Compare commits
11 Commits
1b10271ee6
...
舊環境
| Author | SHA1 | Date | |
|---|---|---|---|
| eb8b878206 | |||
| 28ca7238d9 | |||
| 5c8402ea2a | |||
| fd5d83bcde | |||
| f21ef8f018 | |||
| 2fef3ea9ff | |||
| 4bcb9ddf25 | |||
| ac86cd511c | |||
| 65bcca3fc5 | |||
| ac5a485b0a | |||
| 5497a058fe |
@@ -11,6 +11,8 @@ jobs:
|
||||
uses: actions/checkout@v4
|
||||
- name: 啟動 Traefik
|
||||
run: cd "${{ gitea.workspace }}/traefik" && docker compose up -d --build
|
||||
- name: 啟動 Socket CAT
|
||||
run: cd "${{ gitea.workspace }}/socat" && docker compose up -d
|
||||
- name: 重新啟動 Traefik
|
||||
run: cd "${{ gitea.workspace }}/traefik" && docker compose restart
|
||||
clear:
|
||||
|
||||
623
socat/docker-compose.yaml
Normal file
623
socat/docker-compose.yaml
Normal file
@@ -0,0 +1,623 @@
|
||||
services:
|
||||
# --- DS116 主要代理服務 ---
|
||||
ds116:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_ds116
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.ds116.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
||||
- "traefik.http.services.ds116.loadbalancer.server.port=5001" # 後端服務連接埠 5001
|
||||
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.ds116.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.ds116.rule=Host(`ds116.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ds116.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.ds116-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ds116-tls.rule=Host(`ds116.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ds116-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ds116-tls.service=ds116" # 指向服務
|
||||
- "traefik.http.routers.ds116-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- HTTPS 路由 (Let's Encrypt) ---
|
||||
- "traefik.http.routers.ds116-letsencrypt.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ds116-letsencrypt.rule=Host(`ds116.jsc.idv.tw`)" # 域名規則
|
||||
- "traefik.http.routers.ds116-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ds116-letsencrypt.service=ds116" # 指向服務
|
||||
- "traefik.http.routers.ds116-letsencrypt.tls=true" # 啟用 TLS
|
||||
- "traefik.http.routers.ds116-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:5001,reuseaddr,fork tcp:192.168.1.101:5001" # TCP 代理至 DS116
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- DS116 Bitwarden 主要代理服務 ---
|
||||
ds116-bitwarden:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_ds116_bitwarden
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.ds116-bitwarden.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
||||
- "traefik.http.services.ds116-bitwarden.loadbalancer.server.port=52080" # 後端服務連接埠 52080
|
||||
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.ds116-bitwarden.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.ds116-bitwarden.rule=Host(`bitwarden.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ds116-bitwarden.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.ds116-bitwarden-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ds116-bitwarden-tls.rule=Host(`bitwarden.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ds116-bitwarden-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ds116-bitwarden-tls.service=ds116-bitwarden" # 指向服務
|
||||
- "traefik.http.routers.ds116-bitwarden-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- HTTPS 路由 (Let's Encrypt) ---
|
||||
- "traefik.http.routers.ds116-bitwarden-letsencrypt.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ds116-bitwarden-letsencrypt.rule=Host(`bitwarden.jsc.idv.tw`)" # 域名規則
|
||||
- "traefik.http.routers.ds116-bitwarden-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ds116-bitwarden-letsencrypt.service=ds116-bitwarden" # 指向服務
|
||||
- "traefik.http.routers.ds116-bitwarden-letsencrypt.tls=true" # 啟用 TLS
|
||||
- "traefik.http.routers.ds116-bitwarden-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:52080,reuseaddr,fork tcp:192.168.1.102:52080" # TCP 代理至 DS116 Bitwarden
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- DS718 主要代理服務 ---
|
||||
ds718:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_ds718
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.ds718.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
||||
- "traefik.http.services.ds718.loadbalancer.server.port=5001" # 後端服務連接埠 5001
|
||||
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.ds718.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.ds718.rule=Host(`ds718.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ds718.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.ds718-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ds718-tls.rule=Host(`ds718.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ds718-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ds718-tls.service=ds718" # 指向服務
|
||||
- "traefik.http.routers.ds718-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- HTTPS 路由 (Let's Encrypt) ---
|
||||
- "traefik.http.routers.ds718-letsencrypt.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ds718-letsencrypt.rule=Host(`ds718.jsc.idv.tw`)" # 域名規則
|
||||
- "traefik.http.routers.ds718-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ds718-letsencrypt.service=ds718" # 指向服務
|
||||
- "traefik.http.routers.ds718-letsencrypt.tls=true" # 啟用 TLS
|
||||
- "traefik.http.routers.ds718-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:5001,reuseaddr,fork tcp:192.168.1.102:5001" # TCP 代理至 DS718
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- DS718 主要代理服務 ---
|
||||
flaresolverr:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_flaresolverr
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.flaresolverr.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
||||
- "traefik.http.services.flaresolverr.loadbalancer.server.port=8191" # 後端服務連接埠 5001
|
||||
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.flaresolverr.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.flaresolverr.rule=Host(`flaresolverr.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.flaresolverr.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.flaresolverr-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.flaresolverr-tls.rule=Host(`flaresolverr.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.flaresolverr-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.flaresolverr-tls.service=flaresolverr" # 指向服務
|
||||
- "traefik.http.routers.flaresolverr-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- HTTPS 路由 (Let's Encrypt) ---
|
||||
- "traefik.http.routers.flaresolverr-letsencrypt.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.flaresolverr-letsencrypt.rule=Host(`flaresolverr.jsc.idv.tw`)" # 域名規則
|
||||
- "traefik.http.routers.flaresolverr-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.flaresolverr-letsencrypt.service=flaresolverr" # 指向服務
|
||||
- "traefik.http.routers.flaresolverr-letsencrypt.tls=true" # 啟用 TLS
|
||||
- "traefik.http.routers.flaresolverr-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:8191,reuseaddr,fork tcp:192.168.1.203:8191" # TCP 代理至 DS718
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- DS718 主要代理服務 ---
|
||||
download:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_download
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.download.loadbalancer.server.scheme=http" # 服務協議為 HTTPS
|
||||
- "traefik.http.services.download.loadbalancer.server.port=5000" # 後端服務連接埠 5001
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.download.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.download.rule=Host(`download.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.download.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.download-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.download-tls.rule=Host(`download.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.download-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.download-tls.service=download" # 指向服務
|
||||
- "traefik.http.routers.download-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- HTTPS 路由 (Let's Encrypt) ---
|
||||
- "traefik.http.routers.download-letsencrypt.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.download-letsencrypt.rule=Host(`download.jsc.idv.tw`)" # 域名規則
|
||||
- "traefik.http.routers.download-letsencrypt.middlewares=gzip@docker,auth@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.download-letsencrypt.service=download" # 指向服務
|
||||
- "traefik.http.routers.download-letsencrypt.tls=true" # 啟用 TLS
|
||||
- "traefik.http.routers.download-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:5000,reuseaddr,fork tcp:192.168.1.203:5000" # TCP 代理至 DS718
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- DS718 主要代理服務 ---
|
||||
download-1:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_download_1
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 (負載平衡器設定) ---
|
||||
- "traefik.http.services.download.loadbalancer.server.scheme=http" # 服務協議為 HTTP (統一服務名稱)
|
||||
- "traefik.http.services.download.loadbalancer.server.port=5001" # 後端服務連接埠 80
|
||||
- "traefik.http.services.download.loadbalancer.healthcheck.path=/hangfire" # 健康檢查路徑
|
||||
- "traefik.http.services.download.loadbalancer.healthcheck.interval=30s" # 健康檢查間隔
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:5001,reuseaddr,fork tcp:192.168.1.203:5001" # TCP 代理至 DS718
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- DS718 主要代理服務 ---
|
||||
download-2:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_download_2
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 (負載平衡器設定) ---
|
||||
- "traefik.http.services.download.loadbalancer.server.scheme=http" # 服務協議為 HTTP (統一服務名稱)
|
||||
- "traefik.http.services.download.loadbalancer.server.port=5002" # 後端服務連接埠 5002
|
||||
- "traefik.http.services.download.loadbalancer.healthcheck.path=/hangfire" # 健康檢查路徑
|
||||
- "traefik.http.services.download.loadbalancer.healthcheck.interval=30s" # 健康檢查間隔
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:5002,reuseaddr,fork tcp:192.168.1.203:5002" # TCP 代理至 DS718
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- Proxmox VE 主要代理服務 ---
|
||||
pve:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_pve
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.pve.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
||||
- "traefik.http.services.pve.loadbalancer.server.port=8006" # 後端服務連接埠 8006
|
||||
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.pve.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.pve.rule=Host(`pve.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.pve.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.pve-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.pve-tls.rule=Host(`pve.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.pve-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.pve-tls.service=pve" # 指向服務
|
||||
- "traefik.http.routers.pve-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- HTTPS 路由 (Let's Encrypt) ---
|
||||
- "traefik.http.routers.pve-letsencrypt.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.pve-letsencrypt.rule=Host(`pve.jsc.idv.tw`)" # 域名規則
|
||||
- "traefik.http.routers.pve-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.pve-letsencrypt.service=pve" # 指向服務
|
||||
- "traefik.http.routers.pve-letsencrypt.tls=true" # 啟用 TLS
|
||||
- "traefik.http.routers.pve-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:8006,reuseaddr,fork tcp:192.168.1.202:8006" # TCP 代理至 Proxmox VE
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- Gitea 主要代理服務 ---
|
||||
gitea:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_gitea
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.gitea.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
||||
- "traefik.http.services.gitea.loadbalancer.server.port=3000" # 後端服務連接埠 3000
|
||||
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.gitea.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.gitea.rule=Host(`gitea.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.gitea.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.gitea-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.gitea-tls.rule=Host(`gitea.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.gitea-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.gitea-tls.service=gitea" # 指向服務
|
||||
- "traefik.http.routers.gitea-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- HTTPS 路由 (Let's Encrypt) ---
|
||||
- "traefik.http.routers.gitea-letsencrypt.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.gitea-letsencrypt.rule=Host(`gitea.jsc.idv.tw`)" # 域名規則
|
||||
- "traefik.http.routers.gitea-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.gitea-letsencrypt.service=gitea" # 指向服務
|
||||
- "traefik.http.routers.gitea-letsencrypt.tls=true" # 啟用 TLS
|
||||
- "traefik.http.routers.gitea-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:3000,reuseaddr,fork tcp:192.168.1.201:3000" # TCP 代理至 Gitea
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- ezBookkeeping 主要代理服務 ---
|
||||
ezbookkeeping:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_ezbookkeeping
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.ezbookkeeping.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
||||
- "traefik.http.services.ezbookkeeping.loadbalancer.server.port=8080" # 後端服務連接埠 8080
|
||||
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.ezbookkeeping.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.ezbookkeeping.rule=Host(`ezbookkeeping.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ezbookkeeping.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.ezbookkeeping-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ezbookkeeping-tls.rule=Host(`ezbookkeeping.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ezbookkeeping-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ezbookkeeping-tls.service=ezbookkeeping" # 指向服務
|
||||
- "traefik.http.routers.ezbookkeeping-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- HTTPS 路由 (Let's Encrypt) ---
|
||||
- "traefik.http.routers.ezbookkeeping-letsencrypt.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ezbookkeeping-letsencrypt.rule=Host(`ezbookkeeping.jsc.idv.tw`)" # 域名規則
|
||||
- "traefik.http.routers.ezbookkeeping-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ezbookkeeping-letsencrypt.service=ezbookkeeping" # 指向服務
|
||||
- "traefik.http.routers.ezbookkeeping-letsencrypt.tls=true" # 啟用 TLS
|
||||
- "traefik.http.routers.ezbookkeeping-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:8080,reuseaddr,fork tcp:192.168.30.222:8080" # TCP 代理至 ezBookkeeping
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- DS225+ 主要代理服務 ---
|
||||
ds225:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_ds225
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.ds225.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
||||
- "traefik.http.services.ds225.loadbalancer.server.port=5001" # 後端服務連接埠 5001
|
||||
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.ds225.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.ds225.rule=Host(`ds225.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ds225.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.ds225-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ds225-tls.rule=Host(`ds225.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.ds225-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ds225-tls.service=ds225" # 指向服務
|
||||
- "traefik.http.routers.ds225-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- HTTPS 路由 (Let's Encrypt) ---
|
||||
- "traefik.http.routers.ds225-letsencrypt.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.ds225-letsencrypt.rule=Host(`ds225.jsc.idv.tw`)" # 域名規則
|
||||
- "traefik.http.routers.ds225-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.ds225-letsencrypt.service=ds225" # 指向服務
|
||||
- "traefik.http.routers.ds225-letsencrypt.tls=true" # 啟用 TLS
|
||||
- "traefik.http.routers.ds225-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:5001,reuseaddr,fork tcp:192.168.30.253:5001" # TCP 代理至 DS225+
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# --- OpenWrt 主要代理服務 ---
|
||||
openwrt:
|
||||
# === 容器基本設定 ===
|
||||
image: alpine/socat:latest # Alpine Linux + socat 工具
|
||||
container_name: socat_openwrt
|
||||
|
||||
# === Traefik 標籤設定 ===
|
||||
labels:
|
||||
- "traefik.enable=true" # 啟用 Traefik 代理
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 服務配置 ---
|
||||
- "traefik.http.services.openwrt.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
||||
- "traefik.http.services.openwrt.loadbalancer.server.port=80" # 後端服務連接埠 80
|
||||
|
||||
# --- HTTP 路由 (轉導至 HTTPS) ---
|
||||
- "traefik.http.routers.openwrt.entrypoints=http" # HTTP 入口點
|
||||
- "traefik.http.routers.openwrt.rule=Host(`openwrt.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.openwrt.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
||||
|
||||
# --- HTTPS 路由 ---
|
||||
- "traefik.http.routers.openwrt-tls.entrypoints=https" # HTTPS 入口點
|
||||
- "traefik.http.routers.openwrt-tls.rule=Host(`openwrt.jsc.idv.me`)" # 域名規則
|
||||
- "traefik.http.routers.openwrt-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
||||
- "traefik.http.routers.openwrt-tls.service=openwrt" # 指向服務
|
||||
- "traefik.http.routers.openwrt-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
|
||||
# === Socat 代理指令 ===
|
||||
command: "-d -d tcp-listen:80,reuseaddr,fork tcp:192.168.30.254:80" # TCP 代理至 OpenWrt
|
||||
|
||||
# === 日誌管理 ===
|
||||
logging:
|
||||
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
||||
options:
|
||||
max-size: "1m" # 單一日誌檔案最大 1MB
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
|
||||
# ===============================================================
|
||||
# Docker Networks 定義
|
||||
# ===============================================================
|
||||
networks:
|
||||
vlan: # Traefik 共用網路
|
||||
name: traefik_vlan
|
||||
external: true # 使用外部建立的網路
|
||||
@@ -3,7 +3,7 @@
|
||||
# ===============================================================
|
||||
# 服務描述: Traefik 反向代理與負載平衡器
|
||||
# 建立日期: 2025-10-23
|
||||
# 更新日期: 2025-10-23
|
||||
# 更新日期: 2026-01-21
|
||||
# 版本: latest
|
||||
# 網路連接埠: 80 (HTTP), 443 (HTTPS)
|
||||
# 管理介面: traefik.jsc.idv.me
|
||||
@@ -17,6 +17,9 @@ services:
|
||||
image: traefik:latest
|
||||
container_name: traefik_server
|
||||
|
||||
# === 資源限制 ===
|
||||
mem_limit: 512m # 記憶體限制 512MB
|
||||
|
||||
# === 網路連接埠對應 ===
|
||||
ports:
|
||||
- "80:80" # HTTP 連接埠
|
||||
@@ -29,38 +32,38 @@ services:
|
||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||
|
||||
# --- HTTP 壓縮中介軟體 ---
|
||||
- "traefik.http.middlewares.gzip.compress=true"
|
||||
- "traefik.http.middlewares.gzip.compress=true" # 啟用 GZIP 壓縮
|
||||
|
||||
# --- Basic Auth 中介軟體 (共用) ---
|
||||
- "traefik.http.middlewares.auth.basicauth.users=jiantw83:$$apr1$$u.VU3c6O$$AfAxvklBJ4lelZw07o2g20"
|
||||
- "traefik.http.middlewares.auth.basicauth.users=jiantw83:$$apr1$$u.VU3c6O$$AfAxvklBJ4lelZw07o2g20" # 使用者: jiantw83
|
||||
|
||||
# --- HTTP 重導向中介軟體 ---
|
||||
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
|
||||
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https" # 重導向至 HTTPS
|
||||
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true" # 永久重導向 (301)
|
||||
|
||||
# --- Traefik 儀表板 HTTP 路由 ---
|
||||
- "traefik.http.routers.traefik-dashboard.entrypoints=http"
|
||||
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.jsc.idv.me`)"
|
||||
- "traefik.http.routers.traefik-dashboard.middlewares=https-redirect@docker"
|
||||
- "traefik.http.routers.traefik-dashboard.entrypoints=http" # 監聽 HTTP
|
||||
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.jsc.idv.me`)" # 主機名稱規則
|
||||
- "traefik.http.routers.traefik-dashboard.middlewares=https-redirect@docker" # 套用 HTTPS 重導向
|
||||
|
||||
# --- Traefik 儀表板 HTTPS 路由 ---
|
||||
- "traefik.http.routers.traefik-dashboard-tls.entrypoints=https"
|
||||
- "traefik.http.routers.traefik-dashboard-tls.rule=Host(`traefik.jsc.idv.me`)"
|
||||
- "traefik.http.routers.traefik-dashboard-tls.middlewares=gzip@docker"
|
||||
- "traefik.http.routers.traefik-dashboard-tls.service=dashboard@internal"
|
||||
- "traefik.http.routers.traefik-dashboard-tls.tls=true"
|
||||
- "traefik.http.routers.traefik-dashboard-tls.entrypoints=https" # 監聽 HTTPS
|
||||
- "traefik.http.routers.traefik-dashboard-tls.rule=Host(`traefik.jsc.idv.me`)" # 主機名稱規則
|
||||
- "traefik.http.routers.traefik-dashboard-tls.middlewares=gzip@docker" # 套用壓縮中介軟體
|
||||
- "traefik.http.routers.traefik-dashboard-tls.service=dashboard@internal" # 使用內建儀表板服務
|
||||
- "traefik.http.routers.traefik-dashboard-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# --- Traefik API HTTP 路由 ---
|
||||
- "traefik.http.routers.traefik-dashboard-api.entrypoints=http"
|
||||
- "traefik.http.routers.traefik-dashboard-api.rule=Host(`traefik.jsc.idv.me`)"
|
||||
- "traefik.http.routers.traefik-dashboard-api.middlewares=https-redirect@docker"
|
||||
- "traefik.http.routers.traefik-dashboard-api.entrypoints=http" # 監聽 HTTP
|
||||
- "traefik.http.routers.traefik-dashboard-api.rule=Host(`traefik.jsc.idv.me`)" # 主機名稱規則
|
||||
- "traefik.http.routers.traefik-dashboard-api.middlewares=https-redirect@docker" # 套用 HTTPS 重導向
|
||||
|
||||
# --- Traefik API HTTPS 路由 ---
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.entrypoints=https"
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.rule=Host(`traefik.jsc.idv.me`) && PathPrefix(`/api`)"
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.middlewares=gzip@docker"
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.service=api@internal"
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.tls=true"
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.entrypoints=https" # 監聽 HTTPS
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.rule=Host(`traefik.jsc.idv.me`) && PathPrefix(`/api`)" # 主機名稱 + 路徑規則
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.middlewares=gzip@docker" # 套用壓縮中介軟體
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.service=api@internal" # 使用內建 API 服務
|
||||
- "traefik.http.routers.traefik-dashboard-api-tls.tls=true" # 啟用 TLS
|
||||
|
||||
# === 環境變數設定 ===
|
||||
environment:
|
||||
@@ -68,7 +71,7 @@ services:
|
||||
|
||||
# === 資料持久化 ===
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro # Docker Socket (唯讀)
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro # Docker Socket (唯讀,用於監聽容器事件)
|
||||
|
||||
# === 健康檢查 ===
|
||||
healthcheck:
|
||||
@@ -84,7 +87,7 @@ services:
|
||||
|
||||
# === 網路設定 ===
|
||||
networks:
|
||||
- vlan # 使用 traefik_vlan 網路
|
||||
- vlan # 連接到 vlan 網路
|
||||
|
||||
# === Traefik 啟動參數 ===
|
||||
command:
|
||||
@@ -101,8 +104,8 @@ services:
|
||||
|
||||
# --- Docker 提供者設定 ---
|
||||
- "--providers.docker=true" # 啟用 Docker 提供者
|
||||
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
||||
- "--providers.file.directory=/etc/traefik/config"
|
||||
- "--providers.docker.endpoint=unix:///var/run/docker.sock" # Docker Socket 連接端點
|
||||
- "--providers.file.directory=/etc/traefik/config" # 檔案提供者配置目錄 (動態配置和憑證)
|
||||
- "--providers.docker.exposedbydefault=false" # 只路由有 traefik.enable=true 的服務
|
||||
|
||||
# --- 全域設定 ---
|
||||
@@ -110,12 +113,12 @@ services:
|
||||
- "--global.checknewversion=false" # 停用版本檢查
|
||||
|
||||
# --- Let's Encrypt 憑證設定 ---
|
||||
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
|
||||
- "--certificatesresolvers.letsencrypt.acme.email=jiantw83@yahoo.com"
|
||||
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/config/acme.json"
|
||||
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" # 使用 TLS Challenge 驗證
|
||||
- "--certificatesresolvers.letsencrypt.acme.email=jiantw83@yahoo.com" # ACME 註冊信箱
|
||||
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/config/acme.json" # 憑證存儲位置
|
||||
|
||||
# --- SSL 設定 ---
|
||||
- "--serverstransport.insecureskipverify=true" # 跳過 SSL 驗證
|
||||
- "--serverstransport.insecureskipverify=true" # 跳過後端服務 SSL 憑證驗證 (⚠️ 僅用於開發環境)
|
||||
|
||||
# === 重新啟動策略 ===
|
||||
restart: always # 容器異常退出時自動重啟
|
||||
@@ -124,4 +127,4 @@ services:
|
||||
# Docker Networks 定義
|
||||
# ===============================================================
|
||||
networks:
|
||||
vlan: # Traefik 專用網路
|
||||
vlan: # Traefik 專用網路 (完整名稱: traefik_vlan)
|
||||
Reference in New Issue
Block a user