yannic/selfhosting
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

secure traefik api

Browse source
This commit is contained in:
Yax 2020-07-06 19:08:12 +02:00
parent 135f9d174a
commit 74f17237c1
2 changed files with 13 additions and 11 deletions

1
.env.default
View file

@ -12,4 +12,5 @@ HOST_PORTAINER=portainer
HOST_MAIL=mail HOST_MAIL=mail
# other # other
TZ=Europe/Paris TZ=Europe/Paris
BASIC_AUTH=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/

23
traefik/docker-compose.yml
View file

@ -7,7 +7,8 @@ services:
command: command:
- --providers.docker=true - --providers.docker=true
- --providers.docker.exposedbydefault=false - --providers.docker.exposedbydefault=false
- --api.insecure # Don't do that in production - --api=true
- --api.statistics=true
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL} - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
@ -22,16 +23,16 @@ services:
- GANDIV5_API_KEY=${GANDIV5_API_KEY} - GANDIV5_API_KEY=${GANDIV5_API_KEY}
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.dashboard.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`) - traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
- traefik.http.routers.dashboard.entrypoints=web - traefik.http.routers.api.entrypoints=web
- traefik.http.routers.dashboard.entrypoints=websecure - traefik.http.routers.api.entrypoints=websecure
- traefik.http.routers.dashboard.service=api@internal - traefik.http.routers.api.service=api@internal
#- traefik.http.routers.dashboard.tls=true - traefik.http.routers.api.middlewares=auth
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}
- traefik.http.routers.dashboard.tls.domains[0].main=${DOMAIN} # request widlcard certificate
- traefik.http.routers.dashboard.tls.domains[0].sans=*.${DOMAIN} - traefik.http.routers.api.tls.certresolver=letsencrypt
#- traefik.http.services.dashboard.loadbalancer.server.port=8080 - traefik.http.routers.api.tls.domains[0].main=${DOMAIN}
# - traefik.http.routers.dashboard.middlewares=redirect-to-https - traefik.http.routers.api.tls.domains[0].sans=*.${DOMAIN}
# global redirect to https # global redirect to https
- traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`) - traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)
- traefik.http.routers.http-catchall.entrypoints=web - traefik.http.routers.http-catchall.entrypoints=web