diff --git a/arty.yml b/arty.yml index 8646694..04cebad 100644 --- a/arty.yml +++ b/arty.yml @@ -90,6 +90,7 @@ envs: # Proxy PROXY_COMPOSE_PROJECT_NAME: proxy PROXY_DOCKER_IMAGE: traefik:latest + PROXY_TRAEFIK_HOST: proxy.pivoine.art # Watchtower WATCHTOWER_POLL_INTERVAL: 300 WATCHTOWER_LABEL_ENABLE: true diff --git a/proxy/auth/.htpasswd b/proxy/auth/.htpasswd new file mode 100644 index 0000000..d4e8f7e --- /dev/null +++ b/proxy/auth/.htpasswd @@ -0,0 +1 @@ +valknar:$apr1$mPI9lhER$CIz4BtA8cQULi4McVZxfz. diff --git a/proxy/compose.yaml b/proxy/compose.yaml index 856abdd..d3f7e95 100644 --- a/proxy/compose.yaml +++ b/proxy/compose.yaml @@ -5,7 +5,7 @@ services: restart: unless-stopped command: # API & Dashboard - - '--api.dashboard=false' + - '--api.dashboard=true' - '--api.insecure=false' # Logging @@ -61,6 +61,16 @@ services: - letsencrypt_data:/letsencrypt - /var/run/docker.sock:/var/run/docker.sock:ro - ./dynamic:/etc/traefik/dynamic:ro + - ./auth/.htpasswd:/etc/traefik/.htpasswd:ro + + labels: + - 'traefik.enable=true' + # Dashboard router + - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.rule=Host(`${PROXY_TRAEFIK_HOST}`)' + - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.entrypoints=web-secure' + - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.tls.certresolver=resolver' + - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.service=api@internal' + - 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.middlewares=dashboard-auth@file' volumes: letsencrypt_data: name: ${PROXY_COMPOSE_PROJECT_NAME}_letsencrypt_data diff --git a/proxy/dynamic/security.yaml b/proxy/dynamic/security.yaml index b6f925b..99f9e08 100644 --- a/proxy/dynamic/security.yaml +++ b/proxy/dynamic/security.yaml @@ -59,3 +59,8 @@ http: average: 30 burst: 15 period: 1s + + # Basic Auth for Traefik Dashboard + dashboard-auth: + basicAuth: + usersFile: /etc/traefik/.htpasswd