added auth api svc

Reviewed-on: #4
Co-authored-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>
Co-committed-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>

dynamic/services.yaml

@@ -1,14 +1,3 @@
-# ----------------------
-# EntryPoints
-# ----------------------
-entryPoints:
-  web:
-    address: ":80"
-  websecure:
-    address: ":443"
-  ssh:
-    address: ":22"
-
 # ----------------------
 # TCP (SSH) Routers
 # ----------------------
@@ -46,6 +35,11 @@ http:
         customRequestHeaders:
           Connection: "Upgrade"
           Upgrade: "websocket"
+#      # Preserve auth headers for WS
+#      accessControlAllowHeaders:
+#        - Authorization
+#        - Sec-Websocket-Protocol
+#        - Sec-Websocket-Key
 
     dcr-cors:
       headers:
@@ -62,6 +56,31 @@ http:
           - Content-Type
         accessControlMaxAge: 1728000
 
+    nakama-cors:
+      headers:
+        accessControlAllowOriginList:
+          - "https://games.aetoskia.com"
+        accessControlAllowMethods:
+          - GET
+          - POST
+          - PUT
+          - DELETE
+          - OPTIONS
+        accessControlAllowHeaders:
+          - Authorization
+          - Content-Type
+        accessControlMaxAge: 1728000
+
+    blog-api-strip:
+      stripPrefix:
+        prefixes:
+          - "/blogs"
+
+    coverage-api-strip:
+      stripPrefix:
+        prefixes:
+          - "/coverage"
+
   routers:
     # ----------------------
     # HTTP routers for redirect
@@ -74,6 +93,22 @@ http:
         - redirect-to-https
       service: noop@internal
 
+    blog-http:
+      rule: "Host(`blog.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    games-http:
+      rule: "Host(`games.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
     # Dashboard
     traefik-dashboard-http:
       rule: "Host(`traefik.aetoskia.com`)"
@@ -107,6 +142,14 @@ http:
         - redirect-to-https
       service: noop@internal
 
+    bazarr-http:
+      rule: "Host(`bazarr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
     prowlarr-http:
       rule: "Host(`prowlarr.aetoskia.com`)"
       entryPoints:
@@ -140,7 +183,15 @@ http:
       service: noop@internal
 
     gitea-http:
-      rule: "Host(`gitea.aetoskia.com`)"
+      rule: "Host(`git.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    docs-http:
+      rule: "Host(`docs.aetoskia.com`)"
       entryPoints:
         - web
       middlewares:
@@ -171,6 +222,22 @@ http:
         - redirect-to-https
       service: noop@internal
 
+    pypiserver-http:
+      rule: "Host(`pip.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    netdata-http:
+      rule: "Host(`netdata.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
     portainer-http:
       rule: "Host(`portainer.aetoskia.com`)"
       entryPoints:
@@ -179,6 +246,46 @@ http:
         - redirect-to-https
       service: noop@internal
 
+    mongo-express-http:
+      rule: "Host(`mongo.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    pgadmin-http:
+      rule: "Host(`postgres.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    api-http:
+      rule: "Host(`api.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    nakama-http:
+      rule: "Host(`nakama.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    auth-api-http:
+      rule: "Host(`auth.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
     # ----------------------
     # HTTPS routers
     # ----------------------
@@ -194,6 +301,22 @@ http:
 #        - basic-auth
         - websocket-headers
 
+    blog:
+      rule: "Host(`blog.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: blog-svc
+      tls:
+        certResolver: aetoskia
+
+    games:
+      rule: "Host(`games.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: games-svc
+      tls:
+        certResolver: aetoskia
+
     # Dashboard
     traefik-dashboard:
       rule: "Host(`traefik.aetoskia.com`)"
@@ -230,6 +353,14 @@ http:
       tls:
         certResolver: aetoskia
 
+    bazarr:
+      rule: "Host(`bazarr.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: bazarr-svc
+      tls:
+        certResolver: aetoskia
+
     prowlarr:
       rule: "Host(`prowlarr.aetoskia.com`)"
       entryPoints:
@@ -266,7 +397,7 @@ http:
 
     # Codebase
     gitea:
-      rule: "Host(`gitea.aetoskia.com`)"
+      rule: "Host(`git.aetoskia.com`)"
       entryPoints:
         - websecure
       service: gitea-svc
@@ -275,6 +406,16 @@ http:
       middlewares:
         - websocket-headers
 
+    docs:
+      rule: "Host(`docs.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: docs-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - websocket-headers
+
     drone:
       rule: "Host(`drone.aetoskia.com`)"
       entryPoints:
@@ -303,7 +444,25 @@ http:
       tls:
         certResolver: aetoskia
 
+    pypiserver:
+      rule: "Host(`pip.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: pypiserver-svc
+      tls:
+        certResolver: aetoskia
+
     # Monitoring
+    netdata:
+      rule: "Host(`netdata.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: netdata-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - basic-auth
+
     portainer:
       rule: "Host(`portainer.aetoskia.com`)"
       entryPoints:
@@ -312,15 +471,92 @@ http:
       tls:
         certResolver: aetoskia
 
-# ----------------------
+    mongo-express:
-# HTTP Services
+      rule: "Host(`mongo.aetoskia.com`)"
-# ----------------------
+      entryPoints:
+        - websecure
+      service: mongo-express-svc
+      tls:
+        certResolver: aetoskia
+
+    pgadmin:
+      rule: "Host(`postgres.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: pgadmin-svc
+      tls:
+        certResolver: aetoskia
+
+    blog-api:
+      rule: "Host(`api.aetoskia.com`) && PathPrefix(`/blogs`)"
+      entryPoints:
+        - websecure
+      service: blog-api-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - blog-api-strip
+
+    coverage-api:
+      rule: "Host(`api.aetoskia.com`) && PathPrefix(`/coverage`)"
+      entryPoints:
+        - websecure
+      service: coverage-api-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - coverage-api-strip
+
+    nakama:
+      rule: "Host(`nakama.aetoskia.com`)"
+#      rule: "Host(`nakama.aetoskia.com`) && !PathPrefix(`/ws`)"
+      entryPoints:
+        - websecure
+      service: nakama-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - nakama-cors
+
+    nakama-ws:
+      rule: "Host(`nakama.aetoskia.com`) && PathPrefix(`/ws`)"
+      entryPoints:
+        - websecure
+      service: nakama-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - websocket-headers
+
+    auth-api:
+      rule: "Host(`auth.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: auth-api-svc
+      tls:
+        certResolver: aetoskia
+
   services:
+    # ----------------------
+    # HTTP Services
+    # ----------------------
     # Landing Page
     www-svc:
       loadBalancer:
         servers:
-          - url: "http://private-pi:3001"
+          - url: "http://server-pi:3001"
+
+    # Blog
+    blog-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:3002"
+
+    # Games
+    games-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:3003"
 
     # Media
     plex-svc:
@@ -338,6 +574,11 @@ http:
         servers:
           - url: "http://server-pi:7878"
 
+    bazarr-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:6767"
+
     prowlarr-svc:
       loadBalancer:
         servers:
@@ -364,23 +605,71 @@ http:
         servers:
           - url: "http://private-pi:6002"
 
+    docs-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:6007"
+
     drone-svc:
       loadBalancer:
         servers:
-          - url: "http://private-pi:6003"
+          - url: "http://server-pi:6003"
 
     dcr-svc:
       loadBalancer:
         servers:
-          - url: "http://private-pi:6005"
+          - url: "http://server-pi:6005"
 
     registry-svc:
       loadBalancer:
         servers:
-          - url: "http://private-pi:6001"
+          - url: "http://server-pi:6001"
+
+    pypiserver-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:6006"
 
     # Monitoring
+    netdata-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:7001"
+
     portainer-svc:
       loadBalancer:
         servers:
           - url: "http://private-pi:7002"
+
+    mongo-express-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:8001"
+
+    pgadmin-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:8002"
+
+    # ----------------------
+    # API
+    # ----------------------
+    blog-api-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9001"
+
+    coverage-api-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9002"
+
+    auth-api-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9003"
+
+    nakama-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:7350"

traefik.yaml

@@ -3,6 +3,12 @@ entryPoints:
     address: ":80"
   websecure:
     address: ":443"
+  ssh:
+    address: ":22"
+  mongo:
+    address: ":27017"
+  postgres:
+    address: ":5432"
 
 providers:
   file: