git
361d2dc87b
modified: default-environment.env modified: monitoring/mtls-bridge/docker-compose.yml modified: monitoring/node-red/data/context/00b02bbd01c91485/flow.json modified: monitoring/node-red/data/update-events.ndjson
49 lines
2.6 KiB
YAML
49 lines
2.6 KiB
YAML
services:
|
|
mtls-bridge:
|
|
profiles: ["monitoring", "all", "mtls-bridge"]
|
|
build:
|
|
context: ${PROJECT_ROOT}/monitoring/mtls-bridge
|
|
container_name: mtls-bridge
|
|
hostname: mtls-bridge.lan.ddnsgeek.com
|
|
restart: unless-stopped
|
|
environment:
|
|
- TARGET_URL=${MTLS_BRIDGE_TARGET_URL}
|
|
- CLIENT_CERT=${MTLS_BRIDGE_CLIENT_CERT}
|
|
- CLIENT_KEY=${MTLS_BRIDGE_CLIENT_KEY}
|
|
- TIMEOUT=${MTLS_BRIDGE_TIMEOUT}
|
|
- LOG_LEVEL=${MTLS_BRIDGE_LOG_LEVEL:-INFO}
|
|
- UPSTREAM_CA_CERT=${MTLS_BRIDGE_UPSTREAM_CA_CERT:-}
|
|
volumes:
|
|
- ${PROJECT_ROOT}/core/traefik/certs:/certs:ro
|
|
labels:
|
|
- "traefik.http.routers.mtls-bridge.rule=Host(`mtls-bridge.lan.ddnsgeek.com`)"
|
|
- "traefik.enable=true"
|
|
- "traefik.http.routers.mtls-bridge.entrypoints=websecure"
|
|
- "traefik.http.routers.mtls-bridge.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.mtls-bridge.middlewares=mtls-bridge-auth,mtls-bridge-cors"
|
|
- "traefik.http.middlewares.mtls-bridge-auth.basicauth.users=${MTLS_BRIDGE_BASIC_AUTH_USERS}"
|
|
- "traefik.http.routers.mtls-bridge-preflight.rule=Host(`mtls-bridge.lan.ddnsgeek.com`) && Method(`OPTIONS`)"
|
|
- "traefik.http.routers.mtls-bridge-preflight.entrypoints=websecure"
|
|
- "traefik.http.routers.mtls-bridge-preflight.tls.certresolver=myresolver"
|
|
- "traefik.http.routers.mtls-bridge-preflight.middlewares=mtls-bridge-cors"
|
|
- "traefik.http.routers.mtls-bridge-preflight.priority=100"
|
|
- "traefik.http.routers.mtls-bridge-preflight.service=mtls-bridge"
|
|
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolalloworiginlist=${MTLS_BRIDGE_CORS_ALLOW_ORIGIN}"
|
|
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowmethods=GET,POST,PUT,PATCH,DELETE,OPTIONS"
|
|
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowheaders=authorization,content-type,x-grafana-action,x-grafana-device-id"
|
|
- "traefik.http.middlewares.mtls-bridge-cors.headers.accesscontrolallowcredentials=true"
|
|
- "traefik.http.middlewares.mtls-bridge-cors.headers.addvaryheader=true"
|
|
- "io.portainer.accesscontrol.public"
|
|
# - "traefik.http.routers.searxng.middlewares=crowdsec@file,secHeaders@file,error-pages-middleware"
|
|
- "traefik.http.services.mtls-bridge.loadbalancer.server.port=8080"
|
|
- "traefik.docker.network=core_traefik"
|
|
healthcheck:
|
|
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080/health', timeout=3).read()"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
networks:
|
|
- monitor
|
|
- traefik
|