feat: expose asciinema admin interface via Traefik

Added admin interface routing at admin.asciinema.pivoine.art: - Port 4002 exposed via Traefik - HTTP Basic Auth protection using AUTH_USERS - HTTPS with Let's Encrypt certificate - Security headers and compression middleware 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-09 04:07:44 +01:00
parent be146b2bb5
commit f647e1327b
1 changed files with 15 additions and 3 deletions
--- a/asciinema/compose.yaml
+++ b/asciinema/compose.yaml
@@ -24,19 +24,31 @@ services:
      SIGN_UP_DISABLED: ${ASCIINEMA_SIGN_UP_DISABLED:-false}
    labels:
      - 'traefik.enable=${ASCIINEMA_TRAEFIK_ENABLED}'
-      # HTTP to HTTPS redirect
+      # Main web interface - HTTP to HTTPS redirect
      - 'traefik.http.middlewares.${ASCIINEMA_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web.middlewares=${ASCIINEMA_COMPOSE_PROJECT_NAME}-redirect-web-secure'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web.rule=Host(`${ASCIINEMA_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
-      # HTTPS router
+      # Main web interface - HTTPS router
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${ASCIINEMA_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${ASCIINEMA_COMPOSE_PROJECT_NAME}-compress.compress=true'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${ASCIINEMA_COMPOSE_PROJECT_NAME}-compress,security-headers@file'
      # Service
      - 'traefik.http.services.${ASCIINEMA_COMPOSE_PROJECT_NAME}.loadbalancer.server.port=4000'
      # Admin interface - HTTP to HTTPS redirect
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin-web.middlewares=${ASCIINEMA_COMPOSE_PROJECT_NAME}-redirect-web-secure'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin-web.rule=Host(`admin.${ASCIINEMA_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin-web.entrypoints=web'
      # Admin interface - HTTPS router with Basic Auth
      - 'traefik.http.middlewares.${ASCIINEMA_COMPOSE_PROJECT_NAME}-auth.basicauth.users=${AUTH_USERS}'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin-web-secure.rule=Host(`admin.${ASCIINEMA_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin-web-secure.entrypoints=web-secure'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin-web-secure.middlewares=${ASCIINEMA_COMPOSE_PROJECT_NAME}-auth,${ASCIINEMA_COMPOSE_PROJECT_NAME}-compress,security-headers@file'
      - 'traefik.http.routers.${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin-web-secure.service=${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin'
      - 'traefik.http.services.${ASCIINEMA_COMPOSE_PROJECT_NAME}-admin.loadbalancer.server.port=4002'
      # Network
      - 'traefik.docker.network=${NETWORK_NAME}'
      # Watchtower
      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'