From ade43e2369cdc8498e6424f183a84612792f8cfb Mon Sep 17 00:00:00 2001
From: phil <phil@dell-ph.home>
Date: Sun, 29 Jan 2023 23:35:26 +0100
Subject: [PATCH] modif nxc ok avec TLS

---
 docker-traefik-nextcloud/Vagrantfile          |  93 +---------
 .../provision/docker-compose.yml              |  82 +++++++++
 docker-traefik-nextcloud/provision/setup.sh   | 161 ++++++++++++++++++
 3 files changed, 246 insertions(+), 90 deletions(-)
 create mode 100644 docker-traefik-nextcloud/provision/docker-compose.yml
 create mode 100644 docker-traefik-nextcloud/provision/setup.sh

diff --git a/docker-traefik-nextcloud/Vagrantfile b/docker-traefik-nextcloud/Vagrantfile
index b66861a..0b552d2 100644
--- a/docker-traefik-nextcloud/Vagrantfile
+++ b/docker-traefik-nextcloud/Vagrantfile
@@ -64,95 +64,8 @@ Vagrant.configure("2") do |config|
   # Enable provisioning with a shell script. Additional provisioners such as
   # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
   # documentation for more information about their specific syntax and use.
-   config.vm.provision "shell", inline: <<-SHELL
-     apt-get update
-     apt install -y wget curl git vim
-     if ! which docker ; then
-       curl -s -o getdocker.sh https://get.docker.com
-       bash getdocker.sh
-       gpasswd -a vagrant docker
-     fi
-     mkdir -p nextcloud && cd nextcloud
-cat > traefik.yml  <<-'EOT'
-version: '3'
-
-networks:
-  proxy:
-    external: true
-
-services:
-  reverse-proxy:
-    # The official v2 Traefik docker image
-    image: traefik:v2.9
-    container_name: traefik
-    # Enables the web UI and tells Traefik to listen to docker
-    command: --api.insecure=true --providers.docker
-    ports:
-      # The HTTP port
-      - "80:80"
-      # The Web UI (enabled by --api.insecure=true)
-      - "8080:8080"
-    volumes:
-      # So that Traefik can listen to the Docker events
-      - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-      - proxy
-
-'EOT'
-cat > nextcloud.yml  <<-'EOT'
-version: '2'
-
-volumes:
-  nextcloud:
-  db:
-
-networks:
-  proxy:
-    external: true
-  nxc:
-    external: false
-
-services:
-  db:
-    image: mariadb:10.5
-    container_name: db
-    restart: always
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    volumes:
-      - db:/var/lib/mysql
-    networks:
-      - nxc
-    environment:
-      - MYSQL_ROOT_PASSWORD=Azerty1+
-      - MYSQL_PASSWORD=Azerty1+
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-
-  app:
-    image: nextcloud
-    container_name: app
-    restart: always
-      #    ports:
-      #      - 8081:80
-    links:
-      - db
-    volumes:
-      - nextcloud:/var/www/html
-    networks:
-      - proxy
-      - nxc
-    labels:
-      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
-    environment:
-      - MYSQL_PASSWORD=Azerty1+
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-      - MYSQL_HOST=db
-'EOT'
-  docker network create proxy
-  docker compose -f traefik.yml up -d 
-  docker compose -f nextcloud.yml up -d 
-  ip -br a 
-   SHELL
+   config.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+   config.vm.provision "shell", path: "provision/setup.sh"
 end
 
diff --git a/docker-traefik-nextcloud/provision/docker-compose.yml b/docker-traefik-nextcloud/provision/docker-compose.yml
new file mode 100644
index 0000000..ee8d24f
--- /dev/null
+++ b/docker-traefik-nextcloud/provision/docker-compose.yml
@@ -0,0 +1,82 @@
+version: '3'
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+  
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+    ports:
+      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+#      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.tls=true"
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+        #      - "traefik.http.routers.app.entrypoints=websecure"
+        #      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.service=app-service"
+      - "traefik.http.services.app-service.loadbalancer.server.port=80"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+
+
diff --git a/docker-traefik-nextcloud/provision/setup.sh b/docker-traefik-nextcloud/provision/setup.sh
new file mode 100644
index 0000000..41d4550
--- /dev/null
+++ b/docker-traefik-nextcloud/provision/setup.sh
@@ -0,0 +1,161 @@
+#!/bin/bash
+apt-get update
+apt-get install -y wget curl git vim
+if ! which docker ; then
+   curl -s -o getdocker.sh https://get.docker.com
+   bash getdocker.sh
+   gpasswd -a vagrant docker
+fi
+mkdir -p nextcloud && cd nextcloud
+wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
+chmod +x mkcert
+mv mkcert /usr/local/bin
+sudo apt-get install -y libnss3-tools
+mkdir certs config
+mkcert -install
+mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem "mon.nxc" "*.mon.nxc"
+cat > traefik.yml  <<EOT
+version: '3'
+
+networks:
+  proxy:
+    external: true
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+EOT
+
+cat > ./config/static.yml <<EOT
+global:
+  sendAnonymousUsage: false
+api:
+  dashboard: true
+  insecure: true
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    watch: true
+    exposedByDefault: false
+  file:
+    filename: /etc/traefik/dynamic.yml
+    watch: true
+
+log:
+  level: INFO
+  format: common
+
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+EOT
+
+cat > ./config/dynamic.yml <<EOT
+http:
+  routers:
+    traefik:
+      rule: "Host(`traefik.docker.localhost`)"
+      service: "api@internal"
+      tls:
+        domains:
+          - main: "docker.localhost"
+            sans:
+              - "*.docker.localhost"
+          - main: "mon.nxc"
+            sans:
+              - "*.mon.nxc"
+
+tls:
+  certificates:
+    - certFile: "/etc/certs/local-cert.pem"
+      keyFile: "/etc/certs/local-key.pem"
+EOT
+
+
+cat > nextcloud.yml  <<'EOT'
+version: '2'
+
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+      #    ports:
+      #      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.tls=true"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+'EOT'
+
+docker network create proxy
+docker compose -f traefik.yml up -d 
+docker compose -f nextcloud.yml up -d 
+ip -br a 
+