Select Git revision
Elian Loraux authored
Traefik.sh 1.53 KiB
#!/bin/bash
echo "============= $(basename "$0") ================="
if [ ! -e $(pwd)/$(dirname "$0")/../main.env ]
then
echo "Please copy in racine of NoCloud Auto Installer main.env.sample to main.env and edit it"
exit 1
fi
. $(pwd)/$(dirname "$0")/../main.env
apt-get update
DEBIAN_FRONTEND='noninteractive' apt-get -qq install docker-compose
adduser dockerweb
usermod -aG docker dockerweb
if [ -z "$(docker network ls | grep -w traefik)" ]; then
docker network create traefik --subnet 172.19.0.1/24
fi
mkdir -p /home/dockerweb/
# Ajout de la clé maintenance
mkdir -p /home/dockerweb/.ssh/
touch /home/dockerweb/.ssh/authorized_keys
cat id_rsa.pub >> /home/dockerweb/.ssh/authorized_keys
chown -R dockerweb:dockerweb /home/dockerweb/.ssh
cd /home/dockerweb/
git clone https://gitlab.tetras-libre.fr/nocloud/docker/traefik
sed -ie "s/adminemail/${SERVER_ADMIN}/" /home/dockerweb/traefik/traefik.toml
echo "HOST=traefik.${DOMAIN}" > /home/dockerweb/traefik/.env
# TODO generate random password
chown -R dockerweb:dockerweb /home/dockerweb
cd /home/dockerweb/traefik
touch acme.json
chmod 600 acme.json
echo "Update /home/dockerweb/traefik/docker-compose.yml to change htpassword line 29"
cat <<EOF > /etc/fail2ban/jail.d/nocloud_traefik.conf
[traefik-auth]
enabled = true
logpath = /home/dockerweb/traefik/log/access.log
chain = DOCKER-USER
mode = aggressive
findtime = 4h
EOF
cat <<EOF > /etc/fail2ban/jail.d/nocloud_base.conf
[sshd]
enabled = true
chain = DOCKER-USER
[recidive]
enabled = true
chain = DOCKER-USER
EOF
fail2ban-client reload