From ae9e77e0453f2862bf054a368590abe11b4dd59a Mon Sep 17 00:00:00 2001 From: Reinaldy Rafli Date: Sun, 31 Mar 2024 09:19:59 +0700 Subject: [PATCH] feat: move verdaccio to Traefik configuration --- verdaccio/Caddyfile | 36 ------------------------------------ verdaccio/docker-compose.yml | 27 +++++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 38 deletions(-) delete mode 100644 verdaccio/Caddyfile diff --git a/verdaccio/Caddyfile b/verdaccio/Caddyfile deleted file mode 100644 index 3bb6668..0000000 --- a/verdaccio/Caddyfile +++ /dev/null @@ -1,36 +0,0 @@ -# The Caddyfile is an easy way to configure your Caddy web server. -# -# Unless the file starts with a global options block, the first -# uncommented line is always the address of your site. -# -# To use your own domain name (with automatic HTTPS), first make -# sure your domain's A/AAAA DNS records are properly pointed to -# this machine's public IP, then replace ":80" below with your -# domain name. - -npmjs.teknologiumum.com { - reverse_proxy 127.0.0.1:4873 { - transport http { - read_buffer 16KiB - write_buffer 16KiB - compression off - } - } - - header { - server "Teknologi Umum" - ?Permissions-Policy interest-cohort=() - ?strict-transport-security "max-age=604800; includeSubDomains" - ?x-content-type-options nosniff - ?x-frame-options DENY - ?referrer-policy no-referrer-when-downgrade - ?content-security-policy "default-src 'none'; font-src 'self'; script-src 'self' blob:; manifest-src 'self'; media-src 'self' data: blob: about:; style-src 'self' 'unsafe-inline'; base-uri 'none'; img-src 'self' data:; form-action 'self'; frame-ancestors 'none'; connect-src 'self'; worker-src blob:;" - ?vary Origin - ?x-xss-protection "1; mode=block" - } - - tls opensource@teknologiumum.com -} - -# Refer to the Caddy docs for more information: -# https://caddyserver.com/docs/caddyfile diff --git a/verdaccio/docker-compose.yml b/verdaccio/docker-compose.yml index c4bda3b..753a6cf 100644 --- a/verdaccio/docker-compose.yml +++ b/verdaccio/docker-compose.yml @@ -1,12 +1,31 @@ services: verdaccio: image: verdaccio/verdaccio:5 - ports: - - 127.0.0.1:4873:4873 volumes: - verdaccio-storage:/verdaccio/storage labels: + - "traefik.enable=true" + - "traefik.http.routers.verdaccio.entrypoints=web,websecure" + - "traefik.http.routers.verdaccio.rule=Host(`npmjs.teknologiumum.com`)" + - "traefik.http.routers.verdaccio.tls.certresolver=tlsresolver" + - "traefik.http.routers.verdaccio.middlewares=verdaccio-header,verdaccio-redirectscheme" + - "traefik.http.services.verdaccio.loadbalancer.server.port=4873" + - "traefik.http.services.verdaccio.loadbalancer.server.scheme=http" + - "traefik.http.services.verdaccio.loadbalancer.healthcheck.interval=120s" + - "traefik.http.services.verdaccio.loadbalancer.healthcheck.path=/" + - "traefik.http.middlewares.verdaccio-header.headers.addvaryheader=true" + - "traefik.http.middlewares.verdaccio-header.headers.frameDeny=true" + - "traefik.http.middlewares.verdaccio-header.headers.browserxssfilter=true" + - "traefik.http.middlewares.verdaccio-header.headers.stsSeconds=604800" + - "traefik.http.middlewares.verdaccio-header.headers.stsIncludeSubdomains=true" + - "traefik.http.middlewares.verdaccio-header.headers.browserXssFilter=true" + - "traefik.http.middlewares.verdaccio-header.headers.contentTypeNosniff=true" + - "traefik.http.middlewares.verdaccio-header.headers.customResponseHeaders.server=Teknologi Umum" + - "traefik.http.middlewares.verdaccio-redirectscheme.redirectscheme.scheme=https" + - "traefik.http.middlewares.verdaccio-redirectscheme.redirectscheme.permanent=true" - "com.centurylinklabs.watchtower.enable=true" + networks: + - public-web deploy: mode: replicated replicas: 1 @@ -23,3 +42,7 @@ services: volumes: verdaccio-storage: external: true + +networks: + public-web: + external: true