From fccd15aec3507fd3f0cb4a2c18a0ec1af1d69c1f Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 4 Jul 2024 11:36:33 -0700 Subject: migrate to zola --- content/blog/tailscale-docker-https.md | 58 ++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 28 deletions(-) (limited to 'content/blog/tailscale-docker-https.md') diff --git a/content/blog/tailscale-docker-https.md b/content/blog/tailscale-docker-https.md index 03dfff7..9a836d9 100644 --- a/content/blog/tailscale-docker-https.md +++ b/content/blog/tailscale-docker-https.md @@ -44,34 +44,36 @@ The important bit here is the `certificatesResolvers` part. I'll be using the [d - the environment variable `GCP_PROJECT`: the name of the GCP project - mounting the service account file inside the container (I store it on the host under `/data/containers/traefik/config/sa.json`) - [Unit] - Description=traefik proxy - Documentation=https://doc.traefik.io/traefik/ - After=docker.service - Requires=docker.service - - [Service] - Restart=on-failure - ExecStartPre=-/usr/bin/docker kill traefik - ExecStartPre=-/usr/bin/docker rm traefik - ExecStartPre=/usr/bin/docker pull traefik:latest - - ExecStart=/usr/bin/docker run \ - -p 80:80 \ - -p 9080:8080 \ - -p 443:443 \ - --name=traefik \ - -e GCE_SERVICE_ACCOUNT_FILE=/var/run/gcp-service-account.json \ - -e GCE_PROJECT= gcp-super-project \ - --volume=/data/containers/traefik/config/acme.json:/acme.json \ - --volume=/data/containers/traefik/config/traefik.yml:/etc/traefik/traefik.yml:ro \ - --volume=/data/containers/traefik/config/sa.json:/var/run/gcp-service-account.json \ - --volume=/var/run/docker.sock:/var/run/docker.sock:ro \ - traefik:latest - ExecStop=/usr/bin/docker stop traefik - - [Install] - WantedBy=multi-user.target +```systemd +[Unit] +Description=traefik proxy +Documentation=https://doc.traefik.io/traefik/ +After=docker.service +Requires=docker.service + +[Service] +Restart=on-failure +ExecStartPre=-/usr/bin/docker kill traefik +ExecStartPre=-/usr/bin/docker rm traefik +ExecStartPre=/usr/bin/docker pull traefik:latest + +ExecStart=/usr/bin/docker run \ + -p 80:80 \ + -p 9080:8080 \ + -p 443:443 \ + --name=traefik \ + -e GCE_SERVICE_ACCOUNT_FILE=/var/run/gcp-service-account.json \ + -e GCE_PROJECT= gcp-super-project \ + --volume=/data/containers/traefik/config/acme.json:/acme.json \ + --volume=/data/containers/traefik/config/traefik.yml:/etc/traefik/traefik.yml:ro \ + --volume=/data/containers/traefik/config/sa.json:/var/run/gcp-service-account.json \ + --volume=/var/run/docker.sock:/var/run/docker.sock:ro \ + traefik:latest +ExecStop=/usr/bin/docker stop traefik + +[Install] +WantedBy=multi-user.target +``` As an example, I run [grafana](https://grafana.com/) on my home network to view metrics from the various containers / hosts. Let's pretend I use `example.net` as my domain. I want to be able to access `grafana` via . Here's the `systemd` unit configuration I use for this: -- cgit v1.2.3