secure traefik api

This commit is contained in:
Yax 2020-07-06 19:08:12 +02:00
parent 135f9d174a
commit 74f17237c1
2 changed files with 13 additions and 11 deletions

View file

@ -12,4 +12,5 @@ HOST_PORTAINER=portainer
HOST_MAIL=mail
# other
TZ=Europe/Paris
BASIC_AUTH=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

View file

@ -7,7 +7,8 @@ services:
command:
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --api.insecure # Don't do that in production
- --api=true
- --api.statistics=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
@ -22,16 +23,16 @@ services:
- GANDIV5_API_KEY=${GANDIV5_API_KEY}
labels:
- traefik.enable=true
- traefik.http.routers.dashboard.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
- traefik.http.routers.dashboard.entrypoints=web
- traefik.http.routers.dashboard.entrypoints=websecure
- traefik.http.routers.dashboard.service=api@internal
#- traefik.http.routers.dashboard.tls=true
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
- traefik.http.routers.dashboard.tls.domains[0].main=${DOMAIN}
- traefik.http.routers.dashboard.tls.domains[0].sans=*.${DOMAIN}
#- traefik.http.services.dashboard.loadbalancer.server.port=8080
# - traefik.http.routers.dashboard.middlewares=redirect-to-https
- traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
- traefik.http.routers.api.entrypoints=web
- traefik.http.routers.api.entrypoints=websecure
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=auth
- traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}
# request widlcard certificate
- traefik.http.routers.api.tls.certresolver=letsencrypt
- traefik.http.routers.api.tls.domains[0].main=${DOMAIN}
- traefik.http.routers.api.tls.domains[0].sans=*.${DOMAIN}
# global redirect to https
- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
- traefik.http.routers.http-catchall.entrypoints=web