feat: First version (#1)

.gitattributes

@@ -1,4 +1,5 @@
 * text=auto
 *.sh            eol=lf
 **/run          eol=lf
+**/finish       eol=lf
 */services.d/*  eol=lf

.github/settings.yml

@@ -1,6 +1,6 @@
 # https://developer.github.com/v3/repos/#edit
 repository:
-  name: docker-$$IMAGE_NAME$$
+  name: docker-traefik
   description: ""
   homepage: https://homecentr.github.io/
   private: false
@@ -21,7 +21,7 @@ branches:
     protection:
       required_status_checks:
         strict: true
-        contexts: [ ".github/workflows/ci.yml" ]
+        contexts: [ "build" ]
       required_pull_request_reviews: null
       enforce_admins: false
       restrictions:

.github/workflows/ci.yml

@@ -6,7 +6,7 @@ on:
   pull_request:
 
 env:
-  IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+  IMAGE_NAME: "homecentr/traefik"
 
 jobs:
   build:
@@ -30,7 +30,7 @@ jobs:
         run: docker build . -t ${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
 
       - name: Test Docker image
-        run: cd tests && sudo gradle test --info -Dimage_tag=${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
+        run: cd tests && sudo gradle test --info -Ddocker_image_tag=${{ env.IMAGE_NAME }}:${{ steps.vars.outputs.docker_tag }}
 
       - name: Scan with Phonito Security
         uses: phonito/phonito-scanner-action@master

.github/workflows/ci_cd.yml

@@ -5,7 +5,7 @@ on:
       - master
 
 env:
-  IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+  IMAGE_NAME: "homecentr/traefik"
 
 jobs:
   build:
@@ -40,7 +40,7 @@ jobs:
 
       - name: Test Docker image
         if: env.RELEASE_VERSION != ''
-        run: cd tests && sudo gradle test -Dimage_tag=${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
+        run: cd tests && sudo gradle test -Ddocker_image_tag=${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
 
       - name: Scan with Phonito Security
         if: env.RELEASE_VERSION != ''

.github/workflows/regular_scan.yml

@@ -4,7 +4,7 @@ on:
     - cron: '0 6 * * *'
 
 env:
-  IMAGE_NAME: "homecentr/$$IMAGE_NAME$$"
+  IMAGE_NAME: "homecentr/traefik"
 
 jobs:
   build:

Dockerfile

@@ -1 +1,20 @@
-FROM alpine
+FROM traefik:v2.2.1 as traefik
+
+FROM homecentr/base:2.4.0-alpine
+
+ENV TRAEFIK_ARGS=""
+ENV XDG_CONFIG_HOME="/config"
+
+COPY --from=traefik /usr/local/bin/traefik /usr/local/bin/traefik
+COPY --from=traefik /etc/ssl/certs /etc/ssl/certs
+
+# Grant the named process to open a well-known port (1-1024) which normally requires root permissions
+RUN apk add --no-cache libcap=2.27-r0 && \
+    setcap 'cap_net_bind_service=+ep' /usr/local/bin/traefik
+
+COPY ./fs/ /
+
+VOLUME "/config"
+
+EXPOSE 80
+EXPOSE 443

README.md

@@ -1,47 +1,51 @@
-[![Project status](https://badgen.net/badge/project%20status/stable%20%26%20actively%20maintaned?color=green)](https://github.com/homecentr/docker-$$IMAGE_NAME$$/graphs/commit-activity) [![](https://badgen.net/github/label-issues/homecentr/docker-$$IMAGE_NAME$$/bug?label=open%20bugs&color=green)](https://github.com/homecentr/docker-$$IMAGE_NAME$$/labels/bug) [![](https://badgen.net/github/release/homecentr/docker-$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$)
-[![](https://badgen.net/docker/pulls/homecentr/$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$) 
-[![](https://badgen.net/docker/size/homecentr/$$IMAGE_NAME$$)](https://hub.docker.com/repository/docker/homecentr/$$IMAGE_NAME$$)
+[![Project status](https://badgen.net/badge/project%20status/stable%20%26%20actively%20maintaned?color=green)](https://github.com/homecentr/docker-traefik/graphs/commit-activity) [![](https://badgen.net/github/label-issues/homecentr/docker-traefik/bug?label=open%20bugs&color=green)](https://github.com/homecentr/docker-traefik/labels/bug) [![](https://badgen.net/github/release/homecentr/docker-traefik)](https://hub.docker.com/repository/docker/homecentr/traefik)
+[![](https://badgen.net/docker/pulls/homecentr/traefik)](https://hub.docker.com/repository/docker/homecentr/traefik) 
+[![](https://badgen.net/docker/size/homecentr/traefik)](https://hub.docker.com/repository/docker/homecentr/traefik)
 
-![CI/CD on master](https://github.com/homecentr/docker-$$IMAGE_NAME$$/workflows/CI/CD%20on%20master/badge.svg)
-![Regular Docker image vulnerability scan](https://github.com/homecentr/docker-$$IMAGE_NAME$$/workflows/Regular%20Docker%20image%20vulnerability%20scan/badge.svg)
+![CI/CD on master](https://github.com/homecentr/docker-traefik/workflows/CI/CD%20on%20master/badge.svg)
+![Regular Docker image vulnerability scan](https://github.com/homecentr/docker-traefik/workflows/Regular%20Docker%20image%20vulnerability%20scan/badge.svg)
 
 
-# HomeCentr - $$IMAGE_NAME$$
-
+# HomeCentr - traefik
+This docker image is a repack of [Traefik](https://github.com/containous/traefik) compliant with the HomeCenter docker images standard (S6 overlay, privilege drop etc.).
 
 ## Usage
 
 ```yml
 version: "3.7"
 services:
-  $$IMAGE_NAME$$:
-    build: .
-    image: homecentr/$$IMAGE_NAME$$
+  traefik:
+    image: homecentr/traefik
+  ports:
+  - "80:80"
 ```
 
 ## Environment variables
 
 | Name | Default value | Description |
 |------|---------------|-------------|
-| PUID | 7077 | UID of the user $$IMAGE_NAME$$ should be running as. |
-| PGID | 7077 | GID of the user $$IMAGE_NAME$$ should be running as. |
+| PUID | 7077 | UID of the user traefik should be running as. |
+| PGID | 7077 | GID of the user traefik should be running as. |
+| TRAEFIK_ARGS | | Additional arguments to pass to Traefic. |
 
 ## Exposed ports
 
 | Port | Protocol | Description |
 |------|------|-------------|
-| 80 | TCP | Some useful details |
+| 80 | TCP | Default HTTP |
+
+> Traefik can expose any configured port (e.g. HTTPS/443) but it needs to configured. The table specifies only the ports explicitly exposed in the Dockerfile.
 
 ## Volumes
 
 | Container path | Description |
 |------------|---------------|
-| /config | Some useful details |
+| /config | Traefik configuration files in case you decide to configure it using a file. The files can also be placed at `/etc/traefik`, but for unification with other homecentr images the default location is /config. |
 
 ## Security
-The container is regularly scanned for vulnerabilities and updated. Further info can be found in the [Security tab](https://github.com/homecentr/docker-$$IMAGE_NAME$$/security).
+The container is regularly scanned for vulnerabilities and updated. Further info can be found in the [Security tab](https://github.com/homecentr/docker-traefik/security).
 
 ### Container user
-The container supports privilege drop. Even though the container starts as root, it will use the permissions only to perform the initial set up. The $$IMAGE_NAME$$ process runs as UID/GID provided in the PUID and PGID environment variables.
+The container supports privilege drop. Even though the container starts as root, it will use the permissions only to perform the initial set up. The traefik process runs as UID/GID provided in the PUID and PGID environment variables.
 
 :warning: Do not change the container user directly using the `user` Docker compose property or using the `--user` argument. This would break the privilege drop logic.

docker-compose.yml

@@ -1,6 +1,21 @@
 version: "3.7"
 services:
-  $$IMAGE_NAME$$:
+  nginx:
+    image: nginx
+    ports:
+      - "8080:80"
+    volumes:
+      - ./example/nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+
+  traefik:
     build: .
-    image: homecentr/$$IMAGE_NAME$$
-    restart: unless-stopped
+    image: homecentr/traefik:local
+    ports:
+      - "80:80"
+    volumes:
+      - ./example/traefik/traefik.yaml:/config/traefik.yaml:ro
+      - ./example/traefik/nginx.yaml:/nginx.yaml:ro
+
+networks:
+  default:
+    driver: bridge  

example/nginx/nginx.conf

@@ -0,0 +1,7 @@
+server {
+  listen 80;
+
+  location / {
+    return 200 'Hello, world!';
+  }
+}

example/traefik/nginx.yaml

@@ -0,0 +1,14 @@
+http:
+  routers:
+    nginx-file:
+      entryPoints:
+      - http
+      service: nginx
+      rule: Path(`/nginx`)
+
+  services:
+    nginx:
+      loadBalancer:
+        servers:
+        - url: http://nginx:80/
+        passHostHeader: true

example/traefik/traefik.yaml

@@ -0,0 +1,14 @@
+providers:
+  file:
+    filename: /nginx.yaml
+
+entryPoints:
+  http:
+    address: ":80"
+
+ping:
+  entryPoint: "http"
+
+api:
+  dashboard: true
+  insecure: true  

fs/etc/services.d/traefik/finish

@@ -0,0 +1,3 @@
+#!/usr/bin/execlineb -S1
+
+s6-svscanctl -t /var/run/s6/services

fs/etc/services.d/traefik/run

@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv ash
+
+exec runas traefik $TRAEFIK_ARGS

package.json

@@ -1,15 +1,15 @@
 { 
-  "name": "homecentr-$$IMAGE_NAME$$",
+  "name": "homecentr-traefik",
   "version": "1.0.0",
   "description": "",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/homecentr/docker-$$IMAGE_NAME$$.git"
+    "url": "git+https://github.com/homecentr/docker-traefik.git"
   },
   "author": "",
   "license": "MIT",
   "bugs": {
-    "url": "https://github.com/homecentr/docker-$$IMAGE_NAME$$/issues"
+    "url": "https://github.com/homecentr/docker-traefik/issues"
   },
-  "homepage": "https://github.com/homecentr/docker-$$IMAGE_NAME$$#readme"
+  "homepage": "https://github.com/homecentr/docker-traefik#readme"
 }

tests/.classpath

@@ -6,12 +6,6 @@
 			<attribute name="gradle_used_by_scope" value="test"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="src" output="bin/test" path="src/test/resources">
-		<attributes>
-			<attribute name="gradle_scope" value="test"/>
-			<attribute name="gradle_used_by_scope" value="test"/>
-		</attributes>
-	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>
 	<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer"/>
 	<classpathentry kind="output" path="bin/default"/>