From 4762e28af4464c6ebaecb22320f2ed1bbf74c9d6 Mon Sep 17 00:00:00 2001
From: Teck Meng <furyx@hotmail.com>
Date: Wed, 11 Sep 2024 13:48:20 +0800
Subject: [PATCH] Refactor Traefik configuration to add Spice proxy support

---
 swarm/local_core.yml             |  8 ++++++++
 swarm/traefik/local_services.yml | 29 +++++++++++++++++++++++++++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/swarm/local_core.yml b/swarm/local_core.yml
index 9ab490f..0dded79 100644
--- a/swarm/local_core.yml
+++ b/swarm/local_core.yml
@@ -25,6 +25,12 @@ services:
       - target: 8084
         published: 8084
         mode: host
+      - target: 3128
+        published: 3128
+        mode: host
+      - target: 61001
+        published: 61001
+        mode: host
       # - target: 8883
       #   published: 8883
       #   mode: host
@@ -133,6 +139,8 @@ services:
       - --entrypoints.web-socket.address=:8083
       - --entrypoints.web-socket-secure.address=:8084
       - --entrypoints.bolt-socket.address=:7687
+      - --entrypoints.spice-socket.address=:3128
+      - --entrypoints.spice-tls-socket.address=:61001
       # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
       - --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
       # Store the Let's Encrypt certificates in the mounted volume
diff --git a/swarm/traefik/local_services.yml b/swarm/traefik/local_services.yml
index 452a433..4ca5846 100644
--- a/swarm/traefik/local_services.yml
+++ b/swarm/traefik/local_services.yml
@@ -12,7 +12,7 @@ http:
         - admin-auth@swarm
       tls: {}
       service: coco_desktop@file
-    
+
     local-proxmox00:
       entryPoints:
         - https
@@ -56,7 +56,6 @@ http:
       service: proxmox01@file
 
   services:
-
     coco_desktop:
       loadBalancer:
         servers:
@@ -75,3 +74,29 @@ http:
         serversTransport: "pvetransport"
         servers:
           - url: "https://192.168.50.201:8006"
+
+tcp:
+  routers:
+    spice:
+      entryPoints:
+        - spice
+      rule: HostSNI(`*`)
+      tls: false
+      service: spice@file
+    spice-tls:
+      entryPoints:
+        - spice-tls
+      rule: HostSNI(`*`)
+      tls:
+        passthrough: true
+      service: spice-tls@file
+
+  services:
+    spice:
+      loadBalancer:
+        servers:
+          - address: "https://192.168.50.210:3128"
+    spice-tls:
+      loadBalancer:
+        servers:
+          - address: "https://192.168.50.210:61001"