secure traefik api

2020-07-06 19:08:12 +02:00 · 2020-07-06 19:08:12 +02:00 · 74f17237c1
commit 74f17237c1
parent 135f9d174a
2 changed files with 13 additions and 11 deletions
--- a/.env.default
+++ b/.env.default
@ -12,4 +12,5 @@ HOST_PORTAINER=portainer
 HOST_MAIL=mail
 # other
 TZ=Europe/Paris
+BASIC_AUTH=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@ -7,7 +7,8 @@ services:
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false      
-      - --api.insecure # Don't do that in production
+      - --api=true
+      - --api.statistics=true
      - --entrypoints.web.address=:80      
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
@ -22,16 +23,16 @@ services:
      - GANDIV5_API_KEY=${GANDIV5_API_KEY}
    labels: 
      - traefik.enable=true
-      - traefik.http.routers.dashboard.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
-      - traefik.http.routers.dashboard.entrypoints=web
-      - traefik.http.routers.dashboard.entrypoints=websecure
-      - traefik.http.routers.dashboard.service=api@internal      
-      #- traefik.http.routers.dashboard.tls=true
-      - traefik.http.routers.dashboard.tls.certresolver=letsencrypt
-      - traefik.http.routers.dashboard.tls.domains[0].main=${DOMAIN}
-      - traefik.http.routers.dashboard.tls.domains[0].sans=*.${DOMAIN}         
-      #- traefik.http.services.dashboard.loadbalancer.server.port=8080
-#      - traefik.http.routers.dashboard.middlewares=redirect-to-https
+      - traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
+      - traefik.http.routers.api.entrypoints=web
+      - traefik.http.routers.api.entrypoints=websecure
+      - traefik.http.routers.api.service=api@internal   
+      - traefik.http.routers.api.middlewares=auth
+      - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}
+      # request widlcard certificate
+      - traefik.http.routers.api.tls.certresolver=letsencrypt
+      - traefik.http.routers.api.tls.domains[0].main=${DOMAIN}
+      - traefik.http.routers.api.tls.domains[0].sans=*.${DOMAIN}
      # global redirect to https
      - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
      - traefik.http.routers.http-catchall.entrypoints=web