|
|
|
|
@@ -1,243 +1,440 @@
|
|
|
|
|
services:
|
|
|
|
|
# --- DS116 主要代理服務 ---
|
|
|
|
|
ds116:
|
|
|
|
|
# === 容器基本設定 ===
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
container_name: socat_ds116
|
|
|
|
|
|
|
|
|
|
# === Traefik 標籤設定 ===
|
|
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
|
|
|
|
|
# --- HTTP 服務配置 ---
|
|
|
|
|
- "traefik.http.services.ds116.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
|
|
|
|
- "traefik.http.services.ds116.loadbalancer.server.port=5001" # 後端服務連接埠 5001
|
|
|
|
|
|
|
|
|
|
# --- HTTP 路由 (轉導至 HTTPS) ---
|
|
|
|
|
- "traefik.http.routers.ds116.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.ds116.rule=Host(`ds116.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds116.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 ---
|
|
|
|
|
- "traefik.http.routers.ds116-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ds116-tls.rule=Host(`ds116.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds116-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ds116-tls.service=ds116" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ds116-tls.tls=true" # 啟用 TLS
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 (Let's Encrypt) ---
|
|
|
|
|
- "traefik.http.routers.ds116-letsencrypt.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ds116-letsencrypt.rule=Host(`ds116.jsc.idv.tw`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds116-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ds116-letsencrypt.service=ds116" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ds116-letsencrypt.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.ds116-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
|
|
|
|
|
|
|
|
|
# === 環境變數設定 ===
|
|
|
|
|
environment:
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
|
|
|
|
|
# === 網路設定 ===
|
|
|
|
|
networks:
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
|
|
|
|
|
# === Socat 代理指令 ===
|
|
|
|
|
command: "-d -d tcp-listen:5001,reuseaddr,fork tcp:192.168.1.101:5001" # TCP 代理至 DS116
|
|
|
|
|
|
|
|
|
|
# === 日誌管理 ===
|
|
|
|
|
logging:
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
options:
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
|
|
|
|
|
# === 重新啟動策略 ===
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
|
|
|
|
|
# --- DS116 Bitwarden 主要代理服務 ---
|
|
|
|
|
ds116-bitwarden:
|
|
|
|
|
# === 容器基本設定 ===
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
container_name: socat_ds116_bitwarden
|
|
|
|
|
|
|
|
|
|
# === Traefik 標籤設定 ===
|
|
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
|
|
|
|
|
# --- HTTP 服務配置 ---
|
|
|
|
|
- "traefik.http.services.ds116-bitwarden.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
|
|
|
|
- "traefik.http.services.ds116-bitwarden.loadbalancer.server.port=52080" # 後端服務連接埠 52080
|
|
|
|
|
|
|
|
|
|
# --- HTTP 路由 (轉導至 HTTPS) ---
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden.rule=Host(`bitwarden.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 ---
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-tls.rule=Host(`bitwarden.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-tls.service=ds116-bitwarden" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-tls.tls=true" # 啟用 TLS
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 (Let's Encrypt) ---
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-letsencrypt.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-letsencrypt.rule=Host(`bitwarden.jsc.idv.tw`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-letsencrypt.service=ds116-bitwarden" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-letsencrypt.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.ds116-bitwarden-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
|
|
|
|
|
|
|
|
|
# === 環境變數設定 ===
|
|
|
|
|
environment:
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
|
|
|
|
|
# === 網路設定 ===
|
|
|
|
|
networks:
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
|
|
|
|
|
# === Socat 代理指令 ===
|
|
|
|
|
command: "-d -d tcp-listen:52080,reuseaddr,fork tcp:192.168.1.102:52080" # TCP 代理至 DS116 Bitwarden
|
|
|
|
|
|
|
|
|
|
# === 日誌管理 ===
|
|
|
|
|
logging:
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
options:
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
|
|
|
|
|
# === 重新啟動策略 ===
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
|
|
|
|
|
# --- DS718 主要代理服務 ---
|
|
|
|
|
ds718:
|
|
|
|
|
# === 容器基本設定 ===
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
container_name: socat_ds718
|
|
|
|
|
|
|
|
|
|
# === Traefik 標籤設定 ===
|
|
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
|
|
|
|
|
# --- HTTP 服務配置 ---
|
|
|
|
|
- "traefik.http.services.ds718.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
|
|
|
|
- "traefik.http.services.ds718.loadbalancer.server.port=5001" # 後端服務連接埠 5001
|
|
|
|
|
|
|
|
|
|
# --- HTTP 路由 (轉導至 HTTPS) ---
|
|
|
|
|
- "traefik.http.routers.ds718.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.ds718.rule=Host(`ds718.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds718.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 ---
|
|
|
|
|
- "traefik.http.routers.ds718-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ds718-tls.rule=Host(`ds718.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds718-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ds718-tls.service=ds718" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ds718-tls.tls=true" # 啟用 TLS
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 (Let's Encrypt) ---
|
|
|
|
|
- "traefik.http.routers.ds718-letsencrypt.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ds718-letsencrypt.rule=Host(`ds718.jsc.idv.tw`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds718-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ds718-letsencrypt.service=ds718" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ds718-letsencrypt.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.ds718-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
|
|
|
|
|
|
|
|
|
# === 環境變數設定 ===
|
|
|
|
|
environment:
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
|
|
|
|
|
# === 網路設定 ===
|
|
|
|
|
networks:
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
|
|
|
|
|
# === Socat 代理指令 ===
|
|
|
|
|
command: "-d -d tcp-listen:5001,reuseaddr,fork tcp:192.168.1.102:5001" # TCP 代理至 DS718
|
|
|
|
|
|
|
|
|
|
# === 日誌管理 ===
|
|
|
|
|
logging:
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
options:
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
|
|
|
|
|
# === 重新啟動策略 ===
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
|
|
|
|
|
# --- Proxmox VE 主要代理服務 ---
|
|
|
|
|
pve:
|
|
|
|
|
# === 容器基本設定 ===
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
container_name: socat_pve
|
|
|
|
|
|
|
|
|
|
# === Traefik 標籤設定 ===
|
|
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
|
|
|
|
|
# --- HTTP 服務配置 ---
|
|
|
|
|
- "traefik.http.services.pve.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
|
|
|
|
- "traefik.http.services.pve.loadbalancer.server.port=8006" # 後端服務連接埠 8006
|
|
|
|
|
- "traefik.http.services.pve.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
|
|
|
|
- "traefik.http.services.pve.loadbalancer.server.port=8006" # 後端服務連接埠 8006
|
|
|
|
|
|
|
|
|
|
# --- HTTP 路由 (轉導至 HTTPS) ---
|
|
|
|
|
- "traefik.http.routers.pve.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.pve.rule=Host(`pve.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.pve.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
- "traefik.http.routers.pve.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.pve.rule=Host(`pve.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.pve.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 ---
|
|
|
|
|
- "traefik.http.routers.pve-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.pve-tls.rule=Host(`pve.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.pve-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.pve-tls.service=pve" # 指向服務
|
|
|
|
|
- "traefik.http.routers.pve-tls.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.pve-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.pve-tls.rule=Host(`pve.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.pve-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.pve-tls.service=pve" # 指向服務
|
|
|
|
|
- "traefik.http.routers.pve-tls.tls=true" # 啟用 TLS
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 (Let's Encrypt) ---
|
|
|
|
|
- "traefik.http.routers.pve-letsencrypt.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.pve-letsencrypt.rule=Host(`pve.jsc.idv.tw`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.pve-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.pve-letsencrypt.service=pve" # 指向服務
|
|
|
|
|
- "traefik.http.routers.pve-letsencrypt.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.pve-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
|
|
|
|
|
|
|
|
|
# === 環境變數設定 ===
|
|
|
|
|
environment:
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
|
|
|
|
|
# === 網路設定 ===
|
|
|
|
|
networks:
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
|
|
|
|
|
# === Socat 代理指令 ===
|
|
|
|
|
command: "-d -d tcp-listen:8006,reuseaddr,fork tcp:192.168.30.200:8006" # TCP 代理至 Proxmox VE
|
|
|
|
|
|
|
|
|
|
# === 日誌管理 ===
|
|
|
|
|
logging:
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
options:
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
|
|
|
|
|
# === 重新啟動策略 ===
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
|
|
|
|
|
# --- Gitea 主要代理服務 ---
|
|
|
|
|
gitea:
|
|
|
|
|
# === 容器基本設定 ===
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
container_name: socat_gitea
|
|
|
|
|
|
|
|
|
|
# === Traefik 標籤設定 ===
|
|
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
|
|
|
|
|
# --- HTTP 服務配置 ---
|
|
|
|
|
- "traefik.http.services.gitea.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
|
|
|
|
- "traefik.http.services.gitea.loadbalancer.server.port=3000" # 後端服務連接埠 3000
|
|
|
|
|
- "traefik.http.services.gitea.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
|
|
|
|
- "traefik.http.services.gitea.loadbalancer.server.port=3000" # 後端服務連接埠 3000
|
|
|
|
|
|
|
|
|
|
# --- HTTP 路由 (轉導至 HTTPS) ---
|
|
|
|
|
- "traefik.http.routers.gitea.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.gitea.rule=Host(`gitea.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.gitea.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
- "traefik.http.routers.gitea.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.gitea.rule=Host(`gitea.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.gitea.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 ---
|
|
|
|
|
- "traefik.http.routers.gitea-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.gitea-tls.rule=Host(`gitea.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.gitea-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.gitea-tls.service=gitea" # 指向服務
|
|
|
|
|
- "traefik.http.routers.gitea-tls.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.gitea-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.gitea-tls.rule=Host(`gitea.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.gitea-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.gitea-tls.service=gitea" # 指向服務
|
|
|
|
|
- "traefik.http.routers.gitea-tls.tls=true" # 啟用 TLS
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 (Let's Encrypt) ---
|
|
|
|
|
- "traefik.http.routers.gitea-letsencrypt.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.gitea-letsencrypt.rule=Host(`gitea.jsc.idv.tw`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.gitea-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.gitea-letsencrypt.service=gitea" # 指向服務
|
|
|
|
|
- "traefik.http.routers.gitea-letsencrypt.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.gitea-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
|
|
|
|
|
|
|
|
|
# === 環境變數設定 ===
|
|
|
|
|
environment:
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
|
|
|
|
|
# === 網路設定 ===
|
|
|
|
|
networks:
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
|
|
|
|
|
# === Socat 代理指令 ===
|
|
|
|
|
command: "-d -d tcp-listen:3000,reuseaddr,fork tcp:192.168.30.221:3000" # TCP 代理至 Gitea
|
|
|
|
|
|
|
|
|
|
# === 日誌管理 ===
|
|
|
|
|
logging:
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
options:
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
|
|
|
|
|
# === 重新啟動策略 ===
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
|
|
|
|
|
# --- ezBookkeeping 主要代理服務 ---
|
|
|
|
|
ezbookkeeping:
|
|
|
|
|
# === 容器基本設定 ===
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
container_name: socat_ezbookkeeping
|
|
|
|
|
|
|
|
|
|
# === Traefik 標籤設定 ===
|
|
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
|
|
|
|
|
# --- HTTP 服務配置 ---
|
|
|
|
|
- "traefik.http.services.ezbookkeeping.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
|
|
|
|
- "traefik.http.services.ezbookkeeping.loadbalancer.server.port=8080" # 後端服務連接埠 8080
|
|
|
|
|
- "traefik.http.services.ezbookkeeping.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
|
|
|
|
- "traefik.http.services.ezbookkeeping.loadbalancer.server.port=8080" # 後端服務連接埠 8080
|
|
|
|
|
|
|
|
|
|
# --- HTTP 路由 (轉導至 HTTPS) ---
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping.rule=Host(`ezbookkeeping.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping.rule=Host(`ezbookkeeping.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 ---
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.rule=Host(`ezbookkeeping.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.service=ezbookkeeping" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.rule=Host(`ezbookkeeping.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.service=ezbookkeeping" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-tls.tls=true" # 啟用 TLS
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 (Let's Encrypt) ---
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-letsencrypt.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-letsencrypt.rule=Host(`ezbookkeeping.jsc.idv.tw`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-letsencrypt.service=ezbookkeeping" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-letsencrypt.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.ezbookkeeping-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
|
|
|
|
|
|
|
|
|
# === 環境變數設定 ===
|
|
|
|
|
environment:
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
|
|
|
|
|
# === 網路設定 ===
|
|
|
|
|
networks:
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
|
|
|
|
|
# === Socat 代理指令 ===
|
|
|
|
|
command: "-d -d tcp-listen:8080,reuseaddr,fork tcp:192.168.30.222:8080" # TCP 代理至 ezBookkeeping
|
|
|
|
|
command: "-d -d tcp-listen:8080,reuseaddr,fork tcp:192.168.30.222:8080" # TCP 代理至 ezBookkeeping
|
|
|
|
|
|
|
|
|
|
# === 日誌管理 ===
|
|
|
|
|
logging:
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
options:
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
|
|
|
|
|
# === 重新啟動策略 ===
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
|
|
|
|
|
# --- DS225+ 主要代理服務 ---
|
|
|
|
|
ds225:
|
|
|
|
|
# === 容器基本設定 ===
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
container_name: socat_ds225
|
|
|
|
|
|
|
|
|
|
# === Traefik 標籤設定 ===
|
|
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
|
|
|
|
|
# --- HTTP 服務配置 ---
|
|
|
|
|
- "traefik.http.services.ds225.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
|
|
|
|
- "traefik.http.services.ds225.loadbalancer.server.port=5001" # 後端服務連接埠 5001
|
|
|
|
|
- "traefik.http.services.ds225.loadbalancer.server.scheme=https" # 服務協議為 HTTPS
|
|
|
|
|
- "traefik.http.services.ds225.loadbalancer.server.port=5001" # 後端服務連接埠 5001
|
|
|
|
|
|
|
|
|
|
# --- HTTP 路由 (轉導至 HTTPS) ---
|
|
|
|
|
- "traefik.http.routers.ds225.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.ds225.rule=Host(`ds225.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds225.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
- "traefik.http.routers.ds225.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.ds225.rule=Host(`ds225.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds225.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 ---
|
|
|
|
|
- "traefik.http.routers.ds225-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ds225-tls.rule=Host(`ds225.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds225-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ds225-tls.service=ds225" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ds225-tls.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.ds225-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ds225-tls.rule=Host(`ds225.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds225-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ds225-tls.service=ds225" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ds225-tls.tls=true" # 啟用 TLS
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 (Let's Encrypt) ---
|
|
|
|
|
- "traefik.http.routers.ds225-letsencrypt.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.ds225-letsencrypt.rule=Host(`ds225.jsc.idv.tw`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.ds225-letsencrypt.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.ds225-letsencrypt.service=ds225" # 指向服務
|
|
|
|
|
- "traefik.http.routers.ds225-letsencrypt.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.ds225-letsencrypt.tls.certresolver=letsencrypt" # 使用 Let's Encrypt 證書
|
|
|
|
|
|
|
|
|
|
# === 環境變數設定 ===
|
|
|
|
|
environment:
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
|
|
|
|
|
# === 網路設定 ===
|
|
|
|
|
networks:
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
|
|
|
|
|
# === Socat 代理指令 ===
|
|
|
|
|
command: "-d -d tcp-listen:5001,reuseaddr,fork tcp:192.168.30.253:5001" # TCP 代理至 DS225+
|
|
|
|
|
|
|
|
|
|
# === 日誌管理 ===
|
|
|
|
|
logging:
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
options:
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
|
|
|
|
|
# === 重新啟動策略 ===
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
|
|
|
|
|
# --- OpenWrt 主要代理服務 ---
|
|
|
|
|
openwrt:
|
|
|
|
|
# === 容器基本設定 ===
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
image: alpine/socat:latest # Alpine Linux + socat 工具
|
|
|
|
|
container_name: socat_openwrt
|
|
|
|
|
|
|
|
|
|
# === Traefik 標籤設定 ===
|
|
|
|
|
labels:
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
- "traefik.enable=true" # 啟用 Traefik 代理
|
|
|
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
|
|
|
|
|
|
# --- HTTP 服務配置 ---
|
|
|
|
|
- "traefik.http.services.openwrt.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
|
|
|
|
- "traefik.http.services.openwrt.loadbalancer.server.port=80" # 後端服務連接埠 80
|
|
|
|
|
- "traefik.http.services.openwrt.loadbalancer.server.scheme=http" # 服務協議為 HTTP
|
|
|
|
|
- "traefik.http.services.openwrt.loadbalancer.server.port=80" # 後端服務連接埠 80
|
|
|
|
|
|
|
|
|
|
# --- HTTP 路由 (轉導至 HTTPS) ---
|
|
|
|
|
- "traefik.http.routers.openwrt.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.openwrt.rule=Host(`openwrt.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.openwrt.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
- "traefik.http.routers.openwrt.entrypoints=http" # HTTP 入口點
|
|
|
|
|
- "traefik.http.routers.openwrt.rule=Host(`openwrt.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.openwrt.middlewares=https-redirect@docker" # 強制 HTTPS 轉導
|
|
|
|
|
|
|
|
|
|
# --- HTTPS 路由 ---
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.rule=Host(`openwrt.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.service=openwrt" # 指向服務
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.tls=true" # 啟用 TLS
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.entrypoints=https" # HTTPS 入口點
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.rule=Host(`openwrt.jsc.idv.me`)" # 域名規則
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.middlewares=gzip@docker" # 啟用 Gzip 壓縮
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.service=openwrt" # 指向服務
|
|
|
|
|
- "traefik.http.routers.openwrt-tls.tls=true" # 啟用 TLS
|
|
|
|
|
|
|
|
|
|
# === 環境變數設定 ===
|
|
|
|
|
environment:
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
|
|
|
|
|
|
# === 網路設定 ===
|
|
|
|
|
networks:
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
- vlan # 使用 traefik_vlan 網路
|
|
|
|
|
|
|
|
|
|
# === Socat 代理指令 ===
|
|
|
|
|
command: "-d -d tcp-listen:80,reuseaddr,fork tcp:192.168.30.254:80" # TCP 代理至 OpenWrt
|
|
|
|
|
command: "-d -d tcp-listen:80,reuseaddr,fork tcp:192.168.30.254:80" # TCP 代理至 OpenWrt
|
|
|
|
|
|
|
|
|
|
# === 日誌管理 ===
|
|
|
|
|
logging:
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
|
|
|
options:
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
|
|
|
|
|
|
# === 重新啟動策略 ===
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
|
|
|
|
|
|
# ===============================================================
|
|
|
|
|
# Docker Networks 定義
|
|
|
|
|
# ===============================================================
|
|
|
|
|
networks:
|
|
|
|
|
vlan: # Traefik 共用網路
|
|
|
|
|
vlan: # Traefik 共用網路
|
|
|
|
|
name: traefik_vlan
|
|
|
|
|
external: true # 使用外部建立的網路
|
|
|
|
|
external: true # 使用外部建立的網路
|
|
|
|
|
|
