diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..ddf27b9 --- /dev/null +++ b/.env.example @@ -0,0 +1,3 @@ +DASHBOARD_HOST= +DASHBOARD_USER= +DASHNOARD_PASSWORD= diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..bf9ebca --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,31 @@ +services: + traefik: + image: traefik:v3.2 + container_name: traefik + restart: unless-stopped + network_mode: host + security_opt: + - no-new-privileges:true + ports: + - "80:80" + - "443:443" + environment: + - DOCKER_API_VERSION=1.44 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./traefik.yml:/etc/traefik/traefik.yml:ro + - ./acme.json:/acme.json + networks: + - traefik-net + labels: + - "traefik.enable=true" + - "traefik.http.routers.traefik-dashboard.rule=Host(`${DASHBOARD_HOST}`)" + - "traefik.http.routers.traefik-dashboard.entrypoints=websecure" + - "traefik.http.routers.traefik-dashboard.service=api@internal" + - "traefik.http.routers.traefik-dashboard.tls.certresolver=letsencrypt" + - "traefik.http.routers.traefik-dashboard.middlewares=traefik-auth" + - "traefik.http.middlewares.traefik-auth.basicauth.users=${DASHBOARD_USER}:${DASHBOARD_PASSWORD}" + +networks: + traefik-net: + external: false diff --git a/traefik.yml b/traefik.yml new file mode 100644 index 0000000..6415266 --- /dev/null +++ b/traefik.yml @@ -0,0 +1,27 @@ +api: + dashboard: true + +entryPoints: + web: + address: ":80" + http: + redirections: + entryPoint: + to: websecure + scheme: https +websecure: + address: ":443" + +certificatesResolvers: + letsencrypt: + acme: + email: votre@email.com + storage: acme.json + httpChallenge: + entryPoint: web + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false + network: traefik-net