Examples: Docker Swarm with Traefik and container build script.

Example files for setting a complete SNAC + Traefik v3 stack on Docker Swarm mode, including Let's Encrypt certificates, HTTP security headers, and caching of */s/* (SNAC static files) for 24 hours with souin. A script for building the SNAC container with Docker and optionally pushing it to a registry.
author: daltux 2025-09-04 19:00:34 -0300
committer: daltux 2025-09-04 19:00:34 -0300
commit: ffaa7aeb808c1db3594b5ad1989e20d2154d547c (patch)
tree: a2466245854438bff8c8d50d2db4b51d2cfc2cfe /examples/docker-swarm-traefik/traefik_config.yml
parent: Merge branch 'master' of https://codeberg.org/daltux/snac2 into docker_tzdata (diff)
download: snac2-ffaa7aeb808c1db3594b5ad1989e20d2154d547c.tar.gz
snac2-ffaa7aeb808c1db3594b5ad1989e20d2154d547c.tar.xz
snac2-ffaa7aeb808c1db3594b5ad1989e20d2154d547c.zip
1 files changed, 89 insertions, 0 deletions
diff --git a/examples/docker-swarm-traefik/traefik_config.yml b/examples/docker-swarm-traefik/traefik_config.yml
new file mode 100644
index 0000000..045408c
--- /dev/null
+++ b/examples/docker-swarm-traefik/traefik_config.yml
@@ -0,0 +1,89 @@
+---
+# Traefik main config file
+# e.g. /opt/docker/traefik/traefik_config.yml
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      encodeQuerySemicolons: true
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true
+  websecure:
+    address: ":443"
+    asDefault: true
+    http:
+      encodeQuerySemicolons: true
+      tls:
+        certResolver: letsencrypt
+    http2:
+      maxConcurrentStreams: 100
+    http3: {}
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: you@example.net
+      storage: "/acme/letsencrypt.json"
+      keyType: EC384
+      httpChallenge:
+        entryPoint: web
+#  buypass:
+#    acme:
+#      email: you@example.net
+#      caServer: "https://api.buypass.com/acme/directory"
+#      storage: "/acme/buypass.json"
+#      keyType: EC256
+#      certificatesDuration: 4320
+#      httpChallenge:
+#        entryPoint: web
+ocsp: {}
+tls:
+  stores:
+    default:
+      defaultGeneratedCert:
+        resolver: letsencrypt
+        domain:
+          main: snac.example.net
+          # sans:
+          #  - other.example.net
+          #  - another.example.net
+providers:
+  file:
+    directory: "/etc/traefik/dynamic"
+    watch: true
+  swarm:
+    network: "proxy"
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    watch: true
+    allowEmptyServices: true
+api:
+  dashboard: true
+  insecure: false
+  debug: false
+  disabledashboardad: true
+log:
+  level: "INFO"
+  filePath: "/var/log/server.log"
+accessLog:
+  filePath: "/var/log/traefik-access.log"
+  bufferingSize: 15
+  fields:
+    names:
+      StartUTC: "drop"
+experimental:
+  plugins:
+    souin:
+      moduleName: "github.com/darkweak/souin"
+      version: "v1.7.7"
author	daltux	2025-09-04 19:00:34 -0300
committer	daltux	2025-09-04 19:00:34 -0300
commit	ffaa7aeb808c1db3594b5ad1989e20d2154d547c (patch)
tree	a2466245854438bff8c8d50d2db4b51d2cfc2cfe /examples/docker-swarm-traefik/traefik_config.yml
parent	Merge branch 'master' of https://codeberg.org/daltux/snac2 into docker_tzdata (diff)
download	snac2-ffaa7aeb808c1db3594b5ad1989e20d2154d547c.tar.gz snac2-ffaa7aeb808c1db3594b5ad1989e20d2154d547c.tar.xz snac2-ffaa7aeb808c1db3594b5ad1989e20d2154d547c.zip

diff --git a/examples/docker-swarm-traefik/traefik_config.yml b/examples/docker-swarm-traefik/traefik_config.yml new file mode 100644 index 0000000..045408c --- /dev/null +++ b/examples/docker-swarm-traefik/traefik_config.yml
@@ -0,0 +1,89 @@
	1	---
	2	# Traefik main config file
	3	# e.g. /opt/docker/traefik/traefik_config.yml
	4
	5	entryPoints:
	6	web:
	7	address: ":80"
	8	http:
	9	encodeQuerySemicolons: true
	10	redirections:
	11	entryPoint:
	12	to: websecure
	13	scheme: https
	14	permanent: true
	15	websecure:
	16	address: ":443"
	17	asDefault: true
	18	http:
	19	encodeQuerySemicolons: true
	20	tls:
	21	certResolver: letsencrypt
	22	http2:
	23	maxConcurrentStreams: 100
	24	http3: {}
	25
	26	certificatesResolvers:
	27	letsencrypt:
	28	acme:
	29	email: you@example.net
	30	storage: "/acme/letsencrypt.json"
	31	keyType: EC384
	32	httpChallenge:
	33	entryPoint: web
	34	# buypass:
	35	# acme:
	36	# email: you@example.net
	37	# caServer: "https://api.buypass.com/acme/directory"
	38	# storage: "/acme/buypass.json"
	39	# keyType: EC256
	40	# certificatesDuration: 4320
	41	# httpChallenge:
	42	# entryPoint: web
	43
	44	ocsp: {}
	45
	46	tls:
	47	stores:
	48	default:
	49	defaultGeneratedCert:
	50	resolver: letsencrypt
	51	domain:
	52	main: snac.example.net
	53	# sans:
	54	# - other.example.net
	55	# - another.example.net
	56
	57	providers:
	58	file:
	59	directory: "/etc/traefik/dynamic"
	60	watch: true
	61	swarm:
	62	network: "proxy"
	63	endpoint: "unix:///var/run/docker.sock"
	64	exposedByDefault: false
	65	watch: true
	66	allowEmptyServices: true
	67
	68	api:
	69	dashboard: true
	70	insecure: false
	71	debug: false
	72	disabledashboardad: true
	73
	74	log:
	75	level: "INFO"
	76	filePath: "/var/log/server.log"
	77
	78	accessLog:
	79	filePath: "/var/log/traefik-access.log"
	80	bufferingSize: 15
	81	fields:
	82	names:
	83	StartUTC: "drop"
	84
	85	experimental:
	86	plugins:
	87	souin:
	88	moduleName: "github.com/darkweak/souin"
	89	version: "v1.7.7"