Fix Traefik configuration issues and improve security

- Upgrade to traefik:latest to fix Docker API compatibility with v29
- Fix websecure entrypoint indentation in traefik.yml
- Remove obsolete DOCKER_API_VERSION environment variable
- Remove incompatible network_mode: host setting
- Set network to external for multi-compose compatibility
- Add environment variable support for certificate email
- Add acme.json to .gitignore for security
- Create acme.json with correct 600 permissions

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

.env.example

@@ -1,3 +1,4 @@
 DASHBOARD_HOST=
 DASHBOARD_USER=
 DASHNOARD_PASSWORD=
+CERT_EMAIL=

.gitignore

@@ -1 +1,2 @@
 .env
+acme.json

docker-compose.yml

@@ -1,16 +1,13 @@
 services:
   traefik:
-    image: traefik:v3.2
+    image: traefik:latest
     container_name: traefik
     restart: unless-stopped
-    network_mode: host
     security_opt:
       - no-new-privileges:true
     ports:
       - "80:80"
       - "443:443"
-    environment:
-      - DOCKER_API_VERSION=1.44
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./traefik.yml:/etc/traefik/traefik.yml:ro
@@ -25,7 +22,6 @@ services:
       - "traefik.http.routers.traefik-dashboard.tls.certresolver=letsencrypt"
       - "traefik.http.routers.traefik-dashboard.middlewares=traefik-auth"
       - "traefik.http.middlewares.traefik-auth.basicauth.users=${DASHBOARD_USER}:${DASHBOARD_PASSWORD}"
-
 networks:
   traefik-net:
-    external: false
+    external: true

traefik.yml

@@ -15,13 +15,12 @@ websecure:
 certificatesResolvers:
   letsencrypt:
     acme:
-      email: votre@email.com
+      email: ${CERT_EMAIL}
       storage: acme.json
       httpChallenge:
         entryPoint: web
 
 providers:
   docker:
-    endpoint: "unix:///var/run/docker.sock"
     exposedByDefault: false
     network: traefik-net