Created
September 16, 2020 09:42
-
-
Save yuklia/85824f280030aa75a660d65adb791825 to your computer and use it in GitHub Desktop.
SSL_ERROR_RX_RECORD_TOO_LONG
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !!! Message from the past | |
| !!! USE ProxyProtocol if you are behind external LB. I spend whole day to realize that. | |
| version: "3.4" | |
| services: | |
| traefik: | |
| image: ${REGISTRY}/traefik:v15-${SERVER_ENV} | |
| build: ./traefik | |
| hostname: "traefik" | |
| logging: | |
| driver: awslogs | |
| options: | |
| awslogs-group: ${SERVER_ENV} | |
| awslogs-create-group: "true" | |
| awslogs-region: "eu-west-3" | |
| awslogs-stream: "traefik-test" | |
| deploy: | |
| mode: global | |
| restart_policy: | |
| condition: on-failure | |
| placement: | |
| constraints: | |
| - node.role == manager | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.services.traefik.loadbalancer.server.port=8080" | |
| - "traefik.http.routers.traefik.rule=Host(`${HOST_DASHBOARD}`)" | |
| - "traefik.http.routers.traefik.entryPoints=websecure" | |
| - "traefik.http.routers.traefik.tls=true" | |
| command: | |
| - "--log.level=INFO" | |
| - "--api.insecure=true" | |
| - "--accesslog=true" | |
| - "--providers.docker=true" | |
| - "--providers.docker.swarmMode=true" | |
| - "--providers.docker.exposedbydefault=false" | |
| - "--providers.docker.network=traefik" | |
| - "--entrypoints.web.address=:80" | |
| - "--entrypoints.web.http.redirections.entryPoint.to=websecure" | |
| - "--entrypoints.web.http.redirections.entryPoint.scheme=https" | |
| - "--entrypoints.web.http.redirections.entrypoint.permanent=true" | |
| - "--entrypoints.websecure.address=:443" | |
| - "--providers.file.directory=/etc/traefik/dynamic_conf" | |
| - "--providers.file.watch=true" | |
| # - "--entryPoints.websecure.forwardedHeaders.trustedIPs=0.0.0.0/0" | |
| - "--entryPoints.web.proxyProtocol.trustedIPs=${LB_IPS}" | |
| ports: | |
| - target: 80 | |
| published: 80 | |
| mode: host | |
| protocol: tcp | |
| - target: 443 | |
| published: 443 | |
| mode: host | |
| protocol: tcp | |
| # The Web UI (enabled by --api.insecure=true) | |
| - target: 8080 | |
| published: 8080 | |
| mode: host | |
| protocol: tcp | |
| volumes: | |
| - "/var/run/docker.sock:/var/run/docker.sock:ro" | |
| secrets: | |
| - tls_v3.crt | |
| - tls_v3.key | |
| networks: | |
| - traefik | |
| whoami: | |
| image: "containous/whoami" | |
| logging: | |
| driver: awslogs | |
| options: | |
| awslogs-group: ${SERVER_ENV} | |
| awslogs-create-group: "true" | |
| awslogs-region: "eu-west-3" | |
| awslogs-stream: "whoami" | |
| deploy: | |
| mode: replicated | |
| replicas: 1 | |
| restart_policy: | |
| condition: on-failure | |
| labels: | |
| - "traefik.enable=true" | |
| - "traefik.http.routers.whoami.rule=Host(`${HOST_CLIENT}`)" | |
| - "traefik.http.services.whoami.loadbalancer.server.port=80" | |
| - "traefik.http.routers.whoami.entrypoints=websecure" | |
| - "traefik.http.routers.whoami.tls=true" | |
| networks: | |
| - traefik | |
| networks: | |
| traefik: | |
| driver: overlay | |
| external: true | |
| secrets: | |
| tls_v3.crt: | |
| file: ./tls.crt | |
| tls_v3.key: | |
| file: ./tls.key | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment