added auth api svc

Reviewed-on: #4
Co-authored-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>
Co-committed-by: Vishesh 'ironeagle' Bangotra <aetoskia@gmail.com>

docker-compose.yaml

@@ -13,7 +13,8 @@ services:
       - "./traefik.yaml:/etc/traefik/traefik.yaml:ro"
       - "./dynamic:/etc/traefik/dynamic:ro"
       - "./letsencrypt:/letsencrypt"
-      - "/home/aetos/registry/auth:/auth:ro"  # Basic auth folder
+      - "/home/aetos/registry/auth:/auth:ro"
+      - "/var/log/traefik:/var/log/traefik"
     networks:
       - backend
     extra_hosts:

dynamic/services.yaml

@@ -1,14 +1,45 @@
+# ----------------------
+# TCP (SSH) Routers
+# ----------------------
+tcp:
+  routers:
+    gitea-ssh:
+      entryPoints:
+        - ssh
+      service: gitea-ssh
+      rule: "HostSNI(`*`)"  # SSH does not use SNI
+      tls: false
+
+  services:
+    gitea-ssh:
+      loadBalancer:
+        servers:
+          - address: "private-pi:222"
+
+# ----------------------
+# HTTP Routers & Middlewares
+# ----------------------
 http:
   middlewares:
     basic-auth:
       basicAuth:
         usersFile: /auth/htpasswd
 
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
+
     websocket-headers:
       headers:
         customRequestHeaders:
           Connection: "Upgrade"
           Upgrade: "websocket"
+#      # Preserve auth headers for WS
+#      accessControlAllowHeaders:
+#        - Authorization
+#        - Sec-Websocket-Protocol
+#        - Sec-Websocket-Key
 
     dcr-cors:
       headers:
@@ -25,7 +56,267 @@ http:
           - Content-Type
         accessControlMaxAge: 1728000
 
+    nakama-cors:
+      headers:
+        accessControlAllowOriginList:
+          - "https://games.aetoskia.com"
+        accessControlAllowMethods:
+          - GET
+          - POST
+          - PUT
+          - DELETE
+          - OPTIONS
+        accessControlAllowHeaders:
+          - Authorization
+          - Content-Type
+        accessControlMaxAge: 1728000
+
+    blog-api-strip:
+      stripPrefix:
+        prefixes:
+          - "/blogs"
+
+    coverage-api-strip:
+      stripPrefix:
+        prefixes:
+          - "/coverage"
+
   routers:
+    # ----------------------
+    # HTTP routers for redirect
+    # ----------------------
+    www-http:
+      rule: "Host(`www.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    blog-http:
+      rule: "Host(`blog.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    games-http:
+      rule: "Host(`games.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    # Dashboard
+    traefik-dashboard-http:
+      rule: "Host(`traefik.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    plex-http:
+      rule: "Host(`plex.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    sonarr-http:
+      rule: "Host(`sonarr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    radarr-http:
+      rule: "Host(`radarr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    bazarr-http:
+      rule: "Host(`bazarr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    prowlarr-http:
+      rule: "Host(`prowlarr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    jellyseerr-http:
+      rule: "Host(`jellyseerr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    ombi-http:
+      rule: "Host(`ombi.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    qbit-http:
+      rule: "Host(`qbit.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    gitea-http:
+      rule: "Host(`git.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    docs-http:
+      rule: "Host(`docs.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    drone-http:
+      rule: "Host(`drone.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    dcr-http:
+      rule: "Host(`dcr.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    registry-http:
+      rule: "Host(`registry.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    pypiserver-http:
+      rule: "Host(`pip.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    netdata-http:
+      rule: "Host(`netdata.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    portainer-http:
+      rule: "Host(`portainer.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    mongo-express-http:
+      rule: "Host(`mongo.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    pgadmin-http:
+      rule: "Host(`postgres.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    api-http:
+      rule: "Host(`api.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    nakama-http:
+      rule: "Host(`nakama.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    auth-api-http:
+      rule: "Host(`auth.aetoskia.com`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+      service: noop@internal
+
+    # ----------------------
+    # HTTPS routers
+    # ----------------------
+    # Landing Page
+    www-https:
+      rule: "Host(`www.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: www-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+#        - basic-auth
+        - websocket-headers
+
+    blog:
+      rule: "Host(`blog.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: blog-svc
+      tls:
+        certResolver: aetoskia
+
+    games:
+      rule: "Host(`games.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: games-svc
+      tls:
+        certResolver: aetoskia
+
     # Dashboard
     traefik-dashboard:
       rule: "Host(`traefik.aetoskia.com`)"
@@ -37,7 +328,7 @@ http:
       middlewares:
         - basic-auth
 
-    # Media Services
+    # Media
     plex:
       rule: "Host(`plex.aetoskia.com`)"
       entryPoints:
@@ -62,6 +353,22 @@ http:
       tls:
         certResolver: aetoskia
 
+    bazarr:
+      rule: "Host(`bazarr.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: bazarr-svc
+      tls:
+        certResolver: aetoskia
+
+    prowlarr:
+      rule: "Host(`prowlarr.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: prowlarr-svc
+      tls:
+        certResolver: aetoskia
+
     jellyseerr:
       rule: "Host(`jellyseerr.aetoskia.com`)"
       entryPoints:
@@ -88,9 +395,9 @@ http:
       middlewares:
         - websocket-headers
 
-    # Codebase Services
+    # Codebase
     gitea:
-      rule: "Host(`gitea.aetoskia.com`)"
+      rule: "Host(`git.aetoskia.com`)"
       entryPoints:
         - websecure
       service: gitea-svc
@@ -99,6 +406,16 @@ http:
       middlewares:
         - websocket-headers
 
+    docs:
+      rule: "Host(`docs.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: docs-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - websocket-headers
+
     drone:
       rule: "Host(`drone.aetoskia.com`)"
       entryPoints:
@@ -126,10 +443,26 @@ http:
       service: registry-svc
       tls:
         certResolver: aetoskia
-#      middlewares:
+
-#        - basic-auth
+    pypiserver:
+      rule: "Host(`pip.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: pypiserver-svc
+      tls:
+        certResolver: aetoskia
 
     # Monitoring
+    netdata:
+      rule: "Host(`netdata.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: netdata-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - basic-auth
+
     portainer:
       rule: "Host(`portainer.aetoskia.com`)"
       entryPoints:
@@ -138,7 +471,93 @@ http:
       tls:
         certResolver: aetoskia
 
+    mongo-express:
+      rule: "Host(`mongo.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: mongo-express-svc
+      tls:
+        certResolver: aetoskia
+
+    pgadmin:
+      rule: "Host(`postgres.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: pgadmin-svc
+      tls:
+        certResolver: aetoskia
+
+    blog-api:
+      rule: "Host(`api.aetoskia.com`) && PathPrefix(`/blogs`)"
+      entryPoints:
+        - websecure
+      service: blog-api-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - blog-api-strip
+
+    coverage-api:
+      rule: "Host(`api.aetoskia.com`) && PathPrefix(`/coverage`)"
+      entryPoints:
+        - websecure
+      service: coverage-api-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - coverage-api-strip
+
+    nakama:
+      rule: "Host(`nakama.aetoskia.com`)"
+#      rule: "Host(`nakama.aetoskia.com`) && !PathPrefix(`/ws`)"
+      entryPoints:
+        - websecure
+      service: nakama-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - nakama-cors
+
+    nakama-ws:
+      rule: "Host(`nakama.aetoskia.com`) && PathPrefix(`/ws`)"
+      entryPoints:
+        - websecure
+      service: nakama-svc
+      tls:
+        certResolver: aetoskia
+      middlewares:
+        - websocket-headers
+
+    auth-api:
+      rule: "Host(`auth.aetoskia.com`)"
+      entryPoints:
+        - websecure
+      service: auth-api-svc
+      tls:
+        certResolver: aetoskia
+
   services:
+    # ----------------------
+    # HTTP Services
+    # ----------------------
+    # Landing Page
+    www-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:3001"
+
+    # Blog
+    blog-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:3002"
+
+    # Games
+    games-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:3003"
+
     # Media
     plex-svc:
       loadBalancer:
@@ -155,6 +574,16 @@ http:
         servers:
           - url: "http://server-pi:7878"
 
+    bazarr-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:6767"
+
+    prowlarr-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9696"
+
     jellyseerr-svc:
       loadBalancer:
         servers:
@@ -176,23 +605,71 @@ http:
         servers:
           - url: "http://private-pi:6002"
 
+    docs-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:6007"
+
     drone-svc:
       loadBalancer:
         servers:
-          - url: "http://private-pi:6003"
+          - url: "http://server-pi:6003"
 
     dcr-svc:
       loadBalancer:
         servers:
-          - url: "http://private-pi:6005"
+          - url: "http://server-pi:6005"
 
     registry-svc:
       loadBalancer:
         servers:
-          - url: "http://private-pi:6001"
+          - url: "http://server-pi:6001"
+
+    pypiserver-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:6006"
 
     # Monitoring
+    netdata-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:7001"
+
     portainer-svc:
       loadBalancer:
         servers:
           - url: "http://private-pi:7002"
+
+    mongo-express-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:8001"
+
+    pgadmin-svc:
+      loadBalancer:
+        servers:
+          - url: "http://private-pi:8002"
+
+    # ----------------------
+    # API
+    # ----------------------
+    blog-api-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9001"
+
+    coverage-api-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9002"
+
+    auth-api-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:9003"
+
+    nakama-svc:
+      loadBalancer:
+        servers:
+          - url: "http://server-pi:7350"

traefik.yaml

@@ -3,6 +3,12 @@ entryPoints:
     address: ":80"
   websecure:
     address: ":443"
+  ssh:
+    address: ":22"
+  mongo:
+    address: ":27017"
+  postgres:
+    address: ":5432"
 
 providers:
   file:
@@ -14,6 +20,12 @@ api:
 
 log:
   level: INFO
+  filePath: "/var/log/traefik/traefik.log"
+
+accessLog:
+  filePath: "/var/log/traefik/access.log"
+  bufferingSize: 100
+  format: json
 
 certificatesResolvers:
   aetoskia: