pkartch/traefik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8282e13b65893444068471e3a57b85e623c77b06
traefik/docker-compose.yml
Paul R Kartchner 6a7b2ff7f0 Add Crowdsec integration to Traefik 
Configuration changes:
- Enable Traefik experimental plugins support
- Add Crowdsec bouncer plugin (maxlerebourg v1.3.3)
- Configure Crowdsec middleware in config.yml
- Connect Traefik to Crowdsec network
- Add IP whitelist middleware for internal network
- Update .gitignore to exclude crowdsec directory

Security enhancements:
- All routes now protected by Crowdsec threat intelligence
- Internal network IP whitelist for Traefik dashboard
- Crowdsec monitors all Traefik access logs
- Real-time blocking of malicious IPs

Protected services:
- Mealie (recipes.pkartchner.com)
- Gogs (git.pkartchner.com)
- Traefik Dashboard (internal network only)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-20 22:39:20 +00:00

50 lines
1.7 KiB
YAML
Raw Blame History

version: '3.8'
services:
traefik:
image: traefik:v2.10
container_name: traefik
restart: always
security_opt:
- no-new-privileges:true
networks:
- traefik
- crowdsec
ports:
- "80:80" # HTTP
- "443:443" # HTTPS
- "8080:8080" # Traefik Dashboard (optional, can be disabled)
environment:
- TZ=America/Denver
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/traefik.yml:ro
- ./acme.json:/acme.json
- ./config.yml:/config.yml:ro
- ./logs:/var/log/traefik
labels:
- "traefik.enable=true"
# Dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.pkartchner.com`)"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=traefik-auth,internal-whitelist@file"
# Dashboard auth (username: admin, password: IdCTOFygYRqyDPSTOkUgMg==)
# Generate new password: echo $(htpasswd -nb admin yourpassword) | sed -e s/\\$/\\$\\$/g
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$GF9aEQUw$$iEUiC8oacwqPDqd4yPBnn/"
# Global redirect to HTTPS
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=http"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
networks:
traefik:
name: traefik
driver: bridge
crowdsec:
name: crowdsec
external: true
Reference in New Issue View Git Blame Copy Permalink