From 165d984b35841bf3fd159807edffdd45e740818d Mon Sep 17 00:00:00 2001
From: Simon C <simonc@linux.com>
Date: Thu, 11 Nov 2021 09:53:00 +0100
Subject: [PATCH] feat(Traefik): Add ovh, secure, redirect configuration

---
 traefik/docker-compose.ovh.yml      | 17 +++++++++++++++++
 traefik/docker-compose.redirect.yml | 14 ++++++++++++++
 traefik/docker-compose.secure.yml   | 25 +++++++++++++++++++++++++
 3 files changed, 56 insertions(+)
 create mode 100644 traefik/docker-compose.ovh.yml
 create mode 100644 traefik/docker-compose.redirect.yml
 create mode 100644 traefik/docker-compose.secure.yml

diff --git a/traefik/docker-compose.ovh.yml b/traefik/docker-compose.ovh.yml
new file mode 100644
index 0000000..e7889bc
--- /dev/null
+++ b/traefik/docker-compose.ovh.yml
@@ -0,0 +1,17 @@
+version: "3.8"
+
+services:
+  traefik:
+    environment:
+      OVH_APPLICATION_KEY: ${TRAEFIK_OVH_APPLICATION_KEY}
+      OVH_APPLICATION_SECRET: ${TRAEFIK_OVH_APPLICATION_SECRET}
+      OVH_CONSUMER_KEY: ${TRAEFIK_OVH_CONSUMER_KEY}
+      OVH_ENDPOINT: ${OVH_ENDPOINT:-ovh-eu}
+      OVH_POLLING_INTERVAL: ${OVH_POLLING_INTERVAL:-30}
+      OVH_PROPAGATION_TIMEOUT: ${OVH_PROPAGATION_TIMEOUT:-3600}
+    command:
+      - --certificatesResolvers.ovh.acme.dnsChallenge=true
+      - --certificatesResolvers.ovh.acme.dnsChallenge.provider=ovh
+      # - --certificatesResolvers.ovh.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+      - --certificatesresolvers.ovh.acme.storage=/traefik/ovh.json
+      - --certificatesresolvers.ovh.acme.email=${TRAEFIK_EMAIL}
diff --git a/traefik/docker-compose.redirect.yml b/traefik/docker-compose.redirect.yml
new file mode 100644
index 0000000..c180a29
--- /dev/null
+++ b/traefik/docker-compose.redirect.yml
@@ -0,0 +1,14 @@
+version: "3.8"
+
+services:
+  traefik:
+    command:
+      # Redirection HTTP to HTTPS
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+    labels:
+      # Redirection to remove www.
+      traefik.http.middlewares.redirect-www.redirectregex.permanent: 'true'
+      traefik.http.middlewares.redirect-www.redirectregex.regex: 'https://www\.(.*)'
+      traefik.http.middlewares.redirect-www.redirectregex.replacement: 'https://$${1}'
+      traefik.entrypoints.websecure.http.middlewares: '["redirect-www"]'
diff --git a/traefik/docker-compose.secure.yml b/traefik/docker-compose.secure.yml
new file mode 100644
index 0000000..bdaff66
--- /dev/null
+++ b/traefik/docker-compose.secure.yml
@@ -0,0 +1,25 @@
+version: "3.8"
+
+networks:
+  default:
+    driver: bridge
+
+services:
+  ports:
+    - target: 443
+      published: 443
+      protocol: tcp
+      mode: host
+  command:
+    - --providers.file.filename=/traefik/dynamic_conf.toml
+
+    - --entrypoints.websecure.address=:443
+
+    - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
+    - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
+    - --certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_EMAIL}
+    - --certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json
+  labels:
+      traefik.http.routers.traefik.entrypoints: 'websecure'
+      traefik.http.routers.traefik.tls.certResolver: 'letsencrypt'
+      traefik.http.routers.traefik.priority: '2000'