Separate traefik dashboard and update traefik configs

traefik/compose.yml

@@ -1,59 +0,0 @@
-services:
-  traefik:
-    container_name: traefik
-    image: docker.io/library/traefik:v3.5.0
-    restart: unless-stopped
-    security_opt:
-      - no-new-privileges:true
-    secrets:
-      - cf_api_token
-    command:
-      - --log.level=DEBUG
-      - --log.filepath=/var/log/traefik/traefik.log
-      - --accesslog=true
-      - --accesslog.format=json
-      - --accesslog.filepath=/var/log/traefik/access.log
-      - --api.dashboard=false
-      - --providers.docker=true
-      - --providers.docker.exposedbydefault=false
-      - --providers.docker.network=frontend
-      # Set up LetsEncrypt certificate resolver
-      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
-      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
-      - --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53
-      - --certificatesresolvers.letsencrypt.acme.dnschallenge.delayBeforeCheck=20
-      - --certificatesresolvers.letsencrypt.acme.email=${CF_EMAIL}
-      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
-      # staging environment of LE, remove for real certs
-      # - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
-      # Set up an insecure listener that redirects all traffic to TLS
-      - --entrypoints.web.address=:80
-      - --entrypoints.websecure.address=:443
-      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-      # Set up the TLS configuration for our websecure listener
-      - --entrypoints.websecure.http.tls=true
-      - --entrypoints.websecure.http.tls.certResolver=letsencrypt
-      - --entrypoints.websecure.http.tls.domains[0].main=${DOMAIN}
-      - --entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}
-    environment:
-      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_api_token
-    volumes:
-      - ${APPDATA_PATH}/traefik/letsencrypt/acme.json:/acme.json
-      - ${APPDATA_PATH}/traefik/logs:/var/log/traefik
-      - /etc/localtime:/etc/localtime:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    ports:
-      - 80:80
-      - 443:443
-      - 443:443/udp
-    networks:
-      - frontend
-
-networks:
-  frontend:
-    external: true
-
-secrets:
-  cf_api_token:
-    file: ${APPDATA_PATH}/traefik/secrets/cf_api_token

traefik/config.yml

@@ -1,51 +0,0 @@
-http:
- #region routers 
-  routers:
-    example:
-      entryPoints:
-        - "websecure"
-      rule: "Host(`example.local.domain.name`)"
-      middlewares:
-        - default-headers
-        - https-redirectscheme
-      tls: {}
-      service: example
-#endregion
-
-#region services
-  services:
-    example:
-      loadBalancer:
-        servers:
-          - url: "http://ip:port/"
-        passHostHeader: true
-#endregion
-
-  middlewares:
-    https-redirectscheme:
-      redirectScheme:
-        scheme: https
-        permanent: true
-    default-headers:
-      headers:
-        frameDeny: true
-        browserXssFilter: true
-        contentTypeNosniff: true
-        forceSTSHeader: true
-        stsIncludeSubdomains: true
-        stsPreload: true
-        stsSeconds: 15552000
-        customFrameOptionsValue: SAMEORIGIN
-        customRequestHeaders:
-          X-Forwarded-Proto: https
-
-    default-whitelist:
-      ipAllowList:
-        sourceRange:
-        - "local ip subnet"
-
-    secured:
-      chain:
-        middlewares:
-        - default-whitelist
-        - default-headers

traefik/docker-compose-dashboard.yml

@@ -1,46 +0,0 @@
-services:
-  traefik:
-    container_name: traefik
-    image: docker.io/library/traefik:v3.5.0
-    restart: unless-stopped
-    security_opt:
-      - no-new-privileges:true
-    secrets:
-      - cf_api_token
-    env_file: .env
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.traefik.entrypoints=web
-      - traefik.http.routers.traefik.rule=Host(`traefik.local.${DOMAIN_NAME}`)
-      - traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}
-      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
-      - traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
-      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
-      - traefik.http.routers.traefik-secure.entrypoints=websecure
-      - traefik.http.routers.traefik-secure.rule=Host(`traefik.local.${DOMAIN_NAME}`)
-      - traefik.http.routers.traefik-secure.middlewares=traefik-auth
-      - traefik.http.routers.traefik-secure.service=api@internal
-    environment:
-      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_api_token
-      - TRAEFIK_DASHBOARD_CREDENTIALS=${TRAEFIK_DASHBOARD_CREDENTIALS}
-    volumes:
-      - ./data/traefik.yml:/traefik.yml:ro
-      - ./data/acme.json:/acme.json # chmod 600
-      - ./data/config.yml:/config.yml:ro
-      - ./logs:/var/log/traefik
-      - /etc/localtime:/etc/localtime:ro
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    ports:
-      - 80:80
-      - 443:443
-      - 443:443/udp
-    networks:
-      - frontend
-
-networks:
-  frontend:
-    external: true
-
-secrets:
-  cf_api_token:
-    file: ./cf_api_token.txt

traefik/traefik.yml

@@ -18,15 +18,12 @@ entryPoints:
           - main: domain.name
             sans:
               - '*.domain.name'
-              - '*.local.domain.name'
 serversTransport:
-  insecureSkipVerify: true
+  insecureSkipVerify: false
 providers:
   docker:
     endpoint: "unix:///var/run/docker.sock"
     exposedByDefault: false
-  file:
-    filename: /config.yml
 certificatesResolvers:
   letsencrypt:
     acme: