diff --git a/docker-compose/authelia/configuration.yml.j2 b/docker-compose/authelia/configuration.yml.j2 index e1b674a7..7ec5a0fc 100644 --- a/docker-compose/authelia/configuration.yml.j2 +++ b/docker-compose/authelia/configuration.yml.j2 @@ -21,6 +21,10 @@ access_control: policy: one_factor subject: - 'group:authelia_wiki' + - domain: traefik.mgrote.net + policy: one_factor + subject: + - 'group:authelia_traefik' - domain: rui.mgrote.net policy: one_factor subject: diff --git a/docker-compose/traefik/docker-compose.yml.j2 b/docker-compose/traefik/docker-compose.yml.j2 index 62b06bb3..dc7259a8 100644 --- a/docker-compose/traefik/docker-compose.yml.j2 +++ b/docker-compose/traefik/docker-compose.yml.j2 @@ -1,4 +1,4 @@ -# Details/Doku: https://wiki.mgrote.net/pages/_Technik/software/rest/ldap/?h=ldap +# Details/Doku: https:/wiki.mgrote.net/pages/_Technik/software/rest/ldap services: ######## traefik ######## @@ -16,16 +16,23 @@ services: - traefik ports: - "80:80" # HTTP - - "8081:8080" # Web-GUI + - "8081:8080" # Web-GUI # deaktiveiren, einkomentioeren wenn ldap oder middleware kapuutt !!! - "443:443" # HTTPS - "2222:2222" # SSH environment: TZ: Europe/Berlin healthcheck: test: ["CMD", "traefik", "healthcheck", "--ping"] - interval: 30s + interval: 10s timeout: 10s retries: 3 + labels: + traefik.http.routers.traefik-dashboard.rule: Host(`traefik.mgrote.net`) + traefik.enable: true + traefik.http.routers.traefik-dashboard.entrypoints: entry_https + traefik.http.services.traefik-dashboard.loadbalancer.server.port: 8080 + + traefik.http.routers.traefik-dashboard.middlewares: authelia@docker ######## Networks ######## networks: @@ -37,3 +44,5 @@ networks: ######## Volumes ######## volumes: acme_data: + + # inscure mode aus diff --git a/docker-compose/traefik/traefik.yml b/docker-compose/traefik/traefik.yml index 4db15bc0..66a36fcf 100644 --- a/docker-compose/traefik/traefik.yml +++ b/docker-compose/traefik/traefik.yml @@ -36,7 +36,7 @@ log: accessLog: {} api: - insecure: true + insecure: false dashboard: true # unter Port 8081 erreichbar ping: {} # für healthcheck diff --git a/group_vars/blocky.yml b/group_vars/blocky.yml index a9ec5915..bc20ad42 100644 --- a/group_vars/blocky.yml +++ b/group_vars/blocky.yml @@ -92,6 +92,8 @@ blocky_custom_lookups: # optional ip: 192.168.2.43 - name: rui.mgrote.net ip: 192.168.2.43 + - name: traefik.mgrote.net # kein oeffentlicher DNS-Record + ip: 192.168.2.43 ### mgrote_munin_node # kann git.mgrote.net nicht auflösen, deshalb hiermit IP