sudo apt update && sudo apt upgrade -y
sudo timedatectl set-timezone America/Sao_Paulo
hostnamectl set-hostname <NOME_DO_SERVIDOR>
sudo sed -i "s/127.0.0.1[[:space:]]localhost/127.0.0.1 <NOME_DO_SERVIDOR>/g" /etc/hosts
sudo apt-get update
sudo apt-get install -y apparmor-utils
ip=$(curl -s ifconfig.me)
curl -fsSL https://get.docker.com | bash
docker swarm init --advertise-addr $ip
docker network create --driver=overlay <NOME_DA_REDE_INTERNA>
nano traefik.yaml
version: "3.7"
services:
traefik:
image: traefik:latest
command:
- "--api.dashboard=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=NOME_DA_REDE_INTERNA" ## ---> NOME DA REDE INTERNA <--- ##
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/etc/traefik/letsencrypt/acme.json"
- "--certificatesresolvers.letsencryptresolver.acme.email=SEU_EMAIL_AQUI" ## ---> SEU EMAIL <--- ##
- "--log.level=DEBUG"
- "--log.format=common"
- "--log.filePath=/var/log/traefik/traefik.log"
- "--accesslog=true"
- "--accesslog.filepath=/var/log/traefik/access-log"
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.redirect-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.redirect-https.redirectscheme.permanent=true"
- "traefik.http.routers.http-catchall.rule=Host(\`{host:.+}\`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-https@docker"
- "traefik.http.routers.http-catchall.priority=1"
volumes:
- "vol_certificates:/etc/traefik/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
networks:
- NOME_DA_REDE_INTERNA ## ---> NOME DA REDE INTERNA <--- ##
volumes:
vol_shared:
external: true
name: volume_swarm_shared
vol_certificates:
external: true
name: volume_swarm_certificates
networks:
NOME_DA_REDE_INTERNA: ## ---> NOME DA REDE INTERNA <--- ##
external: true
name: NOME_DA_REDE_INTERNA ## ---> NOME DA REDE INTERNA <--- ##
docker stack deploy --prune --resolve-image always -c traefik.yaml traefik > /dev/null 2>&1
nano portainre.yaml
version: "3.7"
services:
agent:
image: portainer/agent:latest
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- NOME_DA_REDE_INTERNA ## ---> NOME DA REDE INTERNA <--- ##
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- portainer_data:/data
networks:
- NOME_DA_REDE_INTERNA ## ---> NOME DA REDE INTERNA <--- ##
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`URL_DO_PORTAINER`)" ## ---> URL DO PORTAINER <--- ##
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.portainer.service=portainer"
- "traefik.docker.network=NOME_DA_REDE_INTERNA" ## ---> NOME DA REDE INTERNA <--- ##
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.priority=1"
networks:
NOME_DA_REDE_INTERNA: ## ---> NOME DA REDE INTERNA <--- ##
external: true
attachable: true
name: NOME_DA_REDE_INTERNA ## ---> NOME DA REDE INTERNA <--- ##
volumes:
portainer_data:
external: true
name: portainer_data
docker stack deploy --prune --resolve-image always -c portainer.yaml portainer
version: "3.7"
services:
postgres:
image: postgres:14
environment:
- POSTGRES_PASSWORD=SENHA_POSTGRES ## ---> SENHA POSTGRES <--- ##
networks:
- NOME_DA_REDE_INTERNA ## ---> REDE INTERNA <--- ##
#ports: ## ---> DESCOMENTAR CASO DESEJE ACESSAR O POSTGRES EXTERNAMENTE <--- ##
# - 5432:5432 ## ---> DESCOMENTAR CASO DESEJE ACESSAR O POSTGRES EXTERNAMENTE <--- ##
volumes:
- postgres_data:/var/lib/postgresql/data
deploy:
mode: replicated
replicas: 1
placement:
constraints:
- node.role == manager
resources:
limits:
cpus: "0.5"
memory: 1024M
volumes:
postgres_data:
external: true
name: postgres_data
networks:
NOME_DA_REDE_INTERNA: ## ---> SENHA POSTGRES <--- ##
external: true
name: NOME_DA_REDE_INTERNA ## ---> SENHA POSTGRES <--- ##