Selaa lähdekoodia

Merge pull request #103 from ChristianLempa/72-update-teleport-to-the-latest-version-13

72 update teleport to the latest version 13
Christian Lempa 2 vuotta sitten
vanhempi
commit
362284f603

+ 50 - 0
docker-compose/teleport/config/teleport.yaml

@@ -0,0 +1,50 @@
+version: v2
+teleport:
+  nodename: your-server-name
+  data_dir: /var/lib/teleport
+  log:
+    output: stderr
+    severity: INFO
+    format:
+      output: text
+auth_service:
+  enabled: "yes"
+  listen_addr: 0.0.0.0:3025
+  proxy_listener_mode: multiplex
+  cluster_name: your-server-url
+  # -- (Optional) Passwordless Authentication
+  # authentication:
+  #   type: local
+  #   second_factor: on
+  #   webauthn:
+  #     rp_id: your-server-url
+  #   connector_name: passwordless
+  # -- (Optional) Teleport Assist
+  # assist:
+  #   openai:
+  #     api_token_path: /etc/teleport/openai_key
+ssh_service:
+  enabled: "no"
+proxy_service:
+  enabled: "yes"
+  web_listen_addr: 0.0.0.0:3080
+  # -- (Optional) when using reverse proxy
+  # public_addr: ['your-server-url:443']
+  https_keypairs: []
+  acme: {}
+  # --(Optional) ACME
+  # acme:
+  #   enabled: "yes"
+  #   email: your-email-address
+  # -- (Optional) Teleport Assist
+  # assist:
+  #   openai:
+  #     api_token_path: /etc/teleport/openai_key
+app_service:
+  enabled: no
+  # -- (Optional) App Service
+  # enabled: yes
+  # apps:
+  #   - name: "portainer"
+  #     uri: "http://your-app-url"
+  #     insecure_skip_verify: false

+ 0 - 44
docker-compose/teleport/config/teleport.yml

@@ -1,44 +0,0 @@
-version: v2
-teleport:
-  nodename: your-server-name
-  data_dir: /var/lib/teleport
-  log:
-    output: stderr
-    severity: INFO
-    format:
-      output: text
-  ca_pin: ""
-  diag_addr: ""
-auth_service:
-  enabled: "yes"
-  listen_addr: 0.0.0.0:3025
-  proxy_listener_mode: multiplex
-  cluster_name: your-server-url
-  # ---
-  # (Optional) Passwordless Authentication
-  # authentication:
-  #   type: local
-  #   second_factor: on
-  #   webauthn:
-  #     rp_id: your-server-url
-  #   connector_name: passwordless
-  # ---
-ssh_service:
-  enabled: "yes"
-  commands:
-  - name: hostname
-    command: [hostname]
-    period: 1m0s
-proxy_service:
-  enabled: "yes"
-  web_listen_addr: 0.0.0.0:443
-  public_addr: your-server-url
-  https_keypairs: []
-  acme: {}
-  # ---
-  # (Optional) ACME
-  # acme:
-  #   enabled: "yes"
-  #   email: your-email-address
-  # ---
-

+ 21 - 17
docker-compose/teleport/docker-compose.yaml

@@ -1,12 +1,14 @@
 ---
-networks:
-  frontend:
-    external: true
+# -- (Optional) When using Traefik, use this section
+# networks:
+#   your-traefik-network:
+#     external: true
 services:
   teleport:
     image: public.ecr.aws/gravitational/teleport-distroless:13
     container_name: teleport
     ports:
+      # -- (Optional) Remove this section, when using Traefik
       - "3080:3080"
       - "3023:3023"
       - "3024:3024"
@@ -14,17 +16,19 @@ services:
     volumes:
       - ./config:/etc/teleport
       - ./data:/var/lib/teleport
-    labels: {}
-      # -- (Optional) Traefik example configuration
-      # traefik.enable: "true"
-      # traefik.http.services.teleport.loadbalancer.server.port: "3080"
-      # traefik.http.services.teleport.loadbalancer.server.scheme: "https"
-      # traefik.http.routers.teleport-http.entrypoints: "web"
-      # traefik.http.routers.teleport-http.rule: "Host(`your-server-url`)"
-      # traefik.http.routers.teleport-https.entrypoints: "websecure"
-      # traefik.http.routers.teleport-https.rule: "Host(`your-server-url`)"
-      # traefik.http.routers.teleport-https.tls: "true"
-      # traefik.http.routers.teleport-https.tls.certresolver: "your-certresolver"
-    networks:
-      - frontend
-    restart: unless-stopped
+    # -- (Optional) Traefik example configuration
+    # labels:
+      # - "traefik.enable=true"
+      # - "traefik.http.services.teleport.loadbalancer.server.port=3080"
+      # - "traefik.http.services.teleport.loadbalancer.server.scheme=https"
+      # - "traefik.http.routers.teleport-http.entrypoints=web"
+      # - "traefik.http.routers.teleport-http.rule=HostRegexp(`your-server-url`, `{subhost:[a-z]+}.your-server-url`)"
+      # - "traefik.http.routers.teleport-https.entrypoints=websecure"
+      # - "traefik.http.routers.teleport-https.rule=HostRegexp(`your-server-url`, `{subhost:[a-z]+}.your-server-url`)"
+      # - "traefik.http.routers.teleport-https.tls=true"
+      # - "traefik.http.routers.teleport-https.tls.certresolver=your-certresolver"
+      # - "traefik.http.routers.teleport-https.tls.domains[0].main=your-server-url"
+      # - "traefik.http.routers.teleport-https.tls.domains[0].sans=*.your-server-url"
+    # networks:
+    #   - your-traefik-network
+    restart: unless-stopped