mirror of
https://github.com/stellarshenson/stellars-jupyterhub-ds.git
synced 2026-03-16 17:55:08 +00:00
94 lines
3.1 KiB
YAML
94 lines
3.1 KiB
YAML
# =============================================================================
|
|
# Compose Override - Local Traefik with Self-Signed Certificates
|
|
# =============================================================================
|
|
#
|
|
# PORTS: 80 (HTTP -> redirects to 443) | 443 (HTTPS)
|
|
# CERT: Self-signed cert in ./certs/
|
|
# ACCESS: https://${JUPYTERHUB_HOSTNAME}/ or https://jupyterhub.localhost/
|
|
#
|
|
# Set BASE_HOSTNAME and JUPYTERHUB_HOSTNAME in .env
|
|
#
|
|
# =============================================================================
|
|
|
|
services:
|
|
|
|
traefik:
|
|
image: traefik:latest
|
|
command:
|
|
# Entrypoints
|
|
- "--entrypoints.web.address=:80"
|
|
- "--entrypoints.websecure.address=:443"
|
|
- "--entrypoints.websecure.http.tls=true"
|
|
|
|
# Docker provider
|
|
- "--providers.docker=true"
|
|
- "--providers.docker.exposedbydefault=false"
|
|
|
|
# File provider for TLS certificates
|
|
- "--providers.file.directory=/certs"
|
|
- "--providers.file.watch=true"
|
|
|
|
# API and Dashboard
|
|
- "--api.dashboard=true"
|
|
- "--api.insecure=false"
|
|
|
|
# TLS configuration
|
|
- "--serverstransport.insecureskipverify=true"
|
|
|
|
# Logging
|
|
- "--log.level=INFO"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
- ./certs:/certs:ro
|
|
networks:
|
|
- jupyterhub_network
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
# Global HTTP->HTTPS redirect
|
|
- "traefik.http.routers.http-catchall.rule=HostRegexp(`.+`)"
|
|
- "traefik.http.routers.http-catchall.entrypoints=web"
|
|
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
|
|
- "traefik.http.routers.http-catchall.priority=1"
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
|
|
- "traefik.http.middlewares.redirect-to-https.redirectscheme.permanent=true"
|
|
|
|
# Dashboard: traefik.${BASE_HOSTNAME}
|
|
- "traefik.http.routers.dashboard.rule=Host(`traefik.${BASE_HOSTNAME}`) || HostRegexp(`^traefik(\\..+)?\\.localhost$`)"
|
|
- "traefik.http.routers.dashboard.entrypoints=websecure"
|
|
- "traefik.http.routers.dashboard.tls=true"
|
|
- "traefik.http.routers.dashboard.service=api@internal"
|
|
restart: unless-stopped
|
|
|
|
jupyterhub:
|
|
ports: []
|
|
environment:
|
|
- JUPYTERHUB_BASE_URL=/
|
|
- JUPYTERHUB_IDLE_CULLER_ENABLED=1
|
|
- JUPYTERHUB_SIGNUP_ENABLED=0
|
|
networks:
|
|
- jupyterhub_network
|
|
labels:
|
|
- "traefik.enable=true"
|
|
|
|
# JupyterHub router (root path)
|
|
- "traefik.http.routers.jupyterhub-rtr.rule=Host(`${JUPYTERHUB_PREFIX}${BASE_HOSTNAME}`) || HostRegexp(`^${JUPYTERHUB_PREFIX}(.*\\.)?localhost$`)"
|
|
- "traefik.http.routers.jupyterhub-rtr.entrypoints=websecure"
|
|
- "traefik.http.routers.jupyterhub-rtr.tls=true"
|
|
- "traefik.http.routers.jupyterhub-rtr.service=jupyterhub-svc"
|
|
- "traefik.http.services.jupyterhub-svc.loadbalancer.server.scheme=http"
|
|
- "traefik.http.services.jupyterhub-svc.loadbalancer.server.port=8000"
|
|
|
|
watchtower:
|
|
networks:
|
|
- jupyterhub_network
|
|
|
|
networks:
|
|
jupyterhub_network:
|
|
name: jupyterhub_network
|
|
|
|
# EOF
|