Disable Traefik dashboard and update TLS settings

- Set dashboard to false by default for security
- Rename ENABLE_TLS to DASHBOARD_TLS for clarity
- Link traefik.enable to DASHBOARD environment variable

README.md

@@ -38,19 +38,18 @@ Here's a brief explanation of the variables used in the docker-compose files:
 - `NAME`: The name assigned to the created container (default: `traefik`).
 
 ### Traefik Settings
-- `DASHBOARD`: Enable(=true) or disable(=false) the Traefik API dashboard (default: `true`).
+- `DASHBOARD`: Enable(=true) or disable(=false) the Traefik API dashboard (default: `false`).
 - `DOMAIN`: The domain name where Traefik's dashboard is accessible (default: `traefik.local.krislamo.org`).
 - `ENTRYPOINT`: The entry point for the dashboard (default: `local`).
 - `EXPOSED_BY_DEFAULT`: Expose Docker containers by default without needing specific labels (default: `false`).
 
 ### Network Settings
 - `NETWORK`: The Docker network to be used (default: `traefik`).
-- `WEB_PORT`: Binding for the regular HTTP traffic (default: `0.0.0.0:80:80`).
-- `WEBSECURE_PORT`: Binding for HTTPS traffic (default: `0.0.0.0:443:443`).
+- `WEB_PORT`: Binding for the regular HTTP traffic (defaults vary).
+- `WEBSECURE_PORT`: Binding for HTTPS traffic (default: `0.0.0.0:443:443`, only on HTTPS version).
 - `LOCAL_PORT`: Binding for local HTTPS traffic (default: `127.0.0.1:8443:8443`).
 
 ### Other Settings
-- `ENABLE`: Enable(=true) or disable(=false) Traefik to expose its API and dashboard (default: `false`).
 - `LOG_LEVEL`: Logging level (default: `ERROR`).
 - `DEBUG`: Enable(=true) or turn off(=false) API debugging (default: `false`).
 

docker-compose.https.yml

@@ -14,7 +14,7 @@ services:
     command:
       - --providers.docker=true
       - --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false}
-      - --api.dashboard=${DASHBOARD:-true}
+      - --api.dashboard=${DASHBOARD:-false}
       - --api.debug=${DEBUG:-false}
       - --log.level=${LOG_LEVEL:-ERROR}
       - --entrypoints.web.address=:80
@@ -31,9 +31,9 @@ services:
       - "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)"
       - "traefik.http.routers.${ROUTER:-traefik}.service=api@internal"
       - "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}"
-      - "traefik.http.routers.${ROUTER:-traefik}.tls=${ENABLE_TLS:-true}"
+      - "traefik.http.routers.${ROUTER:-traefik}.tls=${DASHBOARD_TLS:-true}"
       - "traefik.docker.network=${NETWORK:-traefik}"
-      - "traefik.enable=${ENABLE:-false}"
+      - "traefik.enable=${DASHBOARD:-false}"
     networks:
       - traefik
     volumes:

docker-compose.yml

@@ -14,7 +14,7 @@ services:
     command:
       - --providers.docker=true
       - --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false}
-      - --api.dashboard=${DASHBOARD:-true}
+      - --api.dashboard=${DASHBOARD:-false}
       - --api.debug=${DEBUG:-false}
       - --log.level=${LOG_LEVEL:-ERROR}
       - --entrypoints.web.address=:80
@@ -26,9 +26,9 @@ services:
       - "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)"
       - "traefik.http.routers.${ROUTER:-traefik}.service=api@internal"
       - "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}"
-      - "traefik.http.routers.${ROUTER:-traefik}.tls=${ENABLE_TLS:-true}"
+      - "traefik.http.routers.${ROUTER:-traefik}.tls=${DASHBOARD_TLS:-true}"
       - "traefik.docker.network=${NETWORK:-traefik}"
-      - "traefik.enable=${ENABLE:-false}"
+      - "traefik.enable=${DASHBOARD:-false}"
     networks:
       - traefik
     volumes: