feat: Added Traefik

- Added compose.yaml file containg also certs-dumper to extract certificates - Added traefik.yaml configuration file
2026-02-01 00:28:58 +01:00
parent 22352dd8a7
commit a9c73db45c
3 changed files with 72 additions and 0 deletions
--- a/dist/traefik/.env.template
+++ b/dist/traefik/.env.template
@@ -0,0 +1,4 @@
+BASE_DOMAIN=example.com
+SERVICE_DOMAIN=traefik.example.com
+# admin:admin
+DASHBOARD_HTPASSWORD=admin:$2b$10$1DxaLIdVmJVNcQUmMxdfiOjlnp2gDKiMQjpTNxagVJEoTGTUOfVnG
--- a/dist/traefik/compose.yaml
+++ b/dist/traefik/compose.yaml
@@ -0,0 +1,42 @@
+networks:
+  traefik-network:
+
+services:
+  traefik:
+    image: traefik:v3.6.4
+    container_name: traefik
+    restart: unless-stopped
+    dns:
+      - 1.1.1.1
+      - 8.8.8.8
+    ports:
+      - 80:80
+      - 443:443
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=Host(`${SERVICE_DOMAIN}`)"
+      - "traefik.http.routers.dashboard.entrypoints=https"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.dashboard.middlewares=dashboard-auth"
+      - "traefik.http.middlewares.dashboard-auth.basicauth.users=${DASHBOARD_HTPASSWORD}"
+    command:
+      - "--log.level=DEBUG"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik.yaml:/traefik.yaml:ro
+      - ./acme.json:/acme.json
+      - ./certs:/certs
+    networks:
+      - traefik-network
+
+  traefik-certs-dumper:
+    image: ldez/traefik-certs-dumper:v2.9.3
+    container_name: traefik-certs-dumper
+    restart: unless-stopped
+    volumes:
+      - ./acme.json:/acme.json:ro
+      - ./certs:/output
+    environment:
+      - DOMAIN=${BASE_DOMAIN}
+    command: "file --version v2 --watch --source /acme.json --dest /output"
--- a/dist/traefik/traefik.yaml
+++ b/dist/traefik/traefik.yaml
@@ -0,0 +1,26 @@
+api:
+  insecure: false
+  dashboard: true
+
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+
+providers:
+  docker:
+    exposedByDefault: false
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: YOUR_EMAIL@example.com
+      storage: /acme.json
+      httpChallenge:
+        entryPoint: web