Disable Traefik dashboard and update TLS settings

- Set dashboard to false by default for security
- Rename ENABLE_TLS to DASHBOARD_TLS for clarity
- Link traefik.enable to DASHBOARD environment variable
This commit is contained in:
Kris Lamoureux 2024-04-19 23:20:57 -04:00
parent 0c72db2690
commit a6f1a59628
Signed by: kris
GPG Key ID: 3EDA9C3441EDA925
3 changed files with 9 additions and 10 deletions

View File

@ -38,19 +38,18 @@ Here's a brief explanation of the variables used in the docker-compose files:
- `NAME`: The name assigned to the created container (default: `traefik`). - `NAME`: The name assigned to the created container (default: `traefik`).
### Traefik Settings ### Traefik Settings
- `DASHBOARD`: Enable(=true) or disable(=false) the Traefik API dashboard (default: `true`). - `DASHBOARD`: Enable(=true) or disable(=false) the Traefik API dashboard (default: `false`).
- `DOMAIN`: The domain name where Traefik's dashboard is accessible (default: `traefik.local.krislamo.org`). - `DOMAIN`: The domain name where Traefik's dashboard is accessible (default: `traefik.local.krislamo.org`).
- `ENTRYPOINT`: The entry point for the dashboard (default: `local`). - `ENTRYPOINT`: The entry point for the dashboard (default: `local`).
- `EXPOSED_BY_DEFAULT`: Expose Docker containers by default without needing specific labels (default: `false`). - `EXPOSED_BY_DEFAULT`: Expose Docker containers by default without needing specific labels (default: `false`).
### Network Settings ### Network Settings
- `NETWORK`: The Docker network to be used (default: `traefik`). - `NETWORK`: The Docker network to be used (default: `traefik`).
- `WEB_PORT`: Binding for the regular HTTP traffic (default: `0.0.0.0:80:80`). - `WEB_PORT`: Binding for the regular HTTP traffic (defaults vary).
- `WEBSECURE_PORT`: Binding for HTTPS traffic (default: `0.0.0.0:443:443`). - `WEBSECURE_PORT`: Binding for HTTPS traffic (default: `0.0.0.0:443:443`, only on HTTPS version).
- `LOCAL_PORT`: Binding for local HTTPS traffic (default: `127.0.0.1:8443:8443`). - `LOCAL_PORT`: Binding for local HTTPS traffic (default: `127.0.0.1:8443:8443`).
### Other Settings ### Other Settings
- `ENABLE`: Enable(=true) or disable(=false) Traefik to expose its API and dashboard (default: `false`).
- `LOG_LEVEL`: Logging level (default: `ERROR`). - `LOG_LEVEL`: Logging level (default: `ERROR`).
- `DEBUG`: Enable(=true) or turn off(=false) API debugging (default: `false`). - `DEBUG`: Enable(=true) or turn off(=false) API debugging (default: `false`).

View File

@ -14,7 +14,7 @@ services:
command: command:
- --providers.docker=true - --providers.docker=true
- --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false} - --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false}
- --api.dashboard=${DASHBOARD:-true} - --api.dashboard=${DASHBOARD:-false}
- --api.debug=${DEBUG:-false} - --api.debug=${DEBUG:-false}
- --log.level=${LOG_LEVEL:-ERROR} - --log.level=${LOG_LEVEL:-ERROR}
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
@ -31,9 +31,9 @@ services:
- "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)" - "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)"
- "traefik.http.routers.${ROUTER:-traefik}.service=api@internal" - "traefik.http.routers.${ROUTER:-traefik}.service=api@internal"
- "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}" - "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}"
- "traefik.http.routers.${ROUTER:-traefik}.tls=${ENABLE_TLS:-true}" - "traefik.http.routers.${ROUTER:-traefik}.tls=${DASHBOARD_TLS:-true}"
- "traefik.docker.network=${NETWORK:-traefik}" - "traefik.docker.network=${NETWORK:-traefik}"
- "traefik.enable=${ENABLE:-false}" - "traefik.enable=${DASHBOARD:-false}"
networks: networks:
- traefik - traefik
volumes: volumes:

View File

@ -14,7 +14,7 @@ services:
command: command:
- --providers.docker=true - --providers.docker=true
- --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false} - --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false}
- --api.dashboard=${DASHBOARD:-true} - --api.dashboard=${DASHBOARD:-false}
- --api.debug=${DEBUG:-false} - --api.debug=${DEBUG:-false}
- --log.level=${LOG_LEVEL:-ERROR} - --log.level=${LOG_LEVEL:-ERROR}
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
@ -26,9 +26,9 @@ services:
- "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)" - "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)"
- "traefik.http.routers.${ROUTER:-traefik}.service=api@internal" - "traefik.http.routers.${ROUTER:-traefik}.service=api@internal"
- "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}" - "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}"
- "traefik.http.routers.${ROUTER:-traefik}.tls=${ENABLE_TLS:-true}" - "traefik.http.routers.${ROUTER:-traefik}.tls=${DASHBOARD_TLS:-true}"
- "traefik.docker.network=${NETWORK:-traefik}" - "traefik.docker.network=${NETWORK:-traefik}"
- "traefik.enable=${ENABLE:-false}" - "traefik.enable=${DASHBOARD:-false}"
networks: networks:
- traefik - traefik
volumes: volumes: