nicolas
/
podman-quadlet-cookbook
mirror of https://github.com/nmasse-itix/podman-quadlet-cookbook.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

minor fixes

main
Nicolas Massé 2 weeks ago
parent
401f0b76f8
commit
39cf4ac288
2 changed files with 87 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      cookbooks/ntfy/ntfy.container
  2. 86
      cookbooks/traefik/README.md

2
cookbooks/ntfy/ntfy.container
View File

@ -30,7 +30,7 @@ Volume=/etc/quadlets/ntfy/server.yml:/etc/ntfy/server.yml:ro,z
Volume=/var/lib/virtiofs/data/ntfy:/var/cache/ntfy:Z
# Health check
HealthCmd=wget -q --tries=1 http://localhost:8080/v1/health -O - | grep -Eo '"healthy"\s*:\s*true' || exit 1
HealthCmd=wget -q --tries=1 http://127.0.0.1:8080/v1/health -O - | grep -qEo '"healthy"\s*:\s*true'
HealthInterval=60s
HealthTimeout=10s
HealthStartPeriod=40s

86
cookbooks/traefik/README.md
View File

@ -82,3 +82,89 @@ sudo make uninstall clean
```sh
sudo make test
```
## What if I want to use a TLS certificate provided by the "lego" cookbook?
**/etc/containers/systemd/traefik.container.d/lego.conf**:
```ini
[Unit]
# Now, Traefik depends on the lego target, which will ensure that the TLS certificates are generated and available before Traefik starts
After=lego.target
Wants=lego.target
[Container]
# Mount the directory containing the TLS certificates generated by lego into the Traefik container
Volume=/run/quadlets/traefik/tls:/etc/traefik/tls:Z
# Health check on HTTPS
HealthCmd=wget -q -O /dev/null --no-check-certificate --header 'Host: ping' https://127.0.0.1/
[Service]
# Get the TLS certificates in place before starting traefik
ExecStartPre=/bin/sh -c 'install -o 10001 -g 10000 -m 0600 -t /run/quadlets/traefik/tls /var/lib/quadlets/lego/certificates/*.crt /var/lib/quadlets/lego/certificates/*.key'
```
**/etc/quadlets/traefik/conf.d/tls.yaml**:
```yaml
tls:
certificates:
- certFile: /etc/traefik/tls/f.q.d.n.crt
keyFile: /etc/traefik/tls/f.q.d.n.key
stores:
default:
defaultCertificate:
certFile: /etc/traefik/tls/f.q.d.n.crt
keyFile: /etc/traefik/tls/f.q.d.n.key
http:
routers:
traefik-ping-tls:
rule: Host(`ping`)
entryPoints:
- https
service: "ping@internal"
tls: {}
middlewares:
- localhost-only
middlewares:
localhost-only:
ipAllowList:
sourceRange:
- "127.0.0.1/32"
```
**/etc/quadlets/traefik/traefik.yaml**:
```yaml
entryPoints:
# <-- no http entrypoint here
https:
address: ":443"
```
**/etc/tmpfiles.d/traefik-lego.conf**:
```
d /run/quadlets/traefik 0755 10001 10000 -
d /run/quadlets/traefik/tls 0700 10001 10000 -
```
**/etc/quadlets/traefik/conf.d/$yoursite.yaml**:
```yaml
http:
routers:
example:
rule: "Host(`service.example.test`)"
entryPoints:
- https
service: "example"
tls: {} # <-- this tells Traefik to enable TLS and find a matching certificate by SNI
services:
example:
loadBalancer:
servers:
- url: "http://127.0.0.1:8080"
```

Write Preview
Loading…
Cancel
Save