Add support for Traefik proxy (#189)

* Add template for Traefik

* Use Docker client for version detection

* Add proxy labels support for template config file

* Add tests for EvaluateProjectLabels

* Fix typo in Traefik service file

* Select correct dependency versions

* Fix bug

* Fix https redirect

* Fix entrypoints

* Optimize template

* Fix Jwilder proxy variables

* Fix bug with letsencrypt tls helper

* Fix typo in README

.github/scripts/service-validator/config-schema.py

@@ -141,5 +141,25 @@
                 }
             }
         }
+    },
+    'proxy-labels': {
+        'type': 'list',
+        'schema': {
+            'type': 'dict',
+            'schema': {
+                'name': {
+                    'type': 'string',
+                    'required': True
+                },
+                'value': {
+                    'type': 'string',
+                    'required': True
+                },
+                'condition': {
+                    'type': 'string',
+                    'required': True
+                }
+            }
+        }
     }
 }

.github/workflows/publish.yml

@@ -67,7 +67,7 @@ jobs:
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v2
         with:
-          version: v0.182.1
+          version: v0.183.0
           args: release --rm-dist
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -38,7 +38,7 @@ $ docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/cg
 ```sh
 $ docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock -v ${pwd}:/cg/out chillibits/compose-generator [<command>]
 ```
-*Note: This command does not work with Windows CMD command line. Please use Windows PowerShell instead.*
+*Note: This command does not work with Windows CMD command line. Please use Windows Terminal or PowerShell instead.*
 
 ## Supported host systems & file downloads
 There are downloadable packages available for all supported platforms:

predefined-services/frontend/grafana/config.json

@@ -23,7 +23,7 @@
         {
             "text": "Which version of Grafana do you want to use?",
             "type": 2,
-            "defaultValue": "8.2.1",
+            "defaultValue": "8.2.2",
             "variable": "GRAFANA_VERSION",
             "advanced": true
         }

predefined-services/proxy/nginx/config.json

@@ -17,36 +17,36 @@
             "text": "Default virtual domain (e.g. example.com):",
             "type": 2,
             "validator": "hostname",
-            "variable": "DEFAULT_HOST"
+            "variable": "JWILDER_DEFAULT_HOST"
         },
         {
             "text": "Which version of of JWilder Nginx Proxy do you want to use?",
             "defaultValue": "0.8.0",
             "type": 2,
-            "variable": "PROXY_VERSION",
+            "variable": "JWILDER_PROXY_VERSION",
             "advanced": true
         },
         {
             "text": "Which port do you want to use for HTTP?",
             "defaultValue": "80",
             "type": 2,
             "validator": "port",
-            "variable": "PROXY_HTTP_PORT",
+            "variable": "JWILDER_PROXY_HTTP_PORT",
             "advanced": true
         },
         {
             "text": "Which port do you want to use for HTTPS?",
             "defaultValue": "443",
             "type": 2,
             "validator": "port",
-            "variable": "PROXY_HTTPS_PORT",
+            "variable": "JWILDER_PROXY_HTTPS_PORT",
             "advanced": true
         }
     ],
     "proxy-questions": [
         {
             "text": "Virtual domain:",
-            "defaultValue": "${{CURRENT_SERVICE_NAME}}.${{DEFAULT_HOST}}",
+            "defaultValue": "${{CURRENT_SERVICE_NAME}}.${{JWILDER_DEFAULT_HOST}}",
             "type": 2,
             "validator": "hostname",
             "variable": "VIRTUAL_HOST"
@@ -61,26 +61,26 @@
     "volumes": [
         {
             "text": "Custom path for proxy config volume?",
-            "defaultValue": "./volumes/proxy-config",
-            "variable": "VOLUME_PROXY_CONFIG",
+            "defaultValue": "./volumes/nginx-proxy-config",
+            "variable": "VOLUME_JWILDER_PROXY_CONFIG",
             "advanced": true
         },
         {
             "text": "Custom path for proxy certificates volume?",
-            "defaultValue": "./volumes/proxy-certs",
-            "variable": "VOLUME_PROXY_CERTS",
+            "defaultValue": "./volumes/nginx-proxy-certs",
+            "variable": "VOLUME_JWILDER_PROXY_CERTS",
             "advanced": true
         },
         {
             "text": "Custom path for proxy virtual hosts volume?",
-            "defaultValue": "./volumes/proxy-vhosts",
-            "variable": "VOLUME_PROXY_VHOSTS",
+            "defaultValue": "./volumes/nginx-proxy-vhosts",
+            "variable": "VOLUME_JWILDER_PROXY_VHOSTS",
             "advanced": true
         },
         {
             "text": "Custom path for proxy HTML volume?",
-            "defaultValue": "./volumes/proxy-html",
-            "variable": "VOLUME_PROXY_HTML",
+            "defaultValue": "./volumes/nginx-proxy-html",
+            "variable": "VOLUME_JWILDER_PROXY_HTML",
             "advanced": true
         }
     ]

predefined-services/proxy/nginx/service.yml

@@ -1,12 +1,12 @@
-image: jwilder/nginx-proxy:${{PROXY_VERSION}}
+image: jwilder/nginx-proxy:${{JWILDER_PROXY_VERSION}}
 container_name: ${{PROJECT_NAME_CONTAINER}}-proxy-nginx
 restart: always
 volumes:
   - /var/run/docker.sock:/tmp/docker.sock:ro
-  - ${{VOLUME_PROXY_CERTS}}:/etc/nginx/certs:ro
-  - ${{VOLUME_PROXY_CONFIG}}:/etc/nginx/conf.d
-  - ${{VOLUME_PROXY_VHOSTS}}:/etc/nginx/vhost.d:ro
-  - ${{VOLUME_PROXY_HTML}}:/usr/share/nginx/html
+  - ${{VOLUME_JWILDER_PROXY_CERTS}}:/etc/nginx/certs:ro
+  - ${{VOLUME_JWILDER_PROXY_CONFIG}}:/etc/nginx/conf.d
+  - ${{VOLUME_JWILDER_PROXY_VHOSTS}}:/etc/nginx/vhost.d:ro
+  - ${{VOLUME_JWILDER_PROXY_HTML}}:/usr/share/nginx/html
 ports:
   - 80:80
   - 443:443

predefined-services/proxy/traefik/README.md

@@ -0,0 +1,2 @@
+## Traefik Reverse Proxy
+Traefik is an open-source edge router that supports automatic service detection/exposure and fully-automated TLS certificate issuing/renewal. Thus, it can be used as single-service reverse proxy without a TLS helper service.

predefined-services/proxy/traefik/config.json

@@ -0,0 +1,103 @@
+{
+    "label": "Traefik Proxy",
+    "preselected": "false",
+    "proxied": true,
+    "files": [
+        {
+            "path": "service.yml",
+            "type": "service"
+        },
+        {
+            "path": "README.md",
+            "type": "docs"
+        },
+        {
+            "path": "./volumes/traefik-proxy-config/traefik.yml",
+            "type": "config"
+        }
+    ],
+    "questions": [
+        {
+            "text": "Default virtual domain (e.g. example.com):",
+            "type": 2,
+            "validator": "hostname",
+            "variable": "TRAEFIK_DEFAULT_HOST"
+        },
+        {
+            "text": "Default email address:",
+            "defaultValue": "webmaster@${{TRAEFIK_DEFAULT_HOST}}",
+            "type": 2,
+            "validator": "email",
+            "variable": "TRAEFIK_DEFAULT_EMAIL"
+        },
+        {
+            "text": "Which version of of Traefik Proxy do you want to use?",
+            "defaultValue": "2.5.3",
+            "type": 2,
+            "variable": "TRAEFIK_PROXY_VERSION",
+            "advanced": true
+        },
+        {
+            "text": "Which port do you want to use for HTTP?",
+            "defaultValue": "80",
+            "type": 2,
+            "validator": "port",
+            "variable": "TRAEFIK_PROXY_HTTP_PORT",
+            "advanced": true
+        },
+        {
+            "text": "Which port do you want to use for HTTPS?",
+            "defaultValue": "443",
+            "type": 2,
+            "validator": "port",
+            "variable": "TRAEFIK_PROXY_HTTPS_PORT",
+            "advanced": true
+        },
+        {
+            "text": "Which port do you want to use for the Traefik web interface?",
+            "defaultValue": "8080",
+            "type": 2,
+            "validator": "port",
+            "variable": "TRAEFIK_PROXY_INTERFACE_PORT"
+        }
+    ],
+    "proxy-questions": [
+        {
+            "text": "Virtual domain:",
+            "defaultValue": "${{CURRENT_SERVICE_NAME}}.${{TRAEFIK_DEFAULT_HOST}}",
+            "type": 2,
+            "validator": "hostname",
+            "variable": "TRAEFIK_VIRTUAL_HOST"
+        }
+    ],
+    "proxy-labels": [
+        {
+            "name": "traefik.enable",
+            "value": "true",
+            "condition": "true"
+        },
+        {
+            "name": "traefik.http.routers.${{CURRENT_SERVICE_NAME}}.rule",
+            "value": "Host(`${{TRAEFIK_VIRTUAL_HOST}}`)",
+            "condition": "true"
+        },
+        {
+            "name": "traefik.http.routers.${{CURRENT_SERVICE_NAME}}.tls",
+            "value": "true",
+            "condition": "true"
+        },
+        {
+            "name": "traefik.http.routers.${{CURRENT_SERVICE_NAME}}.tls.certresolver",
+            "value": "letsEncrypt",
+            "condition": "true"
+        }
+    ],
+    "volumes": [
+        {
+            "text": "Custom path for proxy config volume?",
+            "defaultValue": "./volumes/traefik-proxy-config",
+            "variable": "VOLUME_TRAEFIK_PROXY_CONFIG",
+            "advanced": true
+        }
+    ]
+}

predefined-services/proxy/traefik/service.yml

@@ -0,0 +1,13 @@
+image: traefik:v${{TRAEFIK_PROXY_VERSION}}
+container_name: ${{PROJECT_NAME_CONTAINER}}-proxy-traefik
+restart: always
+volumes:
+  - /var/run/docker.sock:/var/run/docker.sock
+  - ${{VOLUME_TRAEFIK_PROXY_CONFIG}}:/etc/traefik:ro
+ports:
+  - 80:80
+  - 443:443
+  - ${{TRAEFIK_PROXY_INTERFACE_PORT}}:8080
+profiles:
+  - prod
+command: --providers.docker

predefined-services/proxy/traefik/volumes/traefik-proxy-config/traefik.yml

@@ -0,0 +1,29 @@
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    watch: true
+
+api:
+  dashboard: true
+
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: "https"
+          scheme: "https"
+  https:
+    address: ":443"
+
+certificatesResolvers:
+  letsEncrypt:
+    acme:
+      email: ${{TRAEFIK_DEFAULT_EMAIL}}
+      storage: acme.json
+      tlsChallenge: {}
+
+global:
+  checkNewVersion: true

predefined-services/tls-helper/letsencrypt/config.json

@@ -1,6 +1,6 @@
 {
     "label": "Lets Encrypt Companion",
-    "preselected": "true",
+    "preselected": "services.proxy contains name == \"nginx\"",
     "proxied": true,
     "files": [
         {
@@ -15,7 +15,7 @@
     "questions": [
         {
             "text": "Default TLS Certificate E-Mail Address:",
-            "defaultValue": "webmaster@${{DEFAULT_HOST}}",
+            "defaultValue": "webmaster@${{JWILDER_DEFAULT_HOST}}",
             "type": 2,
             "validator": "email",
             "variable": "TLS_DEFAULT_EMAIL"
@@ -24,40 +24,34 @@
     "proxy-questions": [
         {
             "text": "Let's Encrypt host:",
-            "defaultValue": "${{CURRENT_SERVICE_NAME}}.${{DEFAULT_HOST}}",
+            "defaultValue": "${{CURRENT_SERVICE_NAME}}.${{JWILDER_DEFAULT_HOST}}",
             "type": 2,
             "validator": "hostname",
             "variable": "LETSENCRYPT_HOST"
         },{
             "text": "TLS Certificate E-Mail Address:",
-            "defaultValue": "webmaster@${{DEFAULT_HOST}}",
+            "defaultValue": "webmaster@${{JWILDER_DEFAULT_HOST}}",
             "type": 2,
             "validator": "email",
             "variable": "TLS_EMAIL"
         }
     ],
     "volumes": [
-        {
-            "text": "Custom path for proxy config volume?",
-            "defaultValue": "./volumes/proxy-config",
-            "variable": "VOLUME_PROXY_CONFIG",
-            "advanced": true
-        },
         {
             "text": "Custom path for proxy certificates volume?",
-            "defaultValue": "./volumes/proxy-certs",
+            "defaultValue": "./volumes/nginx-proxy-certs",
             "variable": "VOLUME_PROXY_CERTS",
             "advanced": true
         },
         {
             "text": "Custom path for proxy virtual hosts volume?",
-            "defaultValue": "./volumes/proxy-vhosts",
+            "defaultValue": "./volumes/nginx-proxy-vhosts",
             "variable": "VOLUME_PROXY_VHOSTS",
             "advanced": true
         },
         {
             "text": "Custom path for proxy HTML volume?",
-            "defaultValue": "./volumes/proxy-html",
+            "defaultValue": "./volumes/nginx-proxy-html",
             "variable": "VOLUME_PROXY_HTML",
             "advanced": true
         }

src/cmd/generate.go

@@ -97,6 +97,7 @@ func Generate(c *cli.Context) error {
 		ForceConfig: flagForce,
 		Vars:        make(model.Vars),
 		ProxyVars:   make(map[string]model.Vars),
+		ProxyLabels: make(map[string]model.Labels),
 		Secrets:     []model.ProjectSecret{},
 	}
 	config := &model.GenerateConfig{}
@@ -148,8 +149,8 @@ func EnrichProjectWithServices(project *model.CGProject, config *model.GenerateC
 		BackendServices:  []model.PredefinedTemplateConfig{},
 		DatabaseServices: []model.PredefinedTemplateConfig{},
 		DbAdminServices:  []model.PredefinedTemplateConfig{},
-		ProxyService:     []model.PredefinedTemplateConfig{},
-		TlsHelperService: []model.PredefinedTemplateConfig{},
+		ProxyServices:     []model.PredefinedTemplateConfig{},
+		TlsHelperServices: []model.PredefinedTemplateConfig{},
 	}
 	if project.ProductionReady {
 		generateChooseProxiesPass(project, availableTemplates, selectedTemplates, config)