From 9b1fafa84839191b12f3e878d6f7c819a1c702c5 Mon Sep 17 00:00:00 2001
From: Teck Meng <furyx@hotmail.com>
Date: Wed, 29 May 2024 14:21:59 +0800
Subject: [PATCH] Refactor traefik and dozzle service configurations in
 docker-compose.yml

---
 compose/services.yml        | 72 ++++++++++++++++++++++++++++++++++--
 compose/traefik/traefik.yml | 73 +------------------------------------
 2 files changed, 69 insertions(+), 76 deletions(-)

diff --git a/compose/services.yml b/compose/services.yml
index 3368e71..0c46a4b 100644
--- a/compose/services.yml
+++ b/compose/services.yml
@@ -7,7 +7,6 @@ volumes:
 services:
   api_server:
     image: furyhawk/listen:latest
-    container_name: api_server
     restart: always
     depends_on:
       - postgres
@@ -20,14 +19,22 @@ services:
       SECURITY__JWT_SECRET_KEY: ${SECURITY__JWT_SECRET_KEY}
       SECURITY__BACKEND_CORS_ORIGINS: ${SECURITY__BACKEND_CORS_ORIGINS}
       SECURITY__ALLOWED_HOSTS: ${SECURITY__ALLOWED_HOSTS}
+      DOMAINNAME: ${DOMAINNAME}
     ports:
       - "8000:8000"
     networks:
       - net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.api_server.entrypoints=web-secure"
+      - "traefik.http.routers.api_server.rule=Host(`api.${DOMAINNAME}`)"
+      - "traefik.http.routers.api_server.middlewares=auth@file, csrf@file, rate-limit@file"
+      - "traefik.http.routers.api_server.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.api_server.service=api_server_service"
+      - "traefik.http.services.api_server_service.loadbalancer.server.port=8000"
 
   postgres:
     image: postgres
-    container_name: postgres
     environment:
       POSTGRES_DB: ${POSTGRES_DB}
       POSTGRES_USER: ${POSTGRES_USER}
@@ -35,6 +42,7 @@ services:
       PGDATA: "/var/lib/postgresql/data"
       LANG: en_US.utf8
       TZ: Asia/Singapore
+      DOMAINNAME: ${DOMAINNAME}
     command: ["postgres", "-c", "log_connections=on"]
     volumes:
       - postgres_data:/var/lib/postgresql/data
@@ -48,6 +56,14 @@ services:
       - "5432:5432"
     networks:
       - net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.postgres.entrypoints=web-secure"
+      - "traefik.http.routers.postgres.rule=Host(`db.${DOMAINNAME}`)"
+      - "traefik.http.routers.postgres.middlewares=rate-limit@file, csrf@file"
+      - "traefik.http.routers.postgres.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.postgres.service=postgres_service"
+      - "traefik.http.services.postgres_service.loadbalancer.server.port=5432"
 
   osrm-backend:
     environment:
@@ -60,22 +76,30 @@ services:
       - OSRM_GEOFABRIK_PATH=${OSRM_GEOFABRIK_PATH}
       # Notify OSRM Manager to restart without stopping container
       - OSRM_NOTIFY_FILEPATH=/data/osrm_notify.txt
+      - DOMAINNAME=${DOMAINNAME}
     image: furyhawk/osrm-backend:${OSRM_VERSION:-latest}
-    container_name: osrm_backend
     restart: unless-stopped
     expose:
       - ${OSRM_PORT:-5000}
     networks:
       - net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.osrm-backend.entrypoints=web-secure"
+      - "traefik.http.routers.osrm-backend.rule=Host(`osrm.${DOMAINNAME}`)"
+      - "traefik.http.routers.osrm-backend.middlewares=csrf@file"
+      - "traefik.http.routers.osrm-backend.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.osrm-backend.service=osrm_backend_service"
+      - "traefik.http.services.osrm_backend_service.loadbalancer.server.port=${OSRM_PORT:-5000}"
 
   minio-common:
     image: minio/minio:latest
-    container_name: minio_server
     environment:
       MINIO_ROOT_USER: "${MINIO_ROOT_USER:-minioadmin}"
       MINIO_ROOT_PASSWORD: "${MINIO_ROOT_PASSWORD:-minioadmin}"
       MINIO_OPTS: "--console-address :9001"
       MINIO_SERVER_URL: https://drive.furyhawk.lol
+      DOMAINNAME: ${DOMAINNAME}
     # user: "1000:1000"
     restart: unless-stopped
     command: server /data --address :9000 --console-address :9001
@@ -91,6 +115,20 @@ services:
       - 9001
     networks:
       - net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.minio-router.entrypoints=web-secure"
+      - "traefik.http.routers.minio-router.rule=Host(`drive.${DOMAINNAME}`) || Host(`storage.${DOMAINNAME}`)"
+      - "traefik.http.routers.minio-router.middlewares=auth@file, csrf@file"
+      - "traefik.http.routers.minio-router.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.minio-router.service=minio_common_service"
+      - "traefik.http.services.minio_common_service.loadbalancer.server.port=9001"
+      - "traefik.http.routers.minio-api-router.entrypoints=web-secure"
+      - "traefik.http.routers.minio-api-router.rule=Host(`minio.${DOMAINNAME}`) || Host(`s3.${DOMAINNAME}`)"
+      - "traefik.http.routers.minio-api-router.middlewares=csrf@file"
+      - "traefik.http.routers.minio-api-router.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.minio-api-router.service=minio_api_service"
+      - "traefik.http.services.minio_api_service.loadbalancer.server.port=9000"
 
   neo4j_server:
     # Docker image to be used
@@ -126,6 +164,7 @@ services:
     environment:
       - PUID=1000
       - PGID=1000
+      - DOMAINNAME=${DOMAINNAME}
     restart: unless-stopped
     volumes:
       - ~/st-sync:/var/syncthing
@@ -136,6 +175,14 @@ services:
       - "21027:21027/udp" # Receive local discovery broadcasts
     networks:
       - net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.syncthing.entrypoints=web-secure"
+      - "traefik.http.routers.syncthing.rule=Host(`sync.${DOMAINNAME}`)"
+      - "traefik.http.routers.syncthing.middlewares=csrf@file"
+      - "traefik.http.routers.syncthing.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.syncthing.service=syncthing_service"
+      - "traefik.http.services.syncthing_service.loadbalancer.server.port=8384"
 
   dozzle:
     image: amir20/dozzle:latest
@@ -157,6 +204,23 @@ services:
       - "traefik.http.routers.dozzle.service=dozzle_service"
       - "traefik.http.services.dozzle_service.loadbalancer.server.port=8080"
 
+  # WhoAmI - For Testing and Troubleshooting
+  whoami:
+    image: traefik/whoami
+    container_name: whoami
+    security_opt:
+      - no-new-privileges:true
+    restart: unless-stopped
+    networks:
+      - net
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami-rtr.entrypoints=web-secure"
+      - "traefik.http.routers.whoami-rtr.rule=Host(`whoami.$DOMAINNAME`)"
+      - "traefik.http.routers.whoami-rtr.middlewares=csrf@file"
+      - "traefik.http.routers.whoami-rtr.service=whoami-svc"
+      - "traefik.http.services.whoami-svc.loadbalancer.server.port=80"
+
   # kestra:
   #   image: kestra/kestra:latest-full
   #   container_name: kestra
diff --git a/compose/traefik/traefik.yml b/compose/traefik/traefik.yml
index 96ec904..556deea 100644
--- a/compose/traefik/traefik.yml
+++ b/compose/traefik/traefik.yml
@@ -36,9 +36,6 @@ entryPoints:
   bolt-socket:
     address: ":7687"
 
-  # osrm:
-  #   address: ":5000"
-
 certificatesResolvers:
   letsencrypt:
     # https://docs.traefik.io/master/https/acme/#lets-encrypt
@@ -103,17 +100,6 @@ http:
         certResolver: letsencrypt
       service: adminer_app
 
-    api-router:
-      entryPoints:
-        - web-secure
-      rule: "Host(`api.furyhawk.lol`)"
-      middlewares:
-        - auth
-        - csrf
-      tls:
-        certResolver: letsencrypt
-      service: api_server
-
     chat-router:
       entryPoints:
         - web-secure
@@ -236,26 +222,6 @@ http:
         certResolver: letsencrypt
       service: thelounge_app
 
-    minio-router:
-      entryPoints:
-        - web-secure
-      rule: "Host(`drive.furyhawk.lol`) || Host(`storage.furyhawk.lol`)"
-      middlewares:
-        - csrf
-      tls:
-        certResolver: letsencrypt
-      service: minio_server
-
-    minio-api-router:
-      entryPoints:
-        - web-secure
-      rule: "Host(`minio.furyhawk.lol`) || Host(`s3.furyhawk.lol`)"
-      middlewares:
-        - csrf
-      tls:
-        certResolver: letsencrypt
-      service: minio_service
-
     neo4j-router:
       entryPoints:
         - web-secure
@@ -321,27 +287,6 @@ http:
         certResolver: letsencrypt
       service: mqttx-web
 
-    osrm-router:
-      entryPoints:
-        - "web-secure"
-      rule: "Host(`osrm.furyhawk.lol`)"
-        # - "osrm"
-      middlewares:
-        - csrf
-      tls:
-        certResolver: letsencrypt
-      service: osrm_service
-
-    syncthing-router:
-      entryPoints:
-        - web-secure
-      rule: "Host(`sync.furyhawk.lol`)"
-      middlewares:
-        - csrf
-      tls:
-        certResolver: letsencrypt
-      service: syncthing_app
-
     bai-router:
       entryPoints:
         - web-secure
@@ -420,7 +365,7 @@ http:
     rate-limit:
       rateLimit:
         average: 384
-        burst: 64
+        burst: 128
         period: 10s
 
     # redirect to resume
@@ -466,10 +411,6 @@ http:
 
   services:
 
-    osrm_service:
-      loadBalancer:
-        servers:
-          - url: http://osrm_backend:5000
     adminer_app:
       loadBalancer:
         servers:
@@ -522,14 +463,6 @@ http:
       loadBalancer:
         servers:
           - url: http://meshtastic_web:8080
-    minio_server:
-      loadBalancer:
-        servers:
-          - url: http://minio_server:9001
-    minio_service:
-      loadBalancer:
-        servers:
-          - url: http://minio_server:9000
     neo4j-browser:
       loadBalancer:
         servers:
@@ -572,10 +505,6 @@ http:
       loadBalancer:
         servers:
           - url: http://mqttx_web:80
-    syncthing_app:
-      loadBalancer:
-        servers:
-          - url: http://syncthing:8384
     site_server:
       loadBalancer:
         servers: