diff --git a/socat/docker-compose.yaml b/socat/docker-compose.yaml index 6b320a4..9a03beb 100644 --- a/socat/docker-compose.yaml +++ b/socat/docker-compose.yaml @@ -54,6 +54,61 @@ services: # === 重新啟動策略 === restart: always # 容器異常退出時自動重啟 + # --- DS116 Bitwarden 主要代理服務 --- + ds116-bitwarden: + # === 容器基本設定 === + image: alpine/socat:latest # Alpine Linux + socat 工具 + container_name: socat_ds116_bitwarden + + # === Traefik 標籤設定 === + labels: + - "traefik.enable=true" # 啟用 Traefik 代理 + - "traefik.docker.network=traefik_vlan" # 指定網路 + + # --- HTTP 服務配置 --- + - "traefik.http.services.ds116-bitwarden.loadbalancer.server.scheme=http" # 服務協議為 HTTP + - "traefik.http.services.ds116-bitwarden.loadbalancer.server.port=52080" # 後端服務連接埠 52080 + + # --- HTTP 路由 (轉導至 HTTPS) --- + - "traefik.http.routers.ds116-bitwarden.entrypoints=http" # HTTP 入口點 + - "traefik.http.routers.ds116-bitwarden.rule=Host(`bitwarden.jsc.idv.me`)" # 域名規則 + - "traefik.http.routers.ds116-bitwarden.middlewares=https-redirect@docker" # 強制 HTTPS 轉導 + + # --- HTTPS 路由 --- + - "traefik.http.routers.ds116-bitwarden-tls.entrypoints=https" # HTTPS 入口點 + - "traefik.http.routers.ds116-bitwarden-tls.rule=Host(`bitwarden.jsc.idv.me`)" # 域名規則 + - "traefik.http.routers.ds116-bitwarden-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮 + - "traefik.http.routers.ds116-bitwarden-tls.service=ds116-bitwarden" # 指向服務 + - "traefik.http.routers.ds116-bitwarden-tls.tls=true" # 啟用 TLS + + # --- HTTPS 路由 (Let's Encrypt) --- + - "traefik.http.routers.ds116-bitwarden-letsencrypt.entrypoints=https" # HTTPS 入口點 + - "traefik.http.routers.ds116-bitwarden-letsencrypt.rule=Host(`bitwarden.jsc.idv.tw`)" # 域名規則 + - "traefik.http.routers.ds116-bitwarden-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮 + - "traefik.http.routers.ds116-bitwarden-letsencrypt.service=ds116-bitwarden" # 指向服務 + - "traefik.http.routers.ds116-bitwarden-letsencrypt.tls=true" # 啟用 TLS + - "traefik.http.routers.ds116-bitwarden-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書 + + # === 環境變數設定 === + environment: + TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8) + + # === 網路設定 === + networks: + - vlan # 使用 traefik_vlan 網路 + + # === Socat 代理指令 === + command: "-d -d tcp-listen:52080,reuseaddr,fork tcp:192.168.1.102:52080" # TCP 代理至 DS116 Bitwarden + + # === 日誌管理 === + logging: + driver: "json-file" # 使用 JSON 檔案記錄日誌 + options: + max-size: "1m" # 單一日誌檔案最大 1MB + + # === 重新啟動策略 === + restart: always # 容器異常退出時自動重啟 + # --- DS718 主要代理服務 --- ds718: # === 容器基本設定 === @@ -232,26 +287,26 @@ services: # --- HTTP 服務配置 --- - "traefik.http.services.ezbookkeeping.loadbalancer.server.scheme=http" # 服務協議為 HTTP - - "traefik.http.services.ezbookkeeping.loadbalancer.server.port=8080" # 後端服務連接埠 8080 + - "traefik.http.services.ezbookkeeping.loadbalancer.server.port=8080" # 後端服務連接埠 8080 # --- HTTP 路由 (轉導至 HTTPS) --- - - "traefik.http.routers.ezbookkeeping.entrypoints=http" # HTTP 入口點 + - "traefik.http.routers.ezbookkeeping.entrypoints=http" # HTTP 入口點 - "traefik.http.routers.ezbookkeeping.rule=Host(`ezbookkeeping.jsc.idv.me`)" # 域名規則 - - "traefik.http.routers.ezbookkeeping.middlewares=https-redirect@docker" # 強制 HTTPS 轉導 + - "traefik.http.routers.ezbookkeeping.middlewares=https-redirect@docker" # 強制 HTTPS 轉導 # --- HTTPS 路由 --- - - "traefik.http.routers.ezbookkeeping-tls.entrypoints=https" # HTTPS 入口點 + - "traefik.http.routers.ezbookkeeping-tls.entrypoints=https" # HTTPS 入口點 - "traefik.http.routers.ezbookkeeping-tls.rule=Host(`ezbookkeeping.jsc.idv.me`)" # 域名規則 - - "traefik.http.routers.ezbookkeeping-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮 - - "traefik.http.routers.ezbookkeeping-tls.service=ezbookkeeping" # 指向服務 - - "traefik.http.routers.ezbookkeeping-tls.tls=true" # 啟用 TLS + - "traefik.http.routers.ezbookkeeping-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮 + - "traefik.http.routers.ezbookkeeping-tls.service=ezbookkeeping" # 指向服務 + - "traefik.http.routers.ezbookkeeping-tls.tls=true" # 啟用 TLS # --- HTTPS 路由 (Let's Encrypt) --- - - "traefik.http.routers.ezbookkeeping-letsencrypt.entrypoints=https" # HTTPS 入口點 + - "traefik.http.routers.ezbookkeeping-letsencrypt.entrypoints=https" # HTTPS 入口點 - "traefik.http.routers.ezbookkeeping-letsencrypt.rule=Host(`ezbookkeeping.jsc.idv.tw`)" # 域名規則 - "traefik.http.routers.ezbookkeeping-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮 - - "traefik.http.routers.ezbookkeeping-letsencrypt.service=ezbookkeeping" # 指向服務 - - "traefik.http.routers.ezbookkeeping-letsencrypt.tls=true" # 啟用 TLS + - "traefik.http.routers.ezbookkeeping-letsencrypt.service=ezbookkeeping" # 指向服務 + - "traefik.http.routers.ezbookkeeping-letsencrypt.tls=true" # 啟用 TLS - "traefik.http.routers.ezbookkeeping-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書 # === 環境變數設定 === @@ -263,7 +318,7 @@ services: - vlan # 使用 traefik_vlan 網路 # === Socat 代理指令 === - command: "-d -d tcp-listen:8080,reuseaddr,fork tcp:192.168.30.222:8080" # TCP 代理至 ezBookkeeping + command: "-d -d tcp-listen:8080,reuseaddr,fork tcp:192.168.30.222:8080" # TCP 代理至 ezBookkeeping # === 日誌管理 === logging: @@ -365,7 +420,7 @@ services: - vlan # 使用 traefik_vlan 網路 # === Socat 代理指令 === - command: "-d -d tcp-listen:80,reuseaddr,fork tcp:192.168.30.254:80" # TCP 代理至 OpenWrt + command: "-d -d tcp-listen:80,reuseaddr,fork tcp:192.168.30.254:80" # TCP 代理至 OpenWrt # === 日誌管理 === logging: @@ -380,6 +435,6 @@ services: # Docker Networks 定義 # =============================================================== networks: - vlan: # Traefik 共用網路 + vlan: # Traefik 共用網路 name: traefik_vlan - external: true # 使用外部建立的網路 + external: true # 使用外部建立的網路