diff --git a/docker-compose/minio/docker-compose.yml.j2 b/docker-compose/minio/docker-compose.yml.j2 index dc0ce5cd..0d8cbdf6 100644 --- a/docker-compose/minio/docker-compose.yml.j2 +++ b/docker-compose/minio/docker-compose.yml.j2 @@ -15,18 +15,31 @@ services: MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'username') }}" MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'password') }}" command: server /data --console-address ":9001" - healthcheck: + healthcheck: # https://github.com/minio/minio/issues/18389 test: ["CMD", "mc", "ready", "local"] interval: 5s timeout: 5s retries: 5 labels: - traefik.http.routers.minio.rule: Host(`s3.mgrote.net`) traefik.enable: true - traefik.http.routers.minio.tls: true - traefik.http.routers.minio.tls.certresolver: resolver_letsencrypt - traefik.http.routers.minio.entrypoints: entry_https - traefik.http.services.minio.loadbalancer.server.port: 9000 + # s3 + traefik.http.routers.minio-s3.rule: Host(`s3.mgrote.net`) + traefik.http.routers.minio-s3.tls: true + traefik.http.routers.minio-s3.tls.certresolver: resolver_letsencrypt + traefik.http.routers.minio-s3.entrypoints: entry_https + traefik.http.services.minio-s3.loadbalancer.server.port: 9000 + # WebUI + traefik.http.routers.minio-ui.rule: Host(`s3.mgrote.net/ui`) + traefik.http.routers.minio-ui.tls: true + traefik.http.routers.minio-ui.tls.certresolver: resolver_letsencrypt + traefik.http.routers.minio-ui.entrypoints: entry_https + traefik.http.services.minio-ui.loadbalancer.server.port: 9001 + + traefik.http.routers.minio-ui.middlewares: minio-ui-ipallowlist + + traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24,192.168.48.0/24,172.18.0.0/16 # .48. ist Docker + traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth + ######## Networks ######## networks: @@ -51,3 +64,4 @@ volumes: # checkliste # policies in wiki mit reihenfolge # tarefi gitea 429? +# gui auch uber traefik mit szubnet beschrankung