▍Homer¶
Настройка Homer в Docker Swarm¶
С ростом количества сервисов в docker и ПУ всяких железок встал вопрос организации своего локального дашборда, чтобы можно было зайти на некую центральную точку и с неё уже быстро перейти в нужный сервис. Этой некой центральной точкой у нас будет Homer
.
Docker-compose¶
nano dashboard.yml
version: '3.9'
services:
homer:
image: b4bz/homer:latest
volumes:
- /docker/conf/homer:/www/assets
networks:
- traefik-public
deploy:
replicas: 1
restart_policy:
condition: any
delay: 5s
window: 120s
update_config:
parallelism: 1
monitor: 60s
failure_action: rollback
order: start-first
placement:
constraints: [node.role == worker]
labels:
- "traefik.enable=true"
- "traefik.http.routers.homer.rule=Host(`homer.example.ru`)"
- "traefik.http.routers.homer.entrypoints=https"
- "traefik.http.routers.homer.tls=true"
- "traefik.http.routers.homer.middlewares=WhitelistHome"
- "traefik.http.services.homer.loadbalancer.server.port=8080"
networks:
traefik-public:
external: true
Конфигурация¶
nano /docker/conf/homer/config.yml
---
# Homepage configuration
title: ""
subtitle: ""
logo: "logo.png"
columns: "4"
connectivityCheck: true
#icon: "fas fa-skull-crossbones" # Optional icon
header: false
footer: false
#footer: '<p>Created with <span class="has-text-danger">❤</span> with <a href="https://bulma.io/">bulma</a>, <a href="https://vuejs.org/">vuejs</a> & <a href="https://fontawesome.com/">font awesome</a> // Fork me on <a href="https://github.com/bastienwirtz/homer"><i class="fab fa-github-alt"></i></a></p>' # set false if you want to hide it.
# Optional theme customization
theme: default
colors:
light:
highlight-primary: "#3367d6"
highlight-secondary: "#4285f4"
highlight-hover: "#5a95f5"
background: "#f5f5f5"
card-background: "#ffffff"
text: "#363636"
text-header: "#ffffff"
text-title: "#303030"
text-subtitle: "#424242"
card-shadow: rgba(0, 0, 0, 0.1)
link: "#3273dc"
link-hover: "#363636"
dark:
highlight-primary: "#3367d6"
highlight-secondary: "#4285f4"
highlight-hover: "#5a95f5"
background: "#131313"
card-background: "#2b2b2b"
text: "#eaeaea"
text-header: "#ffffff"
text-title: "#fafafa"
text-subtitle: "#f5f5f5"
card-shadow: rgba(0, 0, 0, 0.4)
link: "#3273dc"
link-hover: "#ffdd57"
links:
- name: "daffin"
icon: "fab fa-github"
url: "https://daffin.ru"
target: "_blank" # optional html a tag target attribute
# Services
# First level array represent a group.
# Leave only a "items" key if not using group (group name, icon & tagstyle are optional, section separation will not be displayed).
services:
- name: "Разработка"
icon: "fas fa-cloud"
items:
- name: "Code server"
type: Ping
logo: "assets/png/codeserver.png"
subtitle: "IDE VS code"
tag: "app"
url: "https://vs.example.ru/"
target: "_blank"
method: "head"
- name: "GitLab"
type: Ping
logo: "assets/png/gitlab.png"
subtitle: "Git репозиторий"
tag: "app"
url: "https://gitlab.example.ru/"
target: "_blank"
- name: "Registry"
type: Ping
logo: "assets/png/docker-moby.png"
subtitle: "Docker репозиторий"
tag: "app"
url: "https://registry.example.ru/"
target: "_blank"
- name: "Adminer"
type: Ping
logo: "assets/png/adminer.png"
subtitle: ""
tag: "app"
url: "https://adminer.example.ru/"
target: "_blank"
- name: "PhpMyAdmin"
type: Ping
logo: "assets/png/phpmyadmin.png"
subtitle: ""
tag: "app"
url: "https://pma.example.ru/"
target: "_blank"
- name: "PgAdmin"
type: Ping
logo: "assets/png/pgadmin.png"
subtitle: ""
tag: "app"
url: "https://pgadmin.example.ru"
target: "_blank"
Запуск¶
Решение проблем¶
Если вы хотите чтобы отображался индикатор доступности сервиса (зелёный/красный огонёк), который активируется строкой "type: Ping", то можно столкнуться с блокировкой запросов к сервисам из-за политики CORS (Cross-origin resource sharing)
Т.к. у меня используется Traefik, то на его стороне добавил блок параметров CORS
:
nano config.yml
Далее приведу пример docker-compose gitlab: http:
routers:
middlewares:
default-headers:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
customResponseHeaders:
server: Blackbox
x-powered-by: Blackbox
referrerpolicy: same-origin
permissionsPolicy: geolocation=(self), microphone=(), camera=()
WhitelistHome:
ipWhiteList:
sourceRange:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
CORS:
headers:
accessControlAllowMethods:
- OPTION
- POST
- GET
- PUT
- DELETE
accessControlAllowCredentials: true
accessControlAllowHeaders:
- "*"
accessControlAllowOriginList:
- https://dashboard.example.ru
accessControlMaxAge: 100
addVaryHeader: true
sslRedirect: true
secured:
chain:
middlewares:
- default-whitelist
- default-headers
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
curvePreferences:
- CurveP521
- CurveP384
minVersion: VersionTLS12
sniStrict: true
mintls13:
minVersion: VersionTLS13
gitlab:
image: gitlab/gitlab-ce:latest
environment:
# GITLAB_SKIP_UNMIGRATED_DATA_CHECK: 'true'
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.example.ru'
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.mail.ru"
gitlab_rails['smtp_port'] = 465
gitlab_rails['smtp_user_name'] = "[email protected]"
gitlab_rails['smtp_password'] = "PASSWORD"
gitlab_rails['smtp_domain'] = "mail.ru"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true
gitlab_rails['smtp_openssl_verify_mode'] = 'peer'
gitlab_rails['gitlab_email_from'] = '[email protected]'
gitlab_rails['gitlab_email_reply_to'] = '[email protected]'
patroni['remove_data_directory_on_rewind_failure'] = true
patroni['remove_data_directory_on_diverged_timelines'] = true
ports:
- "2222:22"
volumes:
- /docker/conf/gitlab:/etc/gitlab
- /docker/data/gitlab:/var/opt/gitlab
- /etc/localtime:/etc/localtime:ro
networks:
- traefik-public
deploy:
replicas: 1
restart_policy:
condition: any
delay: 5s
window: 120s
update_config:
parallelism: 1
monitor: 600s
failure_action: continue
order: stop-first
placement:
constraints: [node.role == worker]
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitlab.tls=true"
- "traefik.http.routers.gitlab.rule=Host(`gitlab.example.ru`)"
- "traefik.http.routers.gitlab.middlewares=WhitelistHome,CORS@file"
- "traefik.http.services.gitlab.loadbalancer.server.port=80"
middlewares
перечислить, что хотим подключить в промежуточный слой, в нашем случае это IP фильтрация и политика CORS.