From f7742f2a2bfb0e2d9292ff75c96d7a5dbaa095f7 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Tue, 11 Oct 2022 13:28:51 +0200 Subject: [PATCH 1/4] Make traefik volumes read-only --- ccp/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 65343d6..d78a842 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -25,8 +25,8 @@ services: - 80:80 - 443:443 volumes: - - ../certs:/tools/certs - - ../lib/traefik-configuration/:/configuration + - ../certs:/tools/certs:ro + - ../lib/traefik-configuration/:/configuration:ro - /var/run/docker.sock:/var/run/docker.sock:ro forward_proxy: From e439510920f36c272fe8ce99efc630849ce0ac9b Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Tue, 11 Oct 2022 13:29:09 +0200 Subject: [PATCH 2/4] Rename spot container so it shows up in monitoring --- ccp/docker-compose.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index d78a842..3ef7f24 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -72,6 +72,7 @@ services: spot: image: samply/spot:latest + container_name: bridgehead-spot environment: SECRET: ${SPOT_BEAM_SECRET_LONG} APPID: spot From 7ecb39d6cede55a820e36900ccca92554782b1f7 Mon Sep 17 00:00:00 2001 From: Martin Lablans Date: Tue, 11 Oct 2022 18:29:08 +0200 Subject: [PATCH 3/4] Use new forward proxy --- ccp/docker-compose.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index 3ef7f24..c446f64 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -31,13 +31,14 @@ services: forward_proxy: container_name: bridgehead-forward-proxy - image: samply/bridgehead-forward-proxy:develop + image: samply/bridgehead-forward-proxy:main environment: - http_proxy: ${HTTP_PROXY_URL} - https_proxy: ${HTTPS_PROXY_URL} + HTTPS_PROXY: ${HTTPS_PROXY_URL} + USERNAME: ${HTTPS_PROXY_USERNAME} + PASSWORD: ${HTTPS_PROXY_PASSWORD} volumes: - - "bridgehead-proxy:/var/log/squid" - + - /etc/bridgehead/trusted-ca-certs:/docker/custom-certs/:ro + landing: container_name: bridgehead-landingpage image: samply/bridgehead-landingpage:master @@ -60,7 +61,7 @@ services: LOG_LEVEL: "debug" ENFORCE_REFERENTIAL_INTEGRITY: "false" volumes: - - "blaze-data:/app/data" + - "blaze-data:/app/data" labels: - "traefik.enable=true" - "traefik.http.middlewares.ccp-auth.basicauth.users=${bc_auth_users}" @@ -98,17 +99,19 @@ services: PRIVKEY_FILE: /run/secrets/proxy.pem RUST_LOG: debug ALL_PROXY: http://forward_proxy:3128 + TLS_CA_CERTIFICATES_DIR: /conf/trusted-ca-certs secrets: - proxy.pem labels: - "traefik.enable=false" depends_on: - "forward_proxy" + volumes: + - /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro volumes: blaze-data: - bridgehead-proxy: secrets: proxy.pem: From 0f1cb966badaa95997b4636840ff1197d8b755c6 Mon Sep 17 00:00:00 2001 From: Martin Lablans <6804500+lablans@users.noreply.github.com> Date: Tue, 11 Oct 2022 18:36:42 +0200 Subject: [PATCH 4/4] Use tag latest for forward proxy --- ccp/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ccp/docker-compose.yml b/ccp/docker-compose.yml index c446f64..bc8fdf2 100644 --- a/ccp/docker-compose.yml +++ b/ccp/docker-compose.yml @@ -31,7 +31,7 @@ services: forward_proxy: container_name: bridgehead-forward-proxy - image: samply/bridgehead-forward-proxy:main + image: samply/bridgehead-forward-proxy:latest environment: HTTPS_PROXY: ${HTTPS_PROXY_URL} USERNAME: ${HTTPS_PROXY_USERNAME}