valknar/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Traefik dashboard at proxy.pivoine.art with basic auth

Browse Source 
Added secure access to Traefik dashboard:

**Dashboard Configuration:**
- Enabled Traefik API and dashboard
- Configured router for proxy.pivoine.art
- Secured with HTTP Basic Auth middleware

**Security:**
- Created .htpasswd file with bcrypt credentials
- Added dashboard-auth middleware to dynamic/security.yaml
- Mounted .htpasswd file read-only in container
- Dashboard only accessible via HTTPS with valid credentials

**Environment Updates:**
- Added PROXY_AUTH_USERS to .env (htpasswd hash)
- Added PROXY_TRAEFIK_HOST to arty.yml

Dashboard accessible at: https://proxy.pivoine.art

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Sebastian Krüger
2025-11-06 08:17:42 +01:00
parent f5728b5f9c
commit ec76db69ed
4 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
arty.yml
View File

@@ -90,6 +90,7 @@ envs:
# Proxy # Proxy
PROXY_COMPOSE_PROJECT_NAME: proxy PROXY_COMPOSE_PROJECT_NAME: proxy
PROXY_DOCKER_IMAGE: traefik:latest PROXY_DOCKER_IMAGE: traefik:latest
PROXY_TRAEFIK_HOST: proxy.pivoine.art
# Watchtower # Watchtower
WATCHTOWER_POLL_INTERVAL: 300 WATCHTOWER_POLL_INTERVAL: 300
WATCHTOWER_LABEL_ENABLE: true WATCHTOWER_LABEL_ENABLE: true

1
proxy/auth/.htpasswd Normal file
View File

@@ -0,0 +1 @@
valknar:$apr1$mPI9lhER$CIz4BtA8cQULi4McVZxfz.

12
proxy/compose.yaml
View File

@@ -5,7 +5,7 @@ services:
restart: unless-stopped restart: unless-stopped
command: command:
# API & Dashboard # API & Dashboard
- '--api.dashboard=false' - '--api.dashboard=true'
- '--api.insecure=false' - '--api.insecure=false'
# Logging # Logging
@@ -61,6 +61,16 @@ services:
- letsencrypt_data:/letsencrypt - letsencrypt_data:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro - /var/run/docker.sock:/var/run/docker.sock:ro
- ./dynamic:/etc/traefik/dynamic:ro - ./dynamic:/etc/traefik/dynamic:ro
- ./auth/.htpasswd:/etc/traefik/.htpasswd:ro
labels:
- 'traefik.enable=true'
# Dashboard router
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.rule=Host(`${PROXY_TRAEFIK_HOST}`)'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.entrypoints=web-secure'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.tls.certresolver=resolver'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.service=api@internal'
- 'traefik.http.routers.${PROXY_COMPOSE_PROJECT_NAME}-dashboard.middlewares=dashboard-auth@file'
volumes: volumes:
letsencrypt_data: letsencrypt_data:
name: ${PROXY_COMPOSE_PROJECT_NAME}_letsencrypt_data name: ${PROXY_COMPOSE_PROJECT_NAME}_letsencrypt_data

5
proxy/dynamic/security.yaml
View File

@@ -59,3 +59,8 @@ http:
average: 30 average: 30
burst: 15 burst: 15
period: 1s period: 1s
# Basic Auth for Traefik Dashboard
dashboard-auth:
basicAuth:
usersFile: /etc/traefik/.htpasswd