diff --git a/deploy/README.md b/deploy/README.md new file mode 100644 index 0000000..e7cf9f2 --- /dev/null +++ b/deploy/README.md @@ -0,0 +1,3 @@ +# Deploy + +Files that are used for deployment. diff --git a/deploy/aktienbot/.env.api b/deploy/aktienbot/.env.api new file mode 100644 index 0000000..81a2bf6 --- /dev/null +++ b/deploy/aktienbot/.env.api @@ -0,0 +1,16 @@ +BOT_API_KEY= +SECRET_KEY= + +MYSQL_USER= +MYSQL_PASSWORD= +MYSQL_HOST= +MYSQL_PORT= +MYSQL_DATABASE= + +BOT_EMAIL= +BOT_USERNAME= +BOT_PASSWORD= + +ADMIN_EMAIL= +ADMIN_USERNAME= +ADMIN_PASSWORD= diff --git a/deploy/aktienbot/.env.bot b/deploy/aktienbot/.env.bot new file mode 100644 index 0000000..c64cd3c --- /dev/null +++ b/deploy/aktienbot/.env.bot @@ -0,0 +1,3 @@ +BOT_API_KEY= +NEWS_API_KEY= +SECRET_KEY= diff --git a/deploy/aktienbot/docker-compose.yml b/deploy/aktienbot/docker-compose.yml new file mode 100644 index 0000000..f72ab3b --- /dev/null +++ b/deploy/aktienbot/docker-compose.yml @@ -0,0 +1,62 @@ +version: '3.7' + +services: + aktienbot_fe: + image: registry.flokaiser.com/aktienbot/frontend + labels: + traefik.enable: 'true' + traefik.http.routers.aktienbot_fe.rule: Host(`gruppe1.testsites.info`) + traefik.http.routers.aktienbot_fe.middlewares: secHeaders@file + traefik.http.routers.aktienbot_fe.priority: 40 + traefik.http.routers.aktienbot_fe.tls: true + traefik.http.routers.aktienbot_fe.tls.certresolver: myresolver + + aktienbot_api: + image: registry.flokaiser.com/aktienbot/api + labels: + traefik.enable: 'true' + traefik.http.routers.aktienbot_api.rule: Host(`gruppe1.testsites.info`) && PathPrefix(`/api`) + traefik.http.routers.aktienbot_api.middlewares: secHeaders@file + traefik.http.routers.aktienbot_api.priority: 50 + traefik.http.routers.aktienbot_api.tls: true + traefik.http.routers.aktienbot_api.tls.certresolver: myresolver + depends_on: + - mariadb + env_file: + - ${PWD}/.env.api + + aktienbot_bot: + image: registry.flokaiser.com/aktienbot/bot + env_file: + - ${PWD}/.env.bot + + mariadb: + image: mariadb + volumes: + - mariadb_data:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=sBvKtMY7ej9*dETatTtk#uRd5f*5wJYovfdDJDa& + + phpmyadmin: + image: phpmyadmin + environment: + - PMA_HOST=mariadb + - PMA_ABSOLUTE_URI=http://gruppe1.testsites.info/phpmyadmin/ + labels: + traefik.enable: true + traefik.http.routers.phpmyadmin.rule: Host(`gruppe1.testsites.info`) && PathPrefix(`/phpmyadmin`) + traefik.http.routers.phpmyadmin.middlewares: secHeaders@file + traefik.http.routers.phpmyadmin.priority: 50 + traefik.http.routers.phpmyadmin.middlewares: strip_phpmyadmin + traefik.http.routers.phpmyadmin.tls: true + traefik.http.routers.phpmyadmin.tls.certresolver: myresolver + + traefik.http.middlewares.strip_phpmyadmin.stripprefix.prefixes: /phpmyadmin + +networks: + default: + external: + name: net +volumes: + portainer_data: + mariadb_data: diff --git a/deploy/base/acme.json b/deploy/base/acme.json new file mode 100644 index 0000000..e69de29 diff --git a/deploy/base/docker-compose.yml b/deploy/base/docker-compose.yml new file mode 100644 index 0000000..6cd9531 --- /dev/null +++ b/deploy/base/docker-compose.yml @@ -0,0 +1,38 @@ +version: '3' + +services: + traefik: + image: traefik + ports: + - "80:80" + - "443:443" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${PWD}/traefik.toml:/etc/traefik/traefik.toml + - ${PWD}/traefik-dynamic.toml:/etc/traefik/traefik-dynamic.toml + - ${PWD}/acme.json:/etc/traefik/acme.json + - ${PWD}/access.log:/etc/traefik/access.log + + portainer: + image: portainer/portainer-ce + labels: + traefik.enable: true + traefik.http.routers.portainer.rule: Host(`gruppe1.testsites.info`) && PathPrefix(`/portainer`) + traefik.http.routers.portainer.priority: 50 + traefik.http.services.portainer.loadbalancer.server.port: 9000 + traefik.http.routers.portainer.middlewares: strip_portainer,secHeaders@file + traefik.http.routers.portainer.tls: true + traefik.http.routers.portainer.tls.certresolver: myresolver + + traefik.http.middlewares.strip_portainer.stripprefix.prefixes: /portainer + volumes: + - portainer_data:/data + - /var/run/docker.sock:/var/run/docker.sock + +networks: + default: + external: + name: net + +volumes: + portainer_data: diff --git a/deploy/base/traefik-dynamic.toml b/deploy/base/traefik-dynamic.toml new file mode 100644 index 0000000..731644f --- /dev/null +++ b/deploy/base/traefik-dynamic.toml @@ -0,0 +1,22 @@ +[tls.options] + [tls.options.default] + minVersion = "VersionTLS12" + cipherSuites = [ + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", + "TLS_AES_128_GCM_SHA256", + "TLS_AES_256_GCM_SHA384", + "TLS_CHACHA20_POLY1305_SHA256" + ] + curvePreferences = [ "CurveP521", "CurveP384" ] + sniStrict = true + +[http.middlewares.secHeaders.headers] + browserXssFilter = true + contentTypeNosniff = true + frameDeny = true + stsIncludeSubdomains = true + stsPreload = true + stsSeconds = 31_536_000 + customFrameOptionsValue = "SAMEORIGIN" diff --git a/deploy/base/traefik.toml b/deploy/base/traefik.toml new file mode 100644 index 0000000..d9c0177 --- /dev/null +++ b/deploy/base/traefik.toml @@ -0,0 +1,44 @@ +[log] + level = "INFO" + +[accessLog] + filePath = "/etc/traefik/access.log" + +[entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.web.forwardedHeaders] + insecure = true + + [entryPoints.web.http] + [entryPoints.web.http.redirections] + [entryPoints.web.http.redirections.entryPoint] + to = "web-secure" + scheme = "https" + + [entryPoints.web-secure] + address = ":443" + + [entryPoints.web-secure.forwardedHeaders] + insecure = true + + [entryPoints.websecure.http] + middlewares = ["secHeaders@file"] + +[api] + dashboard = true + insecure = true + +[providers.docker] + watch = true + exposedByDefault = false + +[providers.file] + filename = "/etc/traefik/traefik-dynamic.toml" + +[certificatesResolvers.myresolver.acme] + email = "inf20155@lehre.dhbw-stuttgart.de" + storage = "/etc/traefik/acme.json" + [certificatesResolvers.myresolver.acme.httpChallenge] + entryPoint = "web" \ No newline at end of file