-
Notifications
You must be signed in to change notification settings - Fork 0
Setting up Gordon’s Backend
The first step is to create a persistent network that will remain available even if Traefik goes down.
In this example, I'm using Podman, but the commands are the same for Docker.
podman network create traefikTo confirm creation, use the podman network ps command:
podman network ps
NETWORK ID NAME VERSION PLUGINS
2f159bab938a podman 0.4.0 bridge,portmap,firewall,tuning
838bd7f810a0 traefik 0.4.0 bridge,portmap,firewall,tuning,dnsnameNow, let's proceed with Traefik's installation and configuration.
podman pull traefik:latestBelow is a basic configuration for Traefik:
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /run/user/1000/podman/podman.sock:/var/run/docker.sock
- ./acme.json:/acme.json
- ./traefik.yml:/etc/traefik/traefik.yml
networks:
- traefik
networks:
traefik:
external: trueTraefik uses traefik.yml for configuration, and acme.json to store SSL/TLS certificates for subdomains.
api:
dashboard: false
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
letsencrypt:
acme:
email: [email protected]
storage: acme.json
httpChallenge:
entryPoint: webCreate this file and set its permissions to read/write for your user only:
touch acme.json
chmod 600 acme.jsonGordon is by design very close to the Traefik configuration.
services:
gordon:
container_name: gordon-testing
image: ghcr.io/bnema/gordon:latest
environment:
SESSION_SECRET: "define a secret for your session"
volumes:
- ./data:/data
- ./config.yml:/config.yml
- /run/user/1000/podman/podman.sock:/var/run/docker.sock
restart: unless-stopped
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.gordon.rule=Host(`gordon.foobar.com`)"
- "traefik.http.routers.gordon.entrypoints=websecure"
ports:
- "8383:80"
networks:
traefik:
external: trueYour config.yml should be in the same directory as your docker-compose.yml.
General:
storageDir: ./data
Http:
domain: # <- Your domain + tld
subDomain: # <- Same as you've defined in your Traefik's docker-compose.yml
Admin:
path: /your_admin_path # <- Your webui route path, be creative
ContainerEngine:
dockersock: /var/run/docker.sock For instance:
- domain: foobar.com
- subDomain: gordon
- path: /admin
The final URL to access Gordon's backend will be https://gordon.foobar.com/admin.
Proceed to create your data/ directory, which should initially be empty. Gordon will generate the necessary database files there upon first launch.
Ensure the configuration file and directory are secure:
chmod 600 config.yml
chmod 700 data/Once everything is setup, its time to start the container
podman-compose upYou should see output similar to:
[gordon] | Login with the new token: 048c11ca0fae4e28e3bb8c10c19a2dff
[gordon] | Configuration saved to /config.yml
2023/11/09 10:00:13 Starting server on port 80Use the provided token and the URL from the example above for the initial login.
For instance:
Token: 48c11ca0fae4e28e3bb8c10c19a2dff
URL: https://gordon.foobar.com/admin
For the first login attempt, append the token to the URL as a query parameter:
https://gordon.foobar.com/admin?token=48c11ca0fae4e28e3bb8c10c19a2dffComplete the GitHub OAuth process, and if successful, you will be redirected to the manager view.
Finally, restart your container
podman-compose down && podman-compose up -dBy following these steps, you should have Gordon and Traefik properly configured and operational. ✌️