Require explicit VERSION in docker-compose files

- Set dashboard to false by default for security
- Rename ENABLE_TLS to DASHBOARD_TLS for clarity
- Link traefik.enable to DASHBOARD environment variable

README.md

@@ -6,7 +6,9 @@ Encrypt. While similar, the docker-compose files available here cater to
 different use cases for deploying Traefik.
 
 ## Add services to Traefik
+
 1. Define the external traefik network on the top-level networks key
+
 ```
 networks:
   traefik:
@@ -14,12 +16,14 @@ networks:
 ```
 
 2. Attach your web container to Traefik's network via the service-level `networks` key
+
 ```
     networks:
       - traefik
 ```
 
 3. Define routing for Traefik in labels, replacing "examplerouter" with something unique
+
 ```
     labels:
       traefik.http.routers.examplerouter.rule: Host(`www.example.org`)
@@ -30,31 +34,35 @@ networks:
 ```
 
 ## Variables
+
 Here's a brief explanation of the variables used in the docker-compose files:
 
 ### Docker Settings
+
 - `IMAGE`: The name of the Docker image (default: `traefik`).
-- `VERSION`: The tag of the Docker image (default: `latest`).
+- `VERSION`: The tag of the Docker image (required, no default).
 - `NAME`: The name assigned to the created container (default: `traefik`).
 
 ### Traefik Settings
-- `DASHBOARD`: Enable(=true) or disable(=false) the Traefik API dashboard (default: `true`).
+
+- `DASHBOARD`: Enable(=true) or disable(=false) the Traefik API dashboard (default: `false`).
 - `DOMAIN`: The domain name where Traefik's dashboard is accessible (default: `traefik.local.krislamo.org`).
 - `ENTRYPOINT`: The entry point for the dashboard (default: `local`).
 - `EXPOSED_BY_DEFAULT`: Expose Docker containers by default without needing specific labels (default: `false`).
 
 ### Network Settings
+
 - `NETWORK`: The Docker network to be used (default: `traefik`).
-- `WEB_PORT`: Binding for the regular HTTP traffic (default: `0.0.0.0:80:80`).
+- `WEB_PORT`: Binding for the regular HTTP traffic (defaults vary).
-- `WEBSECURE_PORT`: Binding for HTTPS traffic (default: `0.0.0.0:443:443`).
+- `WEBSECURE_PORT`: Binding for HTTPS traffic (default: `0.0.0.0:443:443`, only on HTTPS version).
 - `LOCAL_PORT`: Binding for local HTTPS traffic (default: `127.0.0.1:8443:8443`).
 
 ### Other Settings
-- `ENABLE`: Enable(=true) or disable(=false) Traefik to expose its API and dashboard (default: `false`).
+
 - `LOG_LEVEL`: Logging level (default: `ERROR`).
 - `DEBUG`: Enable(=true) or turn off(=false) API debugging (default: `false`).
 
-
 ## License
+
 This project is released under the 0BSD license, which allows for unrestricted
 use, modification, and distribution.

docker-compose.https.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 volumes:
   traefik:
 
@@ -9,26 +7,31 @@ networks:
 
 services:
   traefik:
-    image: "${IMAGE:-traefik}:${VERSION:-latest}"
+    image: "${IMAGE:-traefik}:${VERSION:?}"
     container_name: "${NAME:-traefik}"
     command:
       - --providers.docker=true
       - --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false}
-      - --api.dashboard=${DASHBOARD:-true}
+      - --api.dashboard=${DASHBOARD:-false}
       - --api.debug=${DEBUG:-false}
       - --log.level=${LOG_LEVEL:-ERROR}
       - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
       - --entrypoints.local.address=:8443
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
     ports:
-      - "${WEB_PORT:-127.0.0.1:80:80}"
+      - "${WEB_PORT:-0.0.0.0:80:80}"
+      - "${WEBSECURE_PORT:-0.0.0.0:443:443}"
       - "${LOCAL_PORT:-127.0.0.1:8443:8443}"
     labels:
       - "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)"
       - "traefik.http.routers.${ROUTER:-traefik}.service=api@internal"
       - "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}"
-      - "traefik.http.routers.${ROUTER:-traefik}.tls=${ENABLE_TLS:-true}"
+      - "traefik.http.routers.${ROUTER:-traefik}.tls=${DASHBOARD_TLS:-true}"
       - "traefik.docker.network=${NETWORK:-traefik}"
-      - "traefik.enable=${ENABLE:-false}"
+      - "traefik.enable=${DASHBOARD:-false}"
     networks:
       - traefik
     volumes:

docker-compose.yml

@@ -1,5 +1,3 @@
-version: '3.8'
-
 volumes:
   traefik:
 
@@ -9,31 +7,26 @@ networks:
 
 services:
   traefik:
-    image: "${IMAGE:-traefik}:${VERSION:-latest}"
+    image: "${IMAGE:-traefik}:${VERSION:?}"
     container_name: "${NAME:-traefik}"
     command:
       - --providers.docker=true
       - --providers.docker.exposedbydefault=${EXPOSED_BY_DEFAULT:-false}
-      - --api.dashboard=${DASHBOARD:-true}
+      - --api.dashboard=${DASHBOARD:-false}
       - --api.debug=${DEBUG:-false}
       - --log.level=${LOG_LEVEL:-ERROR}
       - --entrypoints.web.address=:80
-      - --entrypoints.websecure.address=:443
       - --entrypoints.local.address=:8443
-      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-      - --entrypoints.web.http.redirections.entrypoint.permanent=true
     ports:
-      - "${WEB_PORT:-0.0.0.0:80:80}"
+      - "${WEB_PORT:-127.0.0.1:8000:80}"
-      - "${WEBSECURE_PORT:-0.0.0.0:443:443}"
       - "${LOCAL_PORT:-127.0.0.1:8443:8443}"
     labels:
       - "traefik.http.routers.${ROUTER:-traefik}.rule=Host(`${DOMAIN:-traefik.local.krislamo.org}`)"
       - "traefik.http.routers.${ROUTER:-traefik}.service=api@internal"
       - "traefik.http.routers.${ROUTER:-traefik}.entrypoints=${ENTRYPOINT:-local}"
-      - "traefik.http.routers.${ROUTER:-traefik}.tls=${ENABLE_TLS:-true}"
+      - "traefik.http.routers.${ROUTER:-traefik}.tls=${DASHBOARD_TLS:-true}"
       - "traefik.docker.network=${NETWORK:-traefik}"
-      - "traefik.enable=${ENABLE:-false}"
+      - "traefik.enable=${DASHBOARD:-false}"
     networks:
       - traefik
     volumes: