First commit

.env

@@ -0,0 +1 @@
+PASS_HASH=admin:$$apr1$$1laHsN6Q$$r7F6NGfYuzhbO5C1.MbWw0

.gitignore

@@ -0,0 +1,5 @@
+./certs/local.key
+./certs/local.crt
+
+HashTextPW.txt
+Password.txt

01-generate_self-signed_cert.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+mkdir -p certs
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+  -keyout certs/local.key -out certs/local.crt \
+  -subj "/CN=*.docker.localhost"

02-create_traefik_dashboard_credentials.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+PlainTextPW=$(pwgen 16 1)
+
+echo $PlainTextPW > Password.txt &&
+htpasswd -nb admin "$PlainTextPW" | sed -e 's/\$/\$\$/g' > HashTextPW.txt
+
+echo "PW is: $PlainTextPW"
+cat HashTextPW.txt
+

certs/local.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgOgAwIBAgIUM5LXhXg9IESNB6H6Kp2FkqP+j9YwDQYJKoZIhvcNAQEL
+BQAwHTEbMBkGA1UEAwwSKi5kb2NrZXIubG9jYWxob3N0MB4XDTI2MDIwODA5MTU1
+MloXDTI3MDIwODA5MTU1MlowHTEbMBkGA1UEAwwSKi5kb2NrZXIubG9jYWxob3N0
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4c32sX5Bw08+msnTnkRQ
+/dgLDJHGEvRFYIYPnWJyNt6xF1tawDY/DzLuXIBX1r8dngdLFNSWEHc2BK/mlEyR
+593GaQSJxJgos79RzGWi+dLdBdvJi6YJ1x9H/K6R6De/eh4HEhwGHyeec7LDlbzn
+0phhQS8fgLyqd/Z5VOxZxPFfFILTUvnCmb8CLPIcoEK7AKIdrC0FqBxhoqy7H95t
+aY9PO5rEY8hJK5ESsA1XJ265W3pw/al7JjL1rwlvciZZLz/AEeOK/mUCyzgU81tu
+CTvfLKE523Vvl9tvIk8112d/km41D4lUqCt35DU1E4HTBH8lNBC7b9ZaalXudmUF
+xwIDAQABo1MwUTAdBgNVHQ4EFgQU7QQfax1tvT88qMyroqZ6IorQkpswHwYDVR0j
+BBgwFoAU7QQfax1tvT88qMyroqZ6IorQkpswDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAb/DnQlJFrsAI+VAve74AHQ1wTET/yg8R0aagP9/Z57pz
+PP4ZUmAUjV7TqgnqH3MmqYiTAKRff8zKedpx7/CJWuDWhFkqwngMdeSmM7lxD3qE
+ND6GgdmYnGJfub/32oi50Mj3pNwqJTdHaJbNWYRcn/5IbHu+zsJ1i4rxKJAM7A3s
+/SsdakF4CcgidBjhORJsO7KR2EDtrEtDGunQhFp7yAO00xd5rnRvaMwizCMXI0C8
+Wr4k0hMkOEtLeplwXKc4JYUk+vQEYxY741ZFeFa67j4fws8MgaXyhYJno30IYsIl
+/OoahHXqAJH3/QamezND+V4VDvgYqQ8wQJVfEGpN1w==
+-----END CERTIFICATE-----

certs/local.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQDhzfaxfkHDTz6a
+ydOeRFD92AsMkcYS9EVghg+dYnI23rEXW1rANj8PMu5cgFfWvx2eB0sU1JYQdzYE
+r+aUTJHn3cZpBInEmCizv1HMZaL50t0F28mLpgnXH0f8rpHoN796HgcSHAYfJ55z
+ssOVvOfSmGFBLx+AvKp39nlU7FnE8V8UgtNS+cKZvwIs8hygQrsAoh2sLQWoHGGi
+rLsf3m1pj087msRjyEkrkRKwDVcnbrlbenD9qXsmMvWvCW9yJlkvP8AR44r+ZQLL
+OBTzW24JO98soTnbdW+X228iTzXXZ3+SbjUPiVSoK3fkNTUTgdMEfyU0ELtv1lpq
+Ve52ZQXHAgMBAAECgf9QQ+ZtMXQu+PxICXYvzBj+Is3Kqga+thXzObRTPatb1c0d
+gFvB94Zy4KfaOcT/kO/2PKFzxh2RvM523BAapx02Tp84tWRDfdL6EggBoB9OrqXi
+bz41ZdAZqATuzR8QbMCjqAjbZxrF+E9a0TC1CXFeaswnX5jTKj1uZy66AUnntzn9
+8OObEjzb7AfsY2do4O8wqxBevGIzBeR0qCVf/LNxSJo5XL/0KNcNnfSvI7oYGJaq
+lKnYfkV0Yd4bv/8zchE6r+yVSn5yQEQSuKH5uuX2Cod2cpwM3HYH0PCVdvFduoWP
+LM5Bi/KYzlyMT3bSA4t7Rpsk34FjxgIY7DYIJXECgYEA+xPRqkPVjBN/VsssAZjg
+JfxMxsM1gG7NTyNpA9eSgrPwd5Y7GCuCbJKJGNDLImuxyNp+Ws58Ke9LPOCOavnY
+0Bp8h/U3ObCLuzeXbETOrGgJB5i7wkl5ihbhcz2/NzlUzZ8rkr6qyoIpMHDxQBu7
+q5NUl8sPAMsluDjVcFk+bJ8CgYEA5jtMOGZ2PFjJ0zOVXEzrdeDhSLyE322dlV7G
+PjnbLQRu5EijQz4nfyoH82YF+P/ApTddntS21ZS2/cF9iNPksWFoxAK/ywKcMvjw
+QXJzyvAjZaIHBaRaG0JOdow3TdzjL7vZhPirVEtF6Z5i3hgwBxp2QxYTmCVP3aI5
+S5q9LdkCgYB8wVhItfQB6h43zjRLht65gSfVC2ImMugpDns7wX23HBm8EhXC6Luh
+nx4oCnck30Yzev2VuUvQumo0EZAyb3rfzIlcNOf/7k0/9Vt0HKxk1jzGXYnN/Bw8
+FSpozKGamw4cLZ7FB6Bth0dYHoaBSEZz9nzt/6OwzUAszXCgpndyGQKBgGBCgK7A
+IEVA9jlowtURkAz8FhU8RO3Jve467vYLaJkc1mR5/lDaBteDMknQ6URfYiNxz6Hd
+3AfWot/b62mu9lo3mP8DCz+M+tPRA1rJyKIb3yDaKsdwHQByq62jGGhkp1RI3Txc
+X/3hbvyrbTjgsgv2Q2XvMAgX6ZmH/x6eNuSZAoGAAks/MKYB+oraUwWCOpV0Kwh5
+iPKBp6LnhWADaddreMIyStZxe9Dx0sAYbg8t+IxlwdLZJHZTkR5+Aa5RP7VvhhaS
+A4EcUV8kKXG+X+vaBgCNVzc+XjQ/Min82jibJtYf+H1Q2rW8Hj/s5XA9tTq43P/4
+U80yBDQMRBeqvGE2q9M=
+-----END PRIVATE KEY-----

docker-compose.yaml

@@ -0,0 +1,82 @@
+# https://doc.traefik.io/traefik/setup/docker/
+
+services:
+  traefik:
+    image: traefik:v3.6.7
+    container_name: traefik
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+
+    networks:
+     # Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes
+      - proxy
+
+    ports:
+      - "80:80"
+      - "443:443"
+      - "8080:8080"
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./certs:/certs:ro
+      - ./dynamic:/dynamic:ro
+      - ./traefik.yml:/etc/traefik/traefik.yml:ro
+
+    command:
+      # EntryPoints
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
+      - "--entrypoints.websecure.address=:443"
+      - "--entrypoints.websecure.http.tls=true"
+
+      # Attach the static configuration tls.yaml file that contains the tls configuration settings
+      - "--providers.file.filename=/dynamic/tls.yaml"
+
+      # Providers 
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker.network=proxy"
+
+      # API & Dashboard 
+      - "--api.dashboard=true"
+      - "--api.insecure=false"
+
+      # Observability 
+      - "--log.level=INFO"
+      - "--accesslog=true"
+      - "--metrics.prometheus=true"
+
+  # Traefik Dynamic configuration via Docker labels
+    labels:
+      # Enable self‑routing
+      - "traefik.enable=true"
+
+      # Dashboard router
+      - "traefik.http.routers.dashboard.rule=Host(`dashboard.docker.localhost`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls=true"
+
+      # Basic‑auth middleware
+      - "traefik.http.middlewares.dashboard-auth.basicauth.users=${PASS_HASH}"
+      - "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker"
+
+# Whoami application
+  whoami:
+    image: traefik/whoami
+    container_name: whoami
+    restart: unless-stopped
+    networks:
+      - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
+      - "traefik.http.routers.whoami.entrypoints=websecure"
+      - "traefik.http.routers.whoami.tls=true"
+
+networks:
+  proxy:
+    name: proxy

dynamic/tls.yaml

@@ -0,0 +1,4 @@
+tls:
+  certificates:
+    - certFile: /certs/local.crt
+      keyFile:  /certs/local.key

traefik.yml

@@ -0,0 +1,162 @@
+################################################################
+#
+# Configuration sample for Traefik v2.
+#
+# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
+#
+################################################################
+
+################################################################
+# Global configuration
+################################################################
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: true
+
+################################################################
+# EntryPoints configuration
+################################################################
+
+# EntryPoints definition
+#
+# Optional
+#
+entryPoints:
+  web:
+    address: :80
+
+  websecure:
+    address: :443
+
+################################################################
+# Traefik logs configuration
+################################################################
+
+# Traefik logs
+# Enabled by default and log to stdout
+#
+# Optional
+#
+#log:
+  # Log level
+  #
+  # Optional
+  # Default: "ERROR"
+  #
+#  level: DEBUG
+
+  # Sets the filepath for the traefik log. If not specified, stdout will be used.
+  # Intermediate directories are created if necessary.
+  #
+  # Optional
+  # Default: os.Stdout
+  #
+#  filePath: log/traefik.log
+
+  # Format is either "json" or "common".
+  #
+  # Optional
+  # Default: "common"
+  #
+#  format: json
+
+################################################################
+# Access logs configuration
+################################################################
+
+# Enable access logs
+# By default it will write to stdout and produce logs in the textual
+# Common Log Format (CLF), extended with additional fields.
+#
+# Optional
+#
+#accessLog:
+  # Sets the file path for the access log. If not specified, stdout will be used.
+  # Intermediate directories are created if necessary.
+  #
+  # Optional
+  # Default: os.Stdout
+  #
+#  filePath: /path/to/log/log.txt
+
+  # Format is either "json", "common", or "genericCLF".
+  # - "common": Traefik's extended CLF format (default)
+  # - "genericCLF": Standard CLF format compatible with standard log analyzers
+  # - "json": JSON format for structured logging
+  #
+  # Optional
+  # Default: "common"
+  #
+#  format: json
+#  format: genericCLF
+
+################################################################
+# API and dashboard configuration
+################################################################
+
+# Enable API and dashboard
+#
+# Optional
+#
+#api:
+  # Enable the API in insecure mode
+  #
+  # Optional
+  # Default: false
+  #
+#  insecure: true
+
+  # Enabled Dashboard
+  #
+  # Optional
+  # Default: true
+  #
+#  dashboard: false
+
+################################################################
+# Ping configuration
+################################################################
+
+# Enable ping
+#ping:
+  # Name of the related entry point
+  #
+  # Optional
+  # Default: "traefik"
+  #
+#  entryPoint: traefik
+
+################################################################
+# Docker configuration backend
+################################################################
+
+#providers:
+  # Enable Docker configuration backend
+#  docker:
+    # Docker server endpoint. Can be a tcp or a unix socket endpoint.
+    #
+    # Required
+    # Default: "unix:///var/run/docker.sock"
+    #
+#    endpoint: tcp://10.10.10.10:2375
+
+    # Default host rule.
+    #
+    # Optional
+    # Default: "Host(`{{ normalize .Name }}`)"
+    #
+#    defaultRule: Host(`{{ normalize .Name }}.docker.localhost`)
+
+    # Expose containers by default in traefik
+    #
+    # Optional
+    # Default: true
+    #
+#    exposedByDefault: false
+certificatesResolvers:
+  myresolver:
+    acme:
+      email: admin@digitalstack.es
+      storage: acme.json
+      httpChallange:
+        entryPoint: web