smsoft-main-sc" - db-woori-ai-rt: + service: "db-smsoft-main" + db-woori-ai: entryPoints: - "db-woori-ai" rule: "HostSNI(`*`)" - service: "db-woori-ai-sc" - db-hynix-rt: + service: "db-woori-ai" + db-hynix: entryPoints: - "db-hynix" rule: "HostSNI(`*`)" - service: "db-hynix-sc" + service: "db-hynix" services: - db-smsoft-main-sc: + db-smsoft-main: loadbalancer: servers: - address: "10.10.20.81:3306" - db-woori-ai-sc: + db-woori-ai: loadbalancer: servers: - address: "10.10.20.81:3308" - db-hynix-sc: + db-hynix: loadbalancer: servers: - address: "10.10.20.81:1433" \ No newline at end of file diff --git a/traefik/dynamic/streaming/seal.yml b/traefik/dynamic/streaming/seal.yml new file mode 100644 index 0000000..64d2074 --- /dev/null +++ b/traefik/dynamic/streaming/seal.yml @@ -0,0 +1,22 @@ +tcp: + routers: + seal-subversion: + entryPoints: + - "seal-subversion" + rule: "HostSNI(`*`)" + service: "seal-subversion" + seal-db: + entryPoints: + - "seal-db" + rule: "HostSNI(`*`)" + service: "seal-db" + + services: + seal-subversion: + loadbalancer: + servers: + - address: "10.10.20.100:3690" + seal-db: + loadbalancer: + servers: + - address: "10.10.20.100:1521" \ No newline at end of file diff --git a/traefik/streaming-ssh.yml b/traefik/dynamic/streaming/ssh.yml similarity index 59% rename from traefik/streaming-ssh.yml rename to traefik/dynamic/streaming/ssh.yml index 3a4efa0..6d2f67e 100644 --- a/traefik/streaming-ssh.yml +++ b/traefik/dynamic/streaming/ssh.yml @@ -1,58 +1,67 @@ tcp: routers: - ssh-swarm-1-rt: + ssh-swarm-1: entryPoints: - "ssh-swarm-1" rule: "HostSNI(`*`)" - service: "ssh-swarm-1-sc" - ssh-swarm-2-rt: + service: "ssh-swarm-1" + ssh-swarm-2: entryPoints: - "ssh-swarm-2" rule: "HostSNI(`*`)" - service: "ssh-swarm-2-sc" - ssh-swarm-3-rt: + service: "ssh-swarm-2" + ssh-swarm-3: entryPoints: - "ssh-swarm-3" rule: "HostSNI(`*`)" - service: "ssh-swarm-3-sc" - ssh-gpu-sv-rt: + service: "ssh-swarm-3" + ssh-gpu-sv: entryPoints: - "ssh-gpu-sv" rule: "HostSNI(`*`)" - service: "ssh-gpu-sc" - ssh-dt-sv-rt: + service: "ssh-gpu" + ssh-dt-sv: entryPoints: - "ssh-dt-sv" rule: "HostSNI(`*`)" - service: "ssh-dt-sc" - ssh-db-sv-rt: + service: "ssh-dt" + ssh-db-sv: entryPoints: - "ssh-dt-sv" rule: "HostSNI(`*`)" - service: "ssh-db-sc" + service: "ssh-db" + ssh-cvat-sv: + entryPoints: + - "ssh-cvat-sv" + rule: "HostSNI(`*`)" + service: "ssh-cvat" services: - ssh-swarm-1-sc: + ssh-swarm-1: loadbalancer: servers: - address: "10.10.20.20:22" - ssh-swarm-2-sc: + ssh-swarm-2: loadbalancer: servers: - address: "10.10.20.21:22" - ssh-swarm-3-sc: + ssh-swarm-3: loadbalancer: servers: - address: "10.10.20.22:22" - ssh-gpu-sc: + ssh-gpu: loadbalancer: servers: - address: "10.10.20.30:22" - ssh-dt-sc: + ssh-dt: loadbalancer: servers: - address: "172.30.1.31:22" - ssh-db-sc: + ssh-db: loadbalancer: servers: - - address: "10.10.20.81:22" \ No newline at end of file + - address: "10.10.20.81:22" + ssh-cvat: + loadbalancer: + servers: + - address: "10.10.20.23:22" \ No newline at end of file diff --git a/traefik/streaming-web.yml b/traefik/dynamic/streaming/web.yml similarity index 65% rename from traefik/streaming-web.yml rename to traefik/dynamic/streaming/web.yml index bf7579d..24b0694 100644 --- a/traefik/streaming-web.yml +++ b/traefik/dynamic/streaming/web.yml @@ -1,40 +1,40 @@ tcp: routers: - aibface-landmark-rt: + aibface-landmark: entryPoints: - "aibface-landmark" rule: "HostSNI(`*`)" - service: "aibface-landmark-sc" - aibface-skin-rt: + service: "aibface-landmark" + aibface-skin: entryPoints: - "aibface-skin" rule: "HostSNI(`*`)" - service: "aibface-skin-sc" - kidsnote-site-rt: + service: "aibface-skin" + kidsnote-site: entryPoints: - "kidsnote-site" rule: "HostSNI(`*`)" - service: "kidsnote-site-sc" - narajangteo-site-rt: + service: "kidsnote-site" + narajangteo-site: entryPoints: - "narajangteo-site" rule: "HostSNI(`*`)" - service: "narajangteo-site-sc" + service: "narajangteo-site" services: - aibface-landmark-sc: + aibface-landmark: loadbalancer: servers: - address: "10.10.20.30:16000" - aibface-skin-sc: + aibface-skin: loadbalancer: servers: - address: "10.10.20.30:16001" - kidsnote-site-sc: + kidsnote-site: loadbalancer: servers: - address: "10.10.20.20:21437" - narajangteo-site-sc: + narajangteo-site: loadbalancer: servers: - address: "10.10.20.20:24012" \ No newline at end of file diff --git a/traefik/dynamic/web/aibface.yml b/traefik/dynamic/web/aibface.yml new file mode 100644 index 0000000..34ab5a4 --- /dev/null +++ b/traefik/dynamic/web/aibface.yml @@ -0,0 +1,18 @@ +http: + routers: + aibface: + entryPoints: + - "websecure" + rule: "Host(`aibface.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "aibface" + services: + aibface: + loadbalancer: + servers: + - url: "http://10.10.20.20:9082" \ No newline at end of file diff --git a/traefik/dynamic/web/cvat.yml b/traefik/dynamic/web/cvat.yml new file mode 100644 index 0000000..a10dc8c --- /dev/null +++ b/traefik/dynamic/web/cvat.yml @@ -0,0 +1,18 @@ +http: + routers: + cvat: + entryPoints: + - "websecure" + rule: "Host(`cvat.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "cvat" + services: + cvat: + loadbalancer: + servers: + - url: "http://10.10.20.23:8080" \ No newline at end of file diff --git a/traefik/dynamic/web/digital-twin.yml b/traefik/dynamic/web/digital-twin.yml new file mode 100644 index 0000000..fd8d880 --- /dev/null +++ b/traefik/dynamic/web/digital-twin.yml @@ -0,0 +1,18 @@ +http: + routers: + digital-twin: + entryPoints: + - "websecure" + rule: "Host(`dt.dev.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.dev.semyeongsoft.com" + service: "digital-twin" + services: + digital-twin: + loadbalancer: + servers: + - url: "http://172.30.1.31:8101" \ No newline at end of file diff --git a/traefik/dynamic/web/docker.yml b/traefik/dynamic/web/docker.yml new file mode 100644 index 0000000..c13b2d8 --- /dev/null +++ b/traefik/dynamic/web/docker.yml @@ -0,0 +1,33 @@ +http: + routers: + docker: + entryPoints: + - "websecure" + rule: "Host(`docker.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "docker" + registry: + entryPoints: + - "websecure" + rule: "Host(`registry.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "registry" + services: + docker: + loadbalancer: + servers: + - url: "http://10.10.20.50:9000" + registry: + loadbalancer: + servers: + - url: "http://10.10.20.50:5000" \ No newline at end of file diff --git a/traefik/dynamic/web/gitea.yml b/traefik/dynamic/web/gitea.yml new file mode 100644 index 0000000..7caf513 --- /dev/null +++ b/traefik/dynamic/web/gitea.yml @@ -0,0 +1,18 @@ +http: + routers: + gitea: + entryPoints: + - "websecure" + rule: "Host(`git.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "gitea" + services: + gitea: + loadbalancer: + servers: + - url: "http://10.10.20.50:3000" \ No newline at end of file diff --git a/traefik/dynamic/web/hyhome.yml b/traefik/dynamic/web/hyhome.yml new file mode 100644 index 0000000..cab6e2b --- /dev/null +++ b/traefik/dynamic/web/hyhome.yml @@ -0,0 +1,33 @@ +http: + routers: + home-admin: + entryPoints: + - "websecure" + rule: "Host(`home-admin.dev.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.dev.semyeongsoft.com" + service: "home-admin" + home-web: + entryPoints: + - "websecure" + rule: "Host(`home-web.dev.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.dev.semyeongsoft.com" + service: "home-web" + services: + home-admin: + loadbalancer: + servers: + - url: "http://10.10.20.20:9080" + home-web: + loadbalancer: + servers: + - url: "http://10.10.20.20:9081" \ No newline at end of file diff --git a/traefik/dynamic/web/jenkins.yml b/traefik/dynamic/web/jenkins.yml new file mode 100644 index 0000000..d1cf68d --- /dev/null +++ b/traefik/dynamic/web/jenkins.yml @@ -0,0 +1,18 @@ +http: + routers: + jenkins: + entryPoints: + - "websecure" + rule: "Host(`jenkins.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "jenkins" + services: + jenkins: + loadbalancer: + servers: + - url: "http://10.10.20.50:8080" \ No newline at end of file diff --git a/traefik/dynamic/web/nas.yml b/traefik/dynamic/web/nas.yml new file mode 100644 index 0000000..77d463a --- /dev/null +++ b/traefik/dynamic/web/nas.yml @@ -0,0 +1,33 @@ +http: + routers: + nas-master: + entryPoints: + - "websecure" + rule: "Host(`nas.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "nas-master" + nas-backup: + entryPoints: + - "websecure" + rule: "Host(`nas-bk.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "nas-backup" + services: + nas-master: + loadbalancer: + servers: + - url: "https://211.243.12.175:8003" + nas-backup: + loadbalancer: + servers: + - url: "http://172.30.1.100:5000" \ No newline at end of file diff --git a/traefik/dynamic/web/nexus.yml b/traefik/dynamic/web/nexus.yml new file mode 100644 index 0000000..98496be --- /dev/null +++ b/traefik/dynamic/web/nexus.yml @@ -0,0 +1,18 @@ +http: + routers: + nexus: + entryPoints: + - "websecure" + rule: "Host(`nexus.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "nexus" + services: + nexus: + loadbalancer: + servers: + - url: "http://10.10.20.50:8081" \ No newline at end of file diff --git a/traefik/dynamic/web/seal.yml b/traefik/dynamic/web/seal.yml new file mode 100644 index 0000000..fcf61b0 --- /dev/null +++ b/traefik/dynamic/web/seal.yml @@ -0,0 +1,63 @@ +http: + routers: + epa: + entryPoints: + - "websecure" + rule: "Host(`epa.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "epa" + seal: + entryPoints: + - "websecure" + rule: "Host(`seal.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "seal" + sld: + entryPoints: + - "websecure" + rule: "Host(`sld.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "sld" + slr: + entryPoints: + - "websecure" + rule: "Host(`slr.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "slr" + services: + epa: + loadbalancer: + servers: + - url: "http://10.10.20.100:8088" + seal: + loadbalancer: + servers: + - url: "http://10.10.20.100:8087" + sld: + loadbalancer: + servers: + - url: "http://10.10.20.100:8089" + slr: + loadbalancer: + servers: + - url: "http://10.10.20.100:8090" \ No newline at end of file diff --git a/traefik/dynamic/web/sign.yml b/traefik/dynamic/web/sign.yml new file mode 100644 index 0000000..df0d875 --- /dev/null +++ b/traefik/dynamic/web/sign.yml @@ -0,0 +1,18 @@ +http: + routers: + sign: + entryPoints: + - "websecure" + rule: "Host(`sign.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "sign" + services: + sign: + loadbalancer: + servers: + - url: "http://10.10.20.20:21013" \ No newline at end of file diff --git a/traefik/dynamic/web/voice.yml b/traefik/dynamic/web/voice.yml new file mode 100644 index 0000000..bb13286 --- /dev/null +++ b/traefik/dynamic/web/voice.yml @@ -0,0 +1,18 @@ +http: + routers: + voice: + entryPoints: + - "websecure" + rule: "Host(`voice.semyeongsoft.com`)" + tls: + certResolver: smsoft-dns-challenge + domains: + - main: "semyeongsoft.com" + sans: + - "*.semyeongsoft.com" + service: "voice" + services: + voice: + loadbalancer: + servers: + - url: "http://10.10.20.20:9801" \ No newline at end of file diff --git a/traefik/streaming-seal.yml b/traefik/streaming-seal.yml deleted file mode 100644 index 12ead92..0000000 --- a/traefik/streaming-seal.yml +++ /dev/null @@ -1,31 +0,0 @@ -tcp: - routers: - seal-subversion-rt: - entryPoints: - - "seal-subversion" - rule: "HostSNI(`*`)" - service: "seal-subversion-sc" - seal-rdp-rt: - entryPoints: - - "seal-rdp" - rule: "HostSNI(`*`)" - service: "seal-rdp-sc" - seal-db-rt: - entryPoints: - - "seal-db" - rule: "HostSNI(`*`)" - service: "seal-db-sc" - - services: - seal-subversion-sc: - loadbalancer: - servers: - - address: "10.10.20.100:3690" - seal-rdp-sc: - loadbalancer: - servers: - - address: "10.10.20.100:3389" - seal-db-sc: - loadbalancer: - servers: - - address: "10.10.20.100:1521" \ No newline at end of file diff --git a/traefik/traefik.yml b/traefik/traefik.yml index 59a6d1c..194e550 100644 --- a/traefik/traefik.yml +++ b/traefik/traefik.yml @@ -16,6 +16,8 @@ entryPoints: address: ":10031" ssh-db-sv: address: ":10081" + ssh-cvat-sv: + address: ":10023" # database db-smsoft-main: address: ":10233" @@ -26,8 +28,6 @@ entryPoints: # seal seal-subversion: address: ":11369" - seal-rdp: - address: ":11389" seal-db: address: ":11521" # aibface @@ -46,5 +46,22 @@ providers: directory: /etc/traefik/dynamic watch: true +certificatesResolvers: + smsoft-dns-challenge: + acme: + email: daero2120@gmail.com + storage: /etc/traefik/acme.json + dnsChallenge: + provider: cloudflare + +log: + level: info + format: json + filePath: /etc/traefik/log/traefik.log + +accessLog: + format: json + filePath: /etc/traefik/log/access.log + api: dashboard: true \ No newline at end of file