ajout de traefik

2 months ago · c2e33378e4
parent 89f9b129a3
commit c2e33378e4
5 changed files with 35 additions and 11 deletions
--- a/traefik/config/auth.yml
+++ b/traefik/config/auth.yml
@ -0,0 +1,5 @@
+http:
+  middlewares:
+    users-auth:
+      basicAuth:
+        usersFile: "/secrets/traefik_auth_file"
--- a/traefik/config/head.yml
+++ b/traefik/config/head.yml
@ -0,0 +1,12 @@
+http:
+  middlewares:
+    hsts-headers:
+      headers:
+        frameDeny: true
+        browserXssFilter: true
+        contentTypeNosniff: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+        forceStsHeader: true
+        customFrameOptionsValue: "SAMEORIGIN"
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@ -1,11 +1,13 @@
 version: "3.8"

+
 networks:
-  web:
+  traefik:
    external: true
-  interne:
-    internal: true
+   
    
+    
+
 services:
  traefik:
    image: traefik:banon
@ -16,10 +18,9 @@ services:
      - 443:443
    labels:
      - traefik.enable=true
-      - traefik.docker.network=web
-      - traefik.constraint-label=web
+      - traefik.docker.network=traefik
      - traefik.http.middlewares.admin-auth.basicauth.usersfile=/secrets/traefik_auth_file
-      - traefik.http.routers.traefik.rule=Host(`roubaix.${DOMAIN}`)
+      - traefik.http.routers.traefik.rule=Host(`traffic.${DOMAIN}`)
      - traefik.http.routers.traefik.entrypoints=https
      - traefik.http.routers.traefik.tls=true
      - traefik.http.routers.traefik.service=api@internal
@ -30,26 +31,33 @@ services:
      - traefik.http.services.traefik.loadbalancer.server.port=8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
-      - /home/draconis/thrall/volumes/traefik:/certificates
+      - /mnt/nas/voljin/volumes/traefik:/certificates
      - ./secrets:/secrets:ro
      - ./config:/config:ro
      - ./logs:/logs
    command:
+      # ------------------------------------------- providers Docker
      - --providers.docker
      - --providers.docker.exposedbydefault=false
+      # ------------------------------------------- Providers Fichier
      - --providers.file.directory=/config/
      - --providers.file.watch=true
+      # ------------------------------------------- Ports 
      - --entrypoints.http.address=:80
      - --entrypoints.https.address=:443
+      # ------------------------------------------- Redirection vers https
      - --entrypoints.http.http.redirections.entrypoint.to=https
      - --entrypoints.http.http.redirections.entrypoint.scheme=https
+      # ------------------------------------------- Configuration SSL
      - --certificatesresolvers.le.acme.email=${TRAEFIKEMAIL}
      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
      - --certificatesresolvers.le.acme.tlschallenge=true
+      # ------------------------------------------- Configuration traefik
+      - --global.sendanonymoususage=false
      - --accesslog=true
      - --log.level=INFO
      - --log.filePath=/logs/traefik.log
      - --api
    networks:
-      - web
-      - interne
+      - traefik
+      
--- a/traefik/logs/traefik.log
+++ b/traefik/logs/traefik.log
--- a/traefik/secrets/traefik_auth_file
+++ b/traefik/secrets/traefik_auth_file
@ -1,2 +1 @@
-user:$apr1$J4gPKkiin6kjbkjbT(FVJHvjuserit93$h34iuiH8gK6/cS5K2TYGy/
-
+user:$apr1$Jeddcsdc568BDS97D6SDS9DBç!cyçq