2HoursProject/nexus-timer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

traefik

Browse Source
This commit is contained in:
cpu
2025-05-08 17:07:03 +02:00
parent 8f5b84340b
commit 654d7433d0
2 changed files with 51 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
README.md
View File

@@ -143,6 +143,19 @@ Test the web app
curl http://localhost:8080/ curl http://localhost:8080/
``` ```
## Expose the app on Internet behind the reverse proxy (Traefik) ## Expose the app on Internet behind the reverse proxy (Traefik)
Create a 'labels' file for Traefik
```bash
sudo tee labels <<EOF
traefik.enable=true
traefik.docker.network=traefik
traefik.http.routers.virt-nexus-timer.rule=Host("nexus-timer.virtonline.eu")
traefik.http.routers.virt-nexus-timer.service=virt-nexus-timer
traefik.http.routers.virt-nexus-timer.tls=true
traefik.http.routers.virt-nexus-timer.tls.certResolver=default
traefik.http.routers.virt-nexus-timer.entrypoints=web-secure
traefik.http.services.virt-nexus-timer.loadbalancer.server.port=80
EOF
```
Create the systemd service file Create the systemd service file
```bash ```bash
sudo systemctl edit --force --full virt-nexus-timer.service sudo systemctl edit --force --full virt-nexus-timer.service
@@ -164,19 +177,8 @@ ExecStartPre=-/usr/bin/env sh -c '/usr/bin/env docker rm virt-nexus-timer 2>/dev
ExecStart=/usr/bin/env docker run \ ExecStart=/usr/bin/env docker run \
--rm \ --rm \
--name=virt-nexus-timer \ --name=virt-nexus-timer \
--cap-drop=ALL \ --network=traefik-net \
--read-only \ --label-file /opt/nexus-timer/labels \
--user=997:1002 \
--log-driver=none \
--network=traefik \
--label 'traefik.enable=true' \
--label 'traefik.docker.network=traefik' \
--label 'traefik.http.routers.virt-nexus-timer.rule=Host("nexus-timer.virtonline.eu")' \
--label 'traefik.http.routers.virt-nexus-timer.service=virt-nexus-timer' \
--label 'traefik.http.routers.virt-nexus-timer.tls=true' \
--label 'traefik.http.routers.virt-nexus-timer.tls.certResolver=default' \
--label 'traefik.http.routers.virt-nexus-timer.entrypoints=web-secure' \
--label 'traefik.http.services.virt-nexus-timer.loadbalancer.server.port=80' \
virt-nexus-timer virt-nexus-timer
ExecStop=-/usr/bin/env sh -c '/usr/bin/env docker kill virt-nexus-timer 2>/dev/null || true' ExecStop=-/usr/bin/env sh -c '/usr/bin/env docker kill virt-nexus-timer 2>/dev/null || true'

35
nginx.conf
View File

@@ -1,8 +1,38 @@
# Existing log format often uses $remote_addr by default
# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
# Add these lines within the http {} block, OR server {} block
# (http block is generally preferred for these directives)
# Make sure they are *before* the access_log directive if possible.
# --- Real IP Configuration ---
# Replace with the ACTUAL IP range(s) of your Traefik Docker network(s)
set_real_ip_from 172.22.0.0/16; # Example: Trust IPs from this subnet
# You can add multiple set_real_ip_from lines if needed
# set_real_ip_from 192.168.1.0/24; # Example if Traefik was also on another network
# Which header contains the real client IP?
# X-Forwarded-For handles multiple proxies better. X-Real-IP is simpler if only Traefik.
real_ip_header X-Forwarded-For;
# If using X-Forwarded-For, tell Nginx how to process it.
# 'on' means find the *last* IP address that is NOT from a trusted proxy.
# This is usually correct when behind one or more trusted proxies.
real_ip_recursive on;
# --- End Real IP Configuration ---
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name localhost; server_name localhost;
# Use the 'realip' processed $remote_addr in logs
# Ensure your access_log format uses $remote_addr (like 'combined' or 'main')
access_log /var/log/nginx/access.log combined; # Or your preferred format using $remote_addr
root /usr/share/nginx/html; root /usr/share/nginx/html;
index index.html; index index.html;
@@ -10,3 +40,8 @@ server {
try_files $uri $uri/ /index.html; try_files $uri $uri/ /index.html;
} }
} }
# It's common practice to put realip config in the http block
# If your default.conf is included inside an existing http block in nginx.conf,
# placing the realip directives *outside* the server block but *inside* http is standard.
# If this file IS your entire http block, place them just before the server block.