From b0266882324aae70000218ae3ff841129250705c Mon Sep 17 00:00:00 2001 From: eroncero Date: Sun, 8 Feb 2026 18:38:50 +0100 Subject: [PATCH] First commit --- .env | 1 + .gitignore | 5 + 01-generate_self-signed_cert.sh | 6 + 02-create_traefik_dashboard_credentials.sh | 10 + certs/local.crt | 19 + certs/local.key | 28 + docker-compose.yaml | 82 ++ dynamic/tls.yaml | 4 + traefik.sample.yml | 1471 ++++++++++++++++++++ traefik.yml | 162 +++ 10 files changed, 1788 insertions(+) create mode 100644 .env create mode 100644 .gitignore create mode 100755 01-generate_self-signed_cert.sh create mode 100755 02-create_traefik_dashboard_credentials.sh create mode 100644 certs/local.crt create mode 100644 certs/local.key create mode 100644 docker-compose.yaml create mode 100644 dynamic/tls.yaml create mode 100644 traefik.sample.yml create mode 100644 traefik.yml diff --git a/.env b/.env new file mode 100644 index 0000000..af0db7b --- /dev/null +++ b/.env @@ -0,0 +1 @@ +PASS_HASH=admin:$$apr1$$1laHsN6Q$$r7F6NGfYuzhbO5C1.MbWw0 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fb5299c --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +./certs/local.key +./certs/local.crt + +HashTextPW.txt +Password.txt diff --git a/01-generate_self-signed_cert.sh b/01-generate_self-signed_cert.sh new file mode 100755 index 0000000..6ea5c70 --- /dev/null +++ b/01-generate_self-signed_cert.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +mkdir -p certs +openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ + -keyout certs/local.key -out certs/local.crt \ + -subj "/CN=*.docker.localhost" diff --git a/02-create_traefik_dashboard_credentials.sh b/02-create_traefik_dashboard_credentials.sh new file mode 100755 index 0000000..052ab16 --- /dev/null +++ b/02-create_traefik_dashboard_credentials.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +PlainTextPW=$(pwgen 16 1) + +echo $PlainTextPW > Password.txt && +htpasswd -nb admin "$PlainTextPW" | sed -e 's/\$/\$\$/g' > HashTextPW.txt + +echo "PW is: $PlainTextPW" +cat HashTextPW.txt + diff --git a/certs/local.crt b/certs/local.crt new file mode 100644 index 0000000..957ca5f --- /dev/null +++ b/certs/local.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGzCCAgOgAwIBAgIUM5LXhXg9IESNB6H6Kp2FkqP+j9YwDQYJKoZIhvcNAQEL +BQAwHTEbMBkGA1UEAwwSKi5kb2NrZXIubG9jYWxob3N0MB4XDTI2MDIwODA5MTU1 +MloXDTI3MDIwODA5MTU1MlowHTEbMBkGA1UEAwwSKi5kb2NrZXIubG9jYWxob3N0 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4c32sX5Bw08+msnTnkRQ +/dgLDJHGEvRFYIYPnWJyNt6xF1tawDY/DzLuXIBX1r8dngdLFNSWEHc2BK/mlEyR +593GaQSJxJgos79RzGWi+dLdBdvJi6YJ1x9H/K6R6De/eh4HEhwGHyeec7LDlbzn +0phhQS8fgLyqd/Z5VOxZxPFfFILTUvnCmb8CLPIcoEK7AKIdrC0FqBxhoqy7H95t +aY9PO5rEY8hJK5ESsA1XJ265W3pw/al7JjL1rwlvciZZLz/AEeOK/mUCyzgU81tu +CTvfLKE523Vvl9tvIk8112d/km41D4lUqCt35DU1E4HTBH8lNBC7b9ZaalXudmUF +xwIDAQABo1MwUTAdBgNVHQ4EFgQU7QQfax1tvT88qMyroqZ6IorQkpswHwYDVR0j +BBgwFoAU7QQfax1tvT88qMyroqZ6IorQkpswDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAQEAb/DnQlJFrsAI+VAve74AHQ1wTET/yg8R0aagP9/Z57pz +PP4ZUmAUjV7TqgnqH3MmqYiTAKRff8zKedpx7/CJWuDWhFkqwngMdeSmM7lxD3qE +ND6GgdmYnGJfub/32oi50Mj3pNwqJTdHaJbNWYRcn/5IbHu+zsJ1i4rxKJAM7A3s +/SsdakF4CcgidBjhORJsO7KR2EDtrEtDGunQhFp7yAO00xd5rnRvaMwizCMXI0C8 +Wr4k0hMkOEtLeplwXKc4JYUk+vQEYxY741ZFeFa67j4fws8MgaXyhYJno30IYsIl +/OoahHXqAJH3/QamezND+V4VDvgYqQ8wQJVfEGpN1w== +-----END CERTIFICATE----- diff --git a/certs/local.key b/certs/local.key new file mode 100644 index 0000000..e891d6f --- /dev/null +++ b/certs/local.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEugIBADANBgkqhkiG9w0BAQEFAASCBKQwggSgAgEAAoIBAQDhzfaxfkHDTz6a +ydOeRFD92AsMkcYS9EVghg+dYnI23rEXW1rANj8PMu5cgFfWvx2eB0sU1JYQdzYE +r+aUTJHn3cZpBInEmCizv1HMZaL50t0F28mLpgnXH0f8rpHoN796HgcSHAYfJ55z +ssOVvOfSmGFBLx+AvKp39nlU7FnE8V8UgtNS+cKZvwIs8hygQrsAoh2sLQWoHGGi +rLsf3m1pj087msRjyEkrkRKwDVcnbrlbenD9qXsmMvWvCW9yJlkvP8AR44r+ZQLL +OBTzW24JO98soTnbdW+X228iTzXXZ3+SbjUPiVSoK3fkNTUTgdMEfyU0ELtv1lpq +Ve52ZQXHAgMBAAECgf9QQ+ZtMXQu+PxICXYvzBj+Is3Kqga+thXzObRTPatb1c0d +gFvB94Zy4KfaOcT/kO/2PKFzxh2RvM523BAapx02Tp84tWRDfdL6EggBoB9OrqXi +bz41ZdAZqATuzR8QbMCjqAjbZxrF+E9a0TC1CXFeaswnX5jTKj1uZy66AUnntzn9 +8OObEjzb7AfsY2do4O8wqxBevGIzBeR0qCVf/LNxSJo5XL/0KNcNnfSvI7oYGJaq +lKnYfkV0Yd4bv/8zchE6r+yVSn5yQEQSuKH5uuX2Cod2cpwM3HYH0PCVdvFduoWP +LM5Bi/KYzlyMT3bSA4t7Rpsk34FjxgIY7DYIJXECgYEA+xPRqkPVjBN/VsssAZjg +JfxMxsM1gG7NTyNpA9eSgrPwd5Y7GCuCbJKJGNDLImuxyNp+Ws58Ke9LPOCOavnY +0Bp8h/U3ObCLuzeXbETOrGgJB5i7wkl5ihbhcz2/NzlUzZ8rkr6qyoIpMHDxQBu7 +q5NUl8sPAMsluDjVcFk+bJ8CgYEA5jtMOGZ2PFjJ0zOVXEzrdeDhSLyE322dlV7G +PjnbLQRu5EijQz4nfyoH82YF+P/ApTddntS21ZS2/cF9iNPksWFoxAK/ywKcMvjw +QXJzyvAjZaIHBaRaG0JOdow3TdzjL7vZhPirVEtF6Z5i3hgwBxp2QxYTmCVP3aI5 +S5q9LdkCgYB8wVhItfQB6h43zjRLht65gSfVC2ImMugpDns7wX23HBm8EhXC6Luh +nx4oCnck30Yzev2VuUvQumo0EZAyb3rfzIlcNOf/7k0/9Vt0HKxk1jzGXYnN/Bw8 +FSpozKGamw4cLZ7FB6Bth0dYHoaBSEZz9nzt/6OwzUAszXCgpndyGQKBgGBCgK7A +IEVA9jlowtURkAz8FhU8RO3Jve467vYLaJkc1mR5/lDaBteDMknQ6URfYiNxz6Hd +3AfWot/b62mu9lo3mP8DCz+M+tPRA1rJyKIb3yDaKsdwHQByq62jGGhkp1RI3Txc +X/3hbvyrbTjgsgv2Q2XvMAgX6ZmH/x6eNuSZAoGAAks/MKYB+oraUwWCOpV0Kwh5 +iPKBp6LnhWADaddreMIyStZxe9Dx0sAYbg8t+IxlwdLZJHZTkR5+Aa5RP7VvhhaS +A4EcUV8kKXG+X+vaBgCNVzc+XjQ/Min82jibJtYf+H1Q2rW8Hj/s5XA9tTq43P/4 +U80yBDQMRBeqvGE2q9M= +-----END PRIVATE KEY----- diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..960668a --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,82 @@ +# https://doc.traefik.io/traefik/setup/docker/ + +services: + traefik: + image: traefik:v3.6.7 + container_name: traefik + restart: unless-stopped + security_opt: + - no-new-privileges:true + + networks: + # Connect to the 'traefik_proxy' overlay network for inter-container communication across nodes + - proxy + + ports: + - "80:80" + - "443:443" + - "8080:8080" + + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + - ./certs:/certs:ro + - ./dynamic:/dynamic:ro + - ./traefik.yml:/etc/traefik/traefik.yml:ro + + command: + # EntryPoints + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entrypoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + - "--entrypoints.web.http.redirections.entrypoint.permanent=true" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.websecure.http.tls=true" + + # Attach the static configuration tls.yaml file that contains the tls configuration settings + - "--providers.file.filename=/dynamic/tls.yaml" + + # Providers + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--providers.docker.network=proxy" + + # API & Dashboard + - "--api.dashboard=true" + - "--api.insecure=false" + + # Observability + - "--log.level=INFO" + - "--accesslog=true" + - "--metrics.prometheus=true" + + # Traefik Dynamic configuration via Docker labels + labels: + # Enable self‑routing + - "traefik.enable=true" + + # Dashboard router + - "traefik.http.routers.dashboard.rule=Host(`dashboard.docker.localhost`)" + - "traefik.http.routers.dashboard.entrypoints=websecure" + - "traefik.http.routers.dashboard.service=api@internal" + - "traefik.http.routers.dashboard.tls=true" + + # Basic‑auth middleware + - "traefik.http.middlewares.dashboard-auth.basicauth.users=${PASS_HASH}" + - "traefik.http.routers.dashboard.middlewares=dashboard-auth@docker" + +# Whoami application + whoami: + image: traefik/whoami + container_name: whoami + restart: unless-stopped + networks: + - proxy + labels: + - "traefik.enable=true" + - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)" + - "traefik.http.routers.whoami.entrypoints=websecure" + - "traefik.http.routers.whoami.tls=true" + +networks: + proxy: + name: proxy diff --git a/dynamic/tls.yaml b/dynamic/tls.yaml new file mode 100644 index 0000000..dd77916 --- /dev/null +++ b/dynamic/tls.yaml @@ -0,0 +1,4 @@ +tls: + certificates: + - certFile: /certs/local.crt + keyFile: /certs/local.key diff --git a/traefik.sample.yml b/traefik.sample.yml new file mode 100644 index 0000000..325ec51 --- /dev/null +++ b/traefik.sample.yml @@ -0,0 +1,1471 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + traefik/traefik.sample.yml at master · traefik/traefik · GitHub + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+ + +
+ Skip to content + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + +
+ + + + + +
+ + + + + + + + + +
+
+
+ + + + + + + + + + + + + +
+ +
+ +
+ +
+ + + + / + + traefik + + + Public +
+ + +
+ +
+ + +
+
+ +
+
+ + + + +
+ + + + + +
+ + + + + + + + + + + + + + + + + + + +
+ + + + + +
+ + + +
+
+ +
+ +
+

Footer

+ + + + +
+
+ + + + + © 2026 GitHub, Inc. + +
+ + +
+
+ + + + + + + + + + + + + + + + + + + + +
+
+
+ + + diff --git a/traefik.yml b/traefik.yml new file mode 100644 index 0000000..6900dec --- /dev/null +++ b/traefik.yml @@ -0,0 +1,162 @@ +################################################################ +# +# Configuration sample for Traefik v2. +# +# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml +# +################################################################ + +################################################################ +# Global configuration +################################################################ +global: + checkNewVersion: true + sendAnonymousUsage: true + +################################################################ +# EntryPoints configuration +################################################################ + +# EntryPoints definition +# +# Optional +# +entryPoints: + web: + address: :80 + + websecure: + address: :443 + +################################################################ +# Traefik logs configuration +################################################################ + +# Traefik logs +# Enabled by default and log to stdout +# +# Optional +# +#log: + # Log level + # + # Optional + # Default: "ERROR" + # +# level: DEBUG + + # Sets the filepath for the traefik log. If not specified, stdout will be used. + # Intermediate directories are created if necessary. + # + # Optional + # Default: os.Stdout + # +# filePath: log/traefik.log + + # Format is either "json" or "common". + # + # Optional + # Default: "common" + # +# format: json + +################################################################ +# Access logs configuration +################################################################ + +# Enable access logs +# By default it will write to stdout and produce logs in the textual +# Common Log Format (CLF), extended with additional fields. +# +# Optional +# +#accessLog: + # Sets the file path for the access log. If not specified, stdout will be used. + # Intermediate directories are created if necessary. + # + # Optional + # Default: os.Stdout + # +# filePath: /path/to/log/log.txt + + # Format is either "json", "common", or "genericCLF". + # - "common": Traefik's extended CLF format (default) + # - "genericCLF": Standard CLF format compatible with standard log analyzers + # - "json": JSON format for structured logging + # + # Optional + # Default: "common" + # +# format: json +# format: genericCLF + +################################################################ +# API and dashboard configuration +################################################################ + +# Enable API and dashboard +# +# Optional +# +#api: + # Enable the API in insecure mode + # + # Optional + # Default: false + # +# insecure: true + + # Enabled Dashboard + # + # Optional + # Default: true + # +# dashboard: false + +################################################################ +# Ping configuration +################################################################ + +# Enable ping +#ping: + # Name of the related entry point + # + # Optional + # Default: "traefik" + # +# entryPoint: traefik + +################################################################ +# Docker configuration backend +################################################################ + +#providers: + # Enable Docker configuration backend +# docker: + # Docker server endpoint. Can be a tcp or a unix socket endpoint. + # + # Required + # Default: "unix:///var/run/docker.sock" + # +# endpoint: tcp://10.10.10.10:2375 + + # Default host rule. + # + # Optional + # Default: "Host(`{{ normalize .Name }}`)" + # +# defaultRule: Host(`{{ normalize .Name }}.docker.localhost`) + + # Expose containers by default in traefik + # + # Optional + # Default: true + # +# exposedByDefault: false +certificatesResolvers: + myresolver: + acme: + email: admin@digitalstack.es + storage: acme.json + httpChallange: + entryPoint: web