From a6f1a596284d65d20e37633c69c6b07b9411e186 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Fri, 19 Apr 2024 23:20:57 -0400 Subject: [PATCH] Disable Traefik dashboard and update TLS settings - Set dashboard to false by default for security - Rename ENABLE_TLS to DASHBOARD_TLS for clarity - Link traefik.enable to DASHBOARD environment variable --- README.md | 7 +++---- docker-compose.https.yml | 6 +++--- docker-compose.yml | 6 +++--- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 0239115..b35ce71 100644 --- a/README.md +++ b/README.md @@ -38,19 +38,18 @@ Here's a brief explanation of the variables used in the docker-compose files: - `NAME`: The name assigned to the created container (default: `traefik`). ### Traefik Settings -- `DASHBOARD`: Enable(=true) or disable(=false) the Traefik API dashboard (default: `true`). +- `DASHBOARD`: Enable(=true) or disable(=false) the Traefik API dashboard (default: `false`). - `DOMAIN`: The domain name where Traefik's dashboard is accessible (default: `traefik.local.krislamo.org`). - `ENTRYPOINT`: The entry point for the dashboard (default: `local`). - `EXPOSED_BY_DEFAULT`: Expose Docker containers by default without needing specific labels (default: `false`). ### Network Settings - `NETWORK`: The Docker network to be used (default: `traefik`). -- `WEB_PORT`: Binding for the regular HTTP traffic (default: `0.0.0.0:80:80`). -- `WEBSECURE_PORT`: Binding for HTTPS traffic (default: `0.0.0.0:443:443`). +- `WEB_PORT`: Binding for the regular HTTP traffic (defaults vary). +- `WEBSECURE_PORT`: Binding for HTTPS traffic (default: `0.0.0.0:443:443`, only on HTTPS version). - `LOCAL_PORT`: Binding for local HTTPS traffic (default: `127.0.0.1:8443:8443`). ### Other Settings -- `ENABLE`: Enable(=true) or disable(=false) Traefik to expose its API and dashboard (default: `false`). - `LOG_LEVEL`: Logging level (default: `ERROR`). - `DEBUG`: Enable(=true) or turn off(=false) API debugging (default: `false`). diff --git a/docker-compose.https.yml b/docker-compose.https.yml index fa00e00..ebf2450 100644 --- a/docker-compose.https.yml +++ b/docker-compose.https.yml @@ -14,7 +14,7 @@ services: command: - --providers.docker=true - --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false} - - --api.dashboard=${DASHBOARD:-true} + - --api.dashboard=${DASHBOARD:-false} - --api.debug=${DEBUG:-false} - --log.level=${LOG_LEVEL:-ERROR} - --entrypoints.web.address=:80 @@ -31,9 +31,9 @@ services: - "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)" - "traefik.http.routers.${ROUTER:-traefik}.service=api@internal" - "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}" - - "traefik.http.routers.${ROUTER:-traefik}.tls=${ENABLE_TLS:-true}" + - "traefik.http.routers.${ROUTER:-traefik}.tls=${DASHBOARD_TLS:-true}" - "traefik.docker.network=${NETWORK:-traefik}" - - "traefik.enable=${ENABLE:-false}" + - "traefik.enable=${DASHBOARD:-false}" networks: - traefik volumes: diff --git a/docker-compose.yml b/docker-compose.yml index 5da5b2d..62e274c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,7 +14,7 @@ services: command: - --providers.docker=true - --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false} - - --api.dashboard=${DASHBOARD:-true} + - --api.dashboard=${DASHBOARD:-false} - --api.debug=${DEBUG:-false} - --log.level=${LOG_LEVEL:-ERROR} - --entrypoints.web.address=:80 @@ -26,9 +26,9 @@ services: - "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)" - "traefik.http.routers.${ROUTER:-traefik}.service=api@internal" - "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}" - - "traefik.http.routers.${ROUTER:-traefik}.tls=${ENABLE_TLS:-true}" + - "traefik.http.routers.${ROUTER:-traefik}.tls=${DASHBOARD_TLS:-true}" - "traefik.docker.network=${NETWORK:-traefik}" - - "traefik.enable=${ENABLE:-false}" + - "traefik.enable=${DASHBOARD:-false}" networks: - traefik volumes: