init

deploy/custom/middleware.yml

@@ -0,0 +1,17 @@
+http:
+  middlewares:
+    cors:
+      headers:
+        accessControlAllowMethods: ["GET", "POST", "PUT", "OPTIONS", "DELETE", "PATCH"]
+        accessControlAllowOriginList: "*"
+        accessControlMaxAge: 100
+        accessControlAllowCredentials: true
+        accessControlAllowHeaders: "*"
+        accessControlExposeHeaders: ["Authorization"]
+        forceSTSHeader: true
+        frameDeny: true
+        sslRedirect: true
+        sslForceHost: true
+        stsPreload: true
+        stsseconds: "31536000"
+        customFrameOptionsValue: "SAMEORIGIN"

deploy/docker-compose.yaml

@@ -0,0 +1,86 @@
+x-custom: &envs
+  SERVING_PORT: 8080
+  MIGRATION_MODE: "on"
+  LOGGING_LEVEL: debug
+  POSTGRES_DSN: "host=pg port=2345 dbname=gerald user=gerald password=wR7gP2kD9qLxVzT3mBc sslmode=disable"
+
+x-custom-pg: &envs-pg
+  POSTGRES_USER: "gerald"
+  POSTGRES_PASSWORD: "wR7gP2kD9qLxVzT3mBc"
+  POSTGRES_DB: "gerald"
+
+services:
+  traefik:
+    image: traefik
+    container_name: traefik
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./traefik.yml:/traefik.yml
+      - ./custom/:/custom/
+      - traefik-ssl-sert:/ssl-certs
+      - /var/log:/var/log/
+    networks:
+      - front
+      - back
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.traefik.entrypoints=websecure
+      - traefik.http.routers.traefik.rule=Host(`gerald-tr.octagon-lab.com`)
+      - traefik.http.routers.traefik.tls=true
+      - traefik.http.routers.traefik.tls.certresolver=letsEncrypt
+      - traefik.http.routers.traefik.service=api@internal
+      - traefik.http.services.traefik.loadbalancer.server.port=8080
+      - traefik.http.middlewares.tr-auth.basicauth.users=admin:$$apr1$$.gRkGUr0$$wu//p7fgWjDM1rlyQOGbW1,user:$$apr1$$J1cX/7u6$$tyPWYdAVYqACdWJy29FMn1
+      - traefik.http.routers.traefik.middlewares=tr-auth
+
+  gerald:
+    hostname: gerald
+    restart: unless-stopped
+    image: registry.spasskiy.site/gerald:latest
+    environment:
+      APP_NAME: "gerald"
+      <<: *envs
+    networks:
+      - back
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.gerald.service=gerald
+      - traefik.http.routers.gerald.entrypoints=websecure
+      - traefik.http.routers.gerald.tls=true
+      - traefik.http.routers.gerald.tls.certresolver=letsEncrypt
+      - traefik.http.routers.gerald.rule=Host(`api.2phon.com`) || Host(`2phon.oct-app.com`)
+      - traefik.http.services.gerald.loadbalancer.server.port=8080
+      - traefik.http.middlewares.gerald-ratelimit.ratelimit.average=5
+      - traefik.http.middlewares.gerald-ratelimit.ratelimit.burst=10
+      - traefik.http.middlewares.gerald-ratelimit.ratelimit.period=1s
+      - traefik.http.routers.gerald.middlewares=cors@file, gerald-ratelimit
+
+  pg:
+    image: postgres
+    restart: unless-stopped
+    environment:
+      <<: *envs-pg
+      PGDATA: /var/lib/postgresql/data/pgdata
+    networks:
+      - back
+      - front
+    ports:
+      - 5432:5432
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+
+volumes:
+  pgdata:
+    driver: local
+  traefik-ssl-sert:
+    driver: local
+
+networks:
+  front:
+  back:

deploy/traefik.yml

@@ -0,0 +1,43 @@
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: "websecure"
+          scheme: "https"
+          permanent: true
+  websecure:
+    address: ":443"
+  postgres:
+    address: ":5432"
+
+providers:
+  file:
+    directory: custom/
+    watch: true
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    watch: true
+
+certificatesResolvers:
+  letsEncrypt:
+    acme:
+      email: gwookiee@gmail.com
+      storage: /ssl-certs/acme.json
+      httpChallenge:
+        entryPoint: web
+      tlsChallenge: {}
+
+api:
+  dashboard: true
+
+log:
+  filePath: "/var/log/traefik.log"
+
+accessLog:
+  filePath: "/var/log/traefik_access.log"
+  bufferingSize: 100
+
+pilot:
+  token: "b07f1173-3ea3-47b8-b993-c286a3fa2e42"