From 450c9e65f688277c8f198b76437000ac98c09d54 Mon Sep 17 00:00:00 2001 From: Florestan Bredow Date: Wed, 25 Nov 2020 16:10:17 +0100 Subject: [PATCH] Protects dashboard --- .gitignore | 1 + README.md | 16 ++++++++++++++++ conf/traefik.toml | 1 - docker-compose.yml | 8 +++++++- 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index a271d2e..9e66da5 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ conf/acme.json +.env diff --git a/README.md b/README.md index 2e96b43..a3b5b9c 100644 --- a/README.md +++ b/README.md @@ -9,8 +9,24 @@ chmod 600 conf/acme.json docker network create web ``` +Créer et remplir le fichier `.env` sur ce modèle : + +``` +HOSTNAME=host.domain.tld +DASHBOARDUSERS=username:mot_de_passe_chiffré_avec_htpasswd +``` + +Pour créer le mot de passe utiliser la commande + +```bash +htpasswd -n [username] +``` + + + Pour ajouter un service : ------------------------- + Dans le fichier `docker-compose.yml` de ce service , ajouter le réseau `web` : ```yaml networks: diff --git a/conf/traefik.toml b/conf/traefik.toml index 88ad34f..a204534 100644 --- a/conf/traefik.toml +++ b/conf/traefik.toml @@ -8,7 +8,6 @@ level = "WARNING" [api] - insecure = true dashboard = true [entryPoints] diff --git a/docker-compose.yml b/docker-compose.yml index 7be31ea..95bfb67 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,6 @@ services: ports: - "80:80" - "443:443" - - "8080:8080" networks: - web volumes: @@ -14,6 +13,13 @@ services: - ./conf/traefik.toml:/etc/traefik/traefik.toml:ro - ./conf/acme.json:/acme.json - ./conf/custom:/etc/traefik/custom:ro + labels: + - "traefik.http.routers.dashboard.rule=Host(`${HOSTNAME}`)" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.middlewares=auth" + - traefik.http.routers.dashboard.tls=true + - traefik.http.routers.dashboard.tls.certresolver=myresolver + - "traefik.http.middlewares.auth.basicauth.users=${DASHBOARDUSERS}" networks: web: