diff --git a/docker-compose/dockge/docker-compose.yml b/docker-compose/dockge/docker-compose.yml index 0c4da81..86f3938 100644 --- a/docker-compose/dockge/docker-compose.yml +++ b/docker-compose/dockge/docker-compose.yml @@ -22,6 +22,7 @@ services: restart: unless-stopped networks: - homelab-network + - traefik-network ports: - '5001:5001' # Optional: direct access volumes: @@ -35,7 +36,16 @@ services: labels: - 'homelab.category=infrastructure' - 'homelab.description=Docker Compose stack manager' + - 'traefik.enable=true' + - 'traefik.docker.network=traefik-network' + - 'traefik.http.routers.dockge.rule=Host(`dockge.${DOMAIN}`)' + - 'traefik.http.routers.dockge.entrypoints=websecure' + - 'traefik.http.routers.dockge.tls.certresolver=letsencrypt' + - 'traefik.http.routers.dockge.middlewares=authelia@docker' + - 'traefik.http.services.dockge.loadbalancer.server.port=5001' networks: homelab-network: + external: true + traefik-network: external: true \ No newline at end of file diff --git a/docker-compose/infrastructure/docker-compose.yml b/docker-compose/infrastructure/docker-compose.yml index 1ba6bb4..fca96b7 100644 --- a/docker-compose/infrastructure/docker-compose.yml +++ b/docker-compose/infrastructure/docker-compose.yml @@ -125,6 +125,7 @@ services: restart: no networks: - homelab-network + - traefik-network ports: - '8085:8080' volumes: @@ -143,6 +144,15 @@ services: - 'com.centurylinklabs.watchtower.enable=true' - 'homelab.category=infrastructure' - 'homelab.description=Real-time Docker log viewer' + - 'traefik.enable=true' + - 'traefik.docker.network=traefik-network' + - 'traefik.http.routers.dozzle.rule=Host(`dozzle.${DOMAIN}`)' + - 'traefik.http.routers.dozzle.entrypoints=websecure' + - 'traefik.http.routers.dozzle.tls.certresolver=letsencrypt' + - 'traefik.http.routers.dozzle.middlewares=authelia@docker' + - 'traefik.http.services.dozzle.loadbalancer.server.port=8080' + - 'sablier.enable=true' + - 'sablier.group=dozzle' # Glances - System monitoring # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity @@ -161,6 +171,7 @@ services: restart: no networks: - homelab-network + - traefik-network ports: - '61208:61208' pid: host @@ -179,6 +190,15 @@ services: - 'com.centurylinklabs.watchtower.enable=true' - 'homelab.category=infrastructure' - 'homelab.description=System and Docker monitoring' + - 'traefik.enable=true' + - 'traefik.docker.network=traefik-network' + - 'traefik.http.routers.glances.rule=Host(`glances.${DOMAIN}`)' + - 'traefik.http.routers.glances.entrypoints=websecure' + - 'traefik.http.routers.glances.tls.certresolver=letsencrypt' + - 'traefik.http.routers.glances.middlewares=authelia@docker' + - 'traefik.http.services.glances.loadbalancer.server.port=61208' + - 'sablier.enable=true' + - 'sablier.group=glances' # Code Server - VS Code in browser # Uses Sablier lazy loading - starts on-demand, stops after 30min inactivity @@ -197,6 +217,7 @@ services: restart: no networks: - homelab-network + - traefik-network ports: - '8079:8443' volumes: @@ -219,6 +240,15 @@ services: - 'com.centurylinklabs.watchtower.enable=true' - 'homelab.category=infrastructure' - 'homelab.description=VS Code in browser' + - 'traefik.enable=true' + - 'traefik.docker.network=traefik-network' + - 'traefik.http.routers.code-server.rule=Host(`code.${DOMAIN}`)' + - 'traefik.http.routers.code-server.entrypoints=websecure' + - 'traefik.http.routers.code-server.tls.certresolver=letsencrypt' + - 'traefik.http.routers.code-server.middlewares=authelia@docker' + - 'traefik.http.services.code-server.loadbalancer.server.port=8443' + - 'sablier.enable=true' + - 'sablier.group=code-server' x-dockge: urls: @@ -236,3 +266,5 @@ x-dockge: networks: homelab-network: external: true + traefik-network: + external: true diff --git a/scripts/ez-homelab.sh b/scripts/ez-homelab.sh index 6aaef6c..5deed61 100755 --- a/scripts/ez-homelab.sh +++ b/scripts/ez-homelab.sh @@ -1693,23 +1693,28 @@ deploy_remote_server() { copy_all_stacks_for_remote echo "" - # Step 5: Deploy Dockge - log_info "Step 5: Deploying Dockge..." + # Step 5: Configure services for additional server (remove Traefik labels) + log_info "Step 5: Configuring services for additional server..." + configure_remote_server_routing + echo "" + + # Step 6: Deploy Dockge + log_info "Step 6: Deploying Dockge..." deploy_dockge echo "" - # Step 6: Deploy Sablier stack for local lazy loading - log_info "Step 6: Deploying Sablier stack..." + # Step 7: Deploy Sablier stack for local lazy loading + log_info "Step 7: Deploying Sablier stack..." deploy_sablier_stack echo "" - # Step 7: Deploy Infrastructure stack - log_info "Step 7: Deploying Infrastructure stack..." + # Step 8: Deploy Infrastructure stack + log_info "Step 8: Deploying Infrastructure stack..." deploy_infrastructure echo "" - # Step 8: Register this remote server with core Traefik - log_info "Step 8: Registering with core Traefik..." + # Step 9: Register this remote server with core Traefik + log_info "Step 9: Registering with core Traefik..." register_remote_server_with_core echo "" @@ -1869,71 +1874,37 @@ deploy_sablier_stack() { log_success "Sablier stack deployed at $sablier_dir" } -# Disable Traefik routing on remote server services -# Remote services are accessed through core Traefik via docker provider +# Remove Traefik configuration from additional server services +# Additional servers don't run local Traefik - routing is handled by core server configure_remote_server_routing() { - debug_log "Configuring server-specific routing for remote services" + debug_log "Removing Traefik labels from additional server services" - log_info "Setting up server-specific subdomains for infrastructure services..." + log_info "Configuring services for additional server (removing Traefik labels)..." - local server_name="$SERVER_HOSTNAME" - - # Update dockge with server-specific subdomain and HTTP-only configuration + # Remove Traefik labels and traefik-network from dockge if [ -f "/opt/dockge/docker-compose.yml" ]; then - sed -i "s/Host(\`dockge\.\${DOMAIN}\`)/Host(\`dockge.${server_name}.kelinreij.duckdns.org\`)/" /opt/dockge/docker-compose.yml 2>/dev/null - sed -i "s/'traefik.enable=false'/'traefik.enable=true'/" /opt/dockge/docker-compose.yml 2>/dev/null - # Change to web entrypoint (HTTP-only for remote servers) - sed -i "s/entrypoints=websecure/entrypoints=web/" /opt/dockge/docker-compose.yml 2>/dev/null - # Remove TLS cert resolver (not needed for remote) - sed -i "/traefik.http.routers.dockge.tls.certresolver/d" /opt/dockge/docker-compose.yml 2>/dev/null - # Remove authelia middleware (not available on remote) - sed -i "/traefik.http.routers.dockge.middlewares=authelia@docker/d" /opt/dockge/docker-compose.yml 2>/dev/null - log_info "✓ Dockge: dockge.${server_name}.kelinreij.duckdns.org (HTTP)" + # Remove all traefik.* labels + sed -i "/- 'traefik\./d" /opt/dockge/docker-compose.yml 2>/dev/null + # Remove traefik-network from networks section + sed -i "/- traefik-network/d" /opt/dockge/docker-compose.yml 2>/dev/null + # Remove traefik-network from external networks + sed -i "/traefik-network:/,/external: true/d" /opt/dockge/docker-compose.yml 2>/dev/null + log_info "✓ Dockge: Traefik labels removed (accessible via port 5001)" fi - # Update infrastructure services (dozzle, glances) with HTTP-only configuration + # Remove Traefik labels and traefik-network from infrastructure services if [ -f "/opt/stacks/infrastructure/docker-compose.yml" ]; then - # Update hostnames - sed -i "s/Host(\`dozzle\.\${DOMAIN}\`)/Host(\`dozzle.${server_name}.kelinreij.duckdns.org\`)/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null - sed -i "s/Host(\`glances\.\${DOMAIN}\`)/Host(\`glances.${server_name}.kelinreij.duckdns.org\`)/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null - - # Change to web entrypoint (HTTP-only for remote servers) - sed -i "s/traefik.http.routers.dozzle.entrypoints=websecure/traefik.http.routers.dozzle.entrypoints=web/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null - sed -i "s/traefik.http.routers.glances.entrypoints=websecure/traefik.http.routers.glances.entrypoints=web/" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null - - # Remove TLS configuration - sed -i "/traefik.http.routers.dozzle.tls=/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null - sed -i "/traefik.http.routers.glances.tls=/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null - - log_info "✓ Dozzle: dozzle.${server_name}.kelinreij.duckdns.org (HTTP)" - log_info "✓ Glances: glances.${server_name}.kelinreij.duckdns.org (HTTP)" - - # Disable sablier routing (no web UI) - sed -i "s/'traefik.enable=true'/'traefik.enable=false'/g" /opt/stacks/sablier/docker-compose.yml 2>/dev/null - log_info "✓ Sablier: Traefik disabled (no web UI)" + # Remove all traefik.* and sablier.* labels + sed -i "/- 'traefik\./d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null + sed -i "/- 'sablier\./d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null + # Remove traefik-network from networks sections + sed -i "/- traefik-network/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null + # Remove traefik-network from external networks (last occurrence) + sed -i "/traefik-network:/,/external: true/d" /opt/stacks/infrastructure/docker-compose.yml 2>/dev/null + log_info "✓ Infrastructure: Traefik labels removed (accessible via direct ports)" fi - # Update Traefik dashboard route to use HTTP - if [ -f "/opt/stacks/traefik/dynamic/routes.yml" ]; then - cat > "/opt/stacks/traefik/dynamic/routes.yml" <