#!/bin/bash
apt-get update
apt-get install -y wget curl git vim
if ! which docker ; then
curl -s -o getdocker.sh https://get.docker.com
bash getdocker.sh
gpasswd -a vagrant docker
fi
mkdir -p gitea && cd gitea
wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
chmod +x mkcert
mv mkcert /usr/local/bin
sudo apt-get install -y libnss3-tools
mkdir certs config
mkcert -install
mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem "gitea.local" "*.gitea.local"
cat > traefik.yml <<EOT
version: '3'
networks:
proxy:
external: true
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:latest
container_name: traefik
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker
ports:
# The HTTP port
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
# Map the static configuration into the container
- ./config/static.yml:/etc/traefik/traefik.yml:ro
# Map the dynamic configuration into the container
- ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
# Map the certificats into the container
- ./certs:/etc/certs:ro
networks:
- proxy
EOT
cat > ./config/static.yml <<EOT
global:
sendAnonymousUsage: false
api:
dashboard: true
insecure: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
watch: true
exposedByDefault: false
file:
filename: /etc/traefik/dynamic.yml
watch: true
log:
level: INFO
format: common
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
EOT
cat > ./config/dynamic.yml <<EOT
http:
routers:
traefik:
# rule: "Host(`traefik.docker.localhost`)"
rule: "Host(`gitea.local`)"
service: "api@internal"
tls:
domains:
- main: "docker.localhost"
sans:
- "*.docker.localhost"
- main: "gitea.local"
sans:
- "*.gitea.local"
tls:
certificates:
- certFile: "/etc/certs/local-cert.pem"
keyFile: "/etc/certs/local-key.pem"
EOT
cat > gitea.yml <<-'EOT'
version: '2'
volumes:
gitea:
db:
networks:
proxy:
external: true
app:
external: false
services:
db:
image: mariadb
container_name: db
restart: always
# command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes:
- db:/var/lib/mysql
networks:
- app
environment:
- MYSQL_ROOT_PASSWORD=Azerty1+
- MYSQL_PASSWORD=Azerty1+
- MYSQL_DATABASE=gitea
- MYSQL_USER=gitea
app:
image: gitea/gitea
container_name: app
restart: always
# ports:
# - 8081:80
#links:
depends_on:
- db
volumes:
- gitea:/var/www/html
networks:
- proxy
- app
labels:
- "traefik.enable=true"
- "traefik.http.routers.app.rule=Host(`gitea.local`)"
- "traefik.http.routers.app.tls=true"
- "traefik.http.services.app.loadbalancer.server.port=3000"
environment:
- MYSQL_PASSWORD=Azerty1+
- MYSQL_DATABASE=gitea
- MYSQL_USER=gitea
- MYSQL_HOST=db:3006
EOT
docker network create proxy
docker compose -f traefik.yml up -d
docker compose -f gitea.yml up -d
ip -br a