Update Traefik version and configuration

Switched the Traefik container image to version v3.2 to utilize updates in the latest release. Enabled the insecure dashboard mode for testing purposes. Added a port mapping for the Web UI to allow access. Updated environment variables to consistent names, ensuring more readable and maintainable configuration. Recognize these changes may pose security risks if used in production without adjustments. Issue: #123
youngsecurity · Oct 7, 2024 · 76d6a11 · 76d6a11
1 parent 7979f24
commit 76d6a11
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 4 deletions.
diff --git a/src/docker/containers/traefik/data/traefik-chainguard.yml b/src/docker/containers/traefik/data/traefik-chainguard.yml
@@ -0,0 +1,7 @@
+## traefik.yml
+
+
+# API and dashboard configuration. DO NOT RUN IN PROD
+api:
+  insecure: true
+
diff --git a/src/docker/containers/traefik/data/traefik.yml b/src/docker/containers/traefik/data/traefik.yml
@@ -1,5 +1,6 @@
 api:
   dashboard: true
+  insecure: true
   debug: true
 entryPoints:
   http:

diff --git a/src/docker/containers/traefik/docker-compose.yml b/src/docker/containers/traefik/docker-compose.yml
@@ -1,6 +1,7 @@
 services:
   traefik:
-    image: cgr.dev/chainguard/traefik:latest
+    #image: cgr.dev/chainguard/traefik:latest
+    image: traefik:v3.2
     container_name: traefik
     restart: unless-stopped
     security_opt:
@@ -9,7 +10,8 @@ services:
       macvlan255:
         ipv4_address: 10.0.255.8
     ports:
-      - 80:80       # For HTTP (usually serves HTTP/1.1 traffic)      
+      - 80:80       # For HTTP (usually serves HTTP/1.1 traffic) 
+      - 8080:8080   # Web UI     
       - 443:443/tcp # For HTTPS (HTTP/2 or fallback to HTTP/1.1 via TLS over TCP)
       - 443:443/udp # For HTTP/3 (which runs over QUIC using UDP)
     environment:
@@ -25,6 +27,7 @@ services:
       - ./data/traefik.yml:/traefik.yml:ro
       - ./data/acme.json:/acme.json
       # - ./data/config.yml:/config.yml:ro
+    #user: "${RUNAS_USER_AND_GROUP}"
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.traefik.entrypoints=http"
@@ -34,12 +37,12 @@ services:
       - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
       - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
       - "traefik.http.routers.traefik-secure.entrypoints=https"
-      - "traefik.http.routers.traefik-secure.rule=${_SECURE_RULE}"
+      - "traefik.http.routers.traefik-secure.rule=${TRAEFIK_HTTP_ROUTERS_TRAEFIK_SECURE_RULE}"
       - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
       - "traefik.http.routers.traefik-secure.tls=true"
       - "traefik.http.routers.traefik-secure.tls.certresolver=${TRAEFIK_HTTP_ROUTERS_TRAEFIK_SECURE_TLS_CERTRESOLVER}"
       - "traefik.http.routers.traefik-secure.tls.domains[0].main=${TRAEFIK_HTTP_ROUTERS_TRAEFIK_SECURE_TLS_DOMAINS_0_MAIN}"
-      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=${TRAEFIK_HTTP_ROUTERS_TRAEFIK-SECURE_TLS_DOMAINS_0_SANS}"
+      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=${TRAEFIK_HTTP_ROUTERS_TRAEFIK_SECURE_TLS_DOMAINS_0_SANS}"
       - "traefik.http.routers.traefik-secure.service=${TRAEFIK_HTTP_ROUTERS_TRAEFIK_SECURE_SERVICE}"
 
 secrets: