Blog Marcina Bojko

Linux,Windows,serwer, i tak dalej ;)

Posts Tagged ‘linux

Packer Hyper-V support for CentOS 8.1 is here

leave a comment »

Written by marcinbojko

22 kwietnia, 2020 at 19:22

Napisane w work

Tagged with , , , , ,

Traefik 2.2 + docker-compose – easy start.

leave a comment »

Traefik (https://containo.us/traefik/) is a cloud-native router (or load-balancer) in our case. From the beginning it offers very easy integration with docker and docker-compose – just using simple objects like labels, instead of bulky and static configuration files.

So, why to use it?

  • cloud-ready (k8s/docker) support
  • easy configuration, separated on a static and dynamic part. Dynamic part can (as the name suggests) change dynamically and Traefik is first to react and adjust.
  • support for modern and intermediate cipher suites (TLS)
  • support for HTTP(S) Layer7 load balance, as well as TCP and UDP (Layer 4)
  • out of the box support for Let’s Encrypt – no need to reuse and worry about certbot
  • out of the box prometheus metrics support
  • docker/k8s friendly

In the attached example we’re going to use it to create a simple template (static traefik configuration) + dynamic, docker related config, which can be reused to any of your docker/docker-compose/swarm deployments.

Full example:

https://github.com/marcinbojko/docker101/tree/master/10-traefik22-grafana

traefik.yaml

global:
  checkNewVersion: false
log:
  level: DEBUG
  filePath: "/var/log/traefik/debug.log"
  format: json
accessLog:
  filePath: "/var/log/traefik/access.log"
  format: json
defaultEntryPoints:
   - http
   - https
api:
  dashboard: true
ping: {}
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
  file:
    filename: ./traefik.yml
    watch: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
  metrics:
    address: ":8082"
tls:
  certificates:
    - certFile: "/ssl/grafana.test-sp.develop.cert"
      keyFile: "/ssl/grafana.test-sp.develop.key"
  stores:
    default:
      defaultCertificate:
        certFile: "/ssl/grafana.test-sp.develop.cert"
        keyFile: "/ssl/grafana.test-sp.develop.key"
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
      sniStrict: true
metrics:
  prometheus:
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5
    entryPoint: metrics

In attached example we have basic configuration reacting on port 80 and 443, doing automatic redirection from 80 to 443, enabling modern cipher suites with HSTS.

Sp, how to attach and inform docker container to a configuration?

docker-compose

version: "3.7"
services:
  traefik:
    image: traefik:${TRAEFIK_TAG}
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8082:8082"
    networks:
      - front
      - back
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/etc/traefik.yml:/traefik.yml
      - ./traefik/ssl:/ssl
      - traefik_logs:/var/log/traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`$TRAEFIK_HOSTNAME`, `localhost`)"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
  grafana-xxl:
    restart: unless-stopped
    image: monitoringartist/grafana-xxl:${GRAFANA_TAG}
    expose:
     - "3000"
    volumes:
      - grafana_lib:/var/lib/grafana
      - grafana_log:/var/log/grafana
      - grafana_etc:/etc/grafana
      - ./grafana/provisioning:/usr/share/grafana/conf/provisioning
    networks:
      - back
    depends_on:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana-xxl-secure.entrypoints=https"
      - "traefik.http.routers.grafana-xxl-secure.rule=Host(`${GRAFANA_HOSTNAME}`,`*`)"
      - "traefik.http.routers.grafana-xxl-secure.tls=true"
      - "traefik.http.routers.grafana-xxl-secure.service=grafana-xxl"
      - "traefik.http.services.grafana-xxl.loadbalancer.server.port=3000"
      - "traefik.http.services.grafana-xxl.loadbalancer.healthcheck.path=/"
      - "traefik.http.services.grafana-xxl.loadbalancer.healthcheck.interval=10s"
      - "traefik.http.services.grafana-xxl.loadbalancer.healthcheck.timeout=5s"
    env_file: ./grafana/grafana.env

volumes:
  traefik_logs: {}
  traefik_acme: {}
  grafana_lib: {}
  grafana_log: {}
  grafana_etc: {}

networks:
  front:
    ipam:
      config:
        - subnet: 172.16.227.0/24
  back:
    ipam:
      config:
        - subnet: 172.16.226.0/24

Full example with Let’s Encrypt support:

https://github.com/marcinbojko/docker101/tree/master/11-traefik22-grafana-letsencrypt

Have fun!

Written by marcinbojko

21 kwietnia, 2020 at 19:47

Napisane w work

Tagged with , , ,

Vagrant boxes – feel free to use them

Written by marcinbojko

26 listopada, 2019 at 19:49

Napisane w work

Tagged with , , , , ,

Linux Mint Ansible playbook in version 1.1.9 for SysAdmin’s Day

Let’s include also Devops 😉

Let’s include also Devops 😉

https://github.com/marcinbojko/linux_mint

Written by marcinbojko

26 lipca, 2019 at 18:22

Napisane w work

Tagged with , , , , ,

Newest member in Packer’s family – Azure VM images with managed disks.

Written by marcinbojko

3 marca, 2019 at 17:29

Napisane w work

Tagged with , , , , ,

DevOps Linux Mint workstation – your simple ansible playbook.

Written by marcinbojko

14 stycznia, 2019 at 18:59

Napisane w open source, work

Tagged with , , ,

Simple Foreman Template (with Grafana Dashboard) for Zabbix 3.x

Small project, using trappers instead of zabbix-agent active mode. I wanted to have better control over the pushing layer and intervals.

https://github.com/marcinbojko/foreman-template

Written by marcinbojko

24 kwietnia, 2018 at 18:15

%d blogerów lubi to: