BinaryNinja/tvapp2
4
1
Fork 0
mirror of https://github.com/TheBinaryNinja/tvapp2.git synced 2026-06-04 05:15:42 -04:00
Code Issues Packages Projects Releases Wiki Activity

docs: add traefik instructions for dynamic and static config

Browse Source
This commit is contained in:
Aetherx
2024-12-01 04:21:42 -07:00
parent ae5e029985
commit 0f1ad28426
1 changed files with 111 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
README.md
View File

@@ -41,6 +41,11 @@ Makes use of the generous work over at [https://github.com/dtankdempse/thetvapp-
- [Install](#install) - [Install](#install)
- [Docker Compose](#docker-compose) - [Docker Compose](#docker-compose)
- [Traefik](#traefik) - [Traefik](#traefik)
- [Dynamic.yml](#dynamicyml)
- [Static.yml](#staticyml)
- [certificatesResolvers](#certificatesresolvers)
- [entryPoints (Normal)](#entrypoints-normal)
- [entryPoints (Cloudflare)](#entrypoints-cloudflare)
- [Env Variables \& Volumes](#env-variables--volumes) - [Env Variables \& Volumes](#env-variables--volumes)
- [Environment Variables](#environment-variables) - [Environment Variables](#environment-variables)
- [Volumes](#volumes) - [Volumes](#volumes)
@@ -121,7 +126,10 @@ services:
### Traefik ### Traefik
You can put this container behind Traefik if you want to use a reverse proxy and let Traefik handle the SSL certificate. You can put this container behind Traefik if you want to use a reverse proxy and let Traefik handle the SSL certificate.
Open the Traefik dynamic file and add the following: <br />
#### Dynamic.yml
Open the Traefik dynamic file which is usually named `dynamic.yml`. We need to add a new `middleware`, `router`, and `service` to our Traefik dynamic file so that it knows about our new TheTVApp container and where it is.
```yml ```yml
http: http:
@@ -159,6 +167,15 @@ http:
- url: "https://thetvapp:443" - url: "https://thetvapp:443"
``` ```
<br />
#### Static.yml
These entries will go in your Traefik `static.yml` file. Any changes made to this file requires that you reset Traefik afterward.
<br />
##### certificatesResolvers
Open your Traefik `static.yml` file and add your `certResolver` from above. We are going to use Cloudflare in this exmaple, you can use whatever from the list at: Open your Traefik `static.yml` file and add your `certResolver` from above. We are going to use Cloudflare in this exmaple, you can use whatever from the list at:
- https://doc.traefik.io/traefik/https/acme/#providers - https://doc.traefik.io/traefik/https/acme/#providers
@@ -183,17 +200,17 @@ certificatesResolvers:
<br /> <br />
Once you pick the DNS / SSL provider you want to use, you need to see if that provider has any special environment variables that must be set. The [Providers Page](https://doc.traefik.io/traefik/https/acme/#providers) lists all providers and also what env variables need set for each one. Once you pick the DNS / SSL provider you want to use from the code above, you need to see if that provider has any special environment variables that must be set. The [Providers Page](https://doc.traefik.io/traefik/https/acme/#providers) lists all providers and also what env variables need set for each one.
<br /> <br />
In our example using Cloudflare, we must set: In our example, since we are using Cloudflare for `dnsChallenge` -> `provider`, we must set:
- `CF_API_EMAIL` - `CF_API_EMAIL`
- `CF_API_KEY` - `CF_API_KEY`
<br /> <br />
In docker, create a `.env` environment file in the same folder where your thetvapp `docker-compose.yml` file is located, and add the following: Create a `.env` environment file in the same folder where your Traefik `docker-compose.yml` file is located, and add the following:
```yml ```yml
CF_API_EMAIL=yourcloudflare@email.com CF_API_EMAIL=yourcloudflare@email.com
@@ -202,6 +219,96 @@ CF_API_KEY=Your-Cloudflare-API-Key
<br /> <br />
Save the `.env` file and exit.
<br />
##### entryPoints (Normal)
Finally, inside the Traefik `static.yml`, we need to make sure we have our `entryPoints` configured. Add the following to the Traefik `static.yml` file only if you **DON'T** have entry points set yet:
```yml
entryPoints:
http:
address: :80
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: :443
http3: {}
http:
tls:
options: default
certResolver: cloudflare
domains:
- main: domain.com
sans:
- '*.domain.com'
```
<br />
##### entryPoints (Cloudflare)
If your website is behind Cloudflare's proxy service, you need to modify your `entryPoints` above so that you can automatically allow Cloudflare's IP addresses through. This means your entry points will look a bit different.
<br />
In the example below, we will add `forwardedHeaders` -> `trustedIPs` and add all of Cloudflare's IPs to the list which are available here:
- https://www.cloudflare.com/ips/
```yml
http:
address: :80
forwardedHeaders:
trustedIPs: &trustedIps
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 104.16.0.0/13
- 104.24.0.0/14
- 108.162.192.0/18
- 131.0.72.0/22
- 141.101.64.0/18
- 162.158.0.0/15
- 172.64.0.0/13
- 173.245.48.0/20
- 188.114.96.0/20
- 190.93.240.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 2400:cb00::/32
- 2606:4700::/32
- 2803:f800::/32
- 2405:b500::/32
- 2405:8100::/32
- 2a06:98c0::/29
- 2c0f:f248::/32
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: :443
http3: {}
forwardedHeaders:
trustedIPs: *trustedIps
http:
tls:
options: default
certResolver: cloudflare
domains:
- main: domain.com
sans:
- '*.domain.com'
```
<br />
Save the files and then give Traefik and your TheTvApp containers a restart. Save the files and then give Traefik and your TheTvApp containers a restart.
<br /> <br />