From 1fbd44f1df94e1abbdd09742d0ba640d55354303 Mon Sep 17 00:00:00 2001 From: venus Date: Tue, 31 Mar 2026 00:36:36 -0500 Subject: [PATCH] working on secure readme --- compose.yml | 12 ++++++------ letsencrypt/acme.json | 16 ++++++++++++++++ traefik.yml | 31 +++++++++++++++++++++++++++++++ whoami.yml | 9 +++++++++ 4 files changed, 62 insertions(+), 6 deletions(-) create mode 100644 letsencrypt/acme.json create mode 100644 traefik.yml create mode 100644 whoami.yml diff --git a/compose.yml b/compose.yml index 3ebbc1b..2c77d35 100644 --- a/compose.yml +++ b/compose.yml @@ -4,13 +4,13 @@ services: traefik: image: traefik:v3.6 - command: - - "--api.insecure=true" - - "--providers.docker=true" - - "--entrypoints.web.address=:80" + container_name: traefik + restart: unless-stopped ports: - "80:80" - "8080:8080" + - "443:443" volumes: - - /var/run/docker.sock:/var/run/docker.sock - + - "/var/run/docker.sock:/var/run/docker.sock" + - "./letsencrypt:/letsencrypt" + - "./traefik.yml:/etc/traefik/traefik.yml:ro" diff --git a/letsencrypt/acme.json b/letsencrypt/acme.json new file mode 100644 index 0000000..2d59a01 --- /dev/null +++ b/letsencrypt/acme.json @@ -0,0 +1,16 @@ +{ + "myresolver": { + "Account": { + "Email": "web-admin@riverrooks.art", + "Registration": { + "body": { + "status": "valid" + }, + "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/3195224921" + }, + "PrivateKey": "MIIJJwIBAAKCAgEArvYlx4hYlj3HmzzzOaICsfd80xbYndVxDPfvFryf80rCzTe3WTf7Ij4IMhrcqSWLjjaH13l1OnytLkqjgpwuHKGrqdmrAq3jrAXW/h2yuQfLrGf+v26+7mkqpHcTgJQeCAOpVQfM7tg906BWnGegEmb2jDP5en+GG9fu2x+e9qJojnP0rajymQSyyHTAIAC59UcolOvbgtbwBriivAGw+t3hRVURCSWb32p53+RqMMv2bBXVIjioTkCtDpOX5e8leLjR8aTi7NJ+bz0fFR4+14boGvhIbwr0bltvuHsx4zzLc3Fxzxetfa9dahm6bVoaQ2O5tDN6YyYWtBlDwOgtp48HVOTNtP3jLYNWEDgVFKbeJCDM4WinBXxipkC9rUGkSz4KEis/62Bc0tlNIb+lOCXfTrC3kTlcU670pko9D3LsUnq45OoojLhK2GC18Sw5rNfrrBo+jXrhPZ1CMbGiAEcMKcpyqFs+HF1zvKm3qNJHosgfH1vEln91wPEEx8Z2+XrcRI6TKBBDS/BWnvRPR3gVMR9dfy9znXJMh8ojjl0KJBEhzUApQ983jaCeIM/LiKF4n5CKVFLhjUU8RWlS5XNqkjphxxiyLYe7EPz1ZB5pj1O0wDt0F3R7JNoCn04dwZoHpXB8tFOoBM9Gk8RoiQ1b8uPmRKu4m3GHf9GAK8UCAwEAAQKCAgAKhWjOL+fL2Rk4v5iMva5Vz2ElPHl4PE6ZDgvFnUAtHDDMsG4JInGqpHpPsQfV8BkNS0At9/LRuo+begeNIiEvvZUaGKnM9nH7dTpxe420zMA1tOc/0cQPiCl1TGfS0pVfvAChyV9MeZp2MG0k6KJamPB4i+OTtzl0US7e5G7lu+x3rIdpLgCwrPSnU0X+ZqzIEChjlC9WFeDHNrEqhxuCandSeQQWPbm63KdJjG3KU2mVJFb1wNx2IDOH7d4ziIcDVHHjixvOS/YocE9/MJts0IMCpC2O5+S9AiicumPMm2pMneTPJEhdh38hkzx/uOxdYxDWwkW40qCI4gAOCKg+EshwT0HYemXalAItMKDE328gvCmE0+1JjQvxfpjDSBLE3QcyWJeQ/ROsrEeyfDHTZp95LpowiczznmP2URTHTTNCzOgQH2S91zI5+xCs8115mVhlGkZyNIpp9WAZkKv8QXIjlmWbsCF01rKyKiRryysWZNJ8U38dYGHk2AMGwiA77/l0AKKiHMDAsYkbOGBep0vAdiDaHeyfHDM2rnxbLpPdDPb5/z9P6ZpB9/wSUmKAAWw3jySNQJ45WXrsq82U2r6o2KcvE8kPujG+jl44JuNnFBGQ1slmfemKwwCQKVCSXNwYZC6Bg8BsINEI19/7avXrlTlLwY4+tmYxgi6i3QKCAQEAziaxReRePZ9/rW2Of9uhwCoNP32woF4EOH4jGasB8J4/WcztsrxzWsqdQAb25W9WvrICEDJ5JIaolio+MTtjfxAFdfWSHdQ0PxYWe9FQTRyI6r3fi7DP5S9YTdKycQNDY+fl5Hj955uF2PUQJq30uMIc/pKUOm+1z9U/6xKsx26UPX7ArykgZsBTS5ot6DHQXMc9fi2MT+tWZstFqm/RhFDzQlRjtVCpT9ED864OrN9TuiUfnP6CdOinbjAb4wV2kKRLHFycRZuzZl7sIqfkdIcQRjfLAaGLHh2HuBiA2ZUwsXxXSB2ETHBVyNvD4lDgDaC/f0TCOK5pENYW/UUKtwKCAQEA2US7zg+dzKZaHQ2mXmPVfpNW6PU5ZJEkc2jtQlawMvHZPMXa4wzyjlRzT9jsTgK4QWEmCXfVXrmk51HdBP5E3YsaZ8Se5kGv+eI/w5eFpsR5jY+YzoB1OOT8QRN0jJXX4cB8xFBxwp1kr0R69ZYEaiRwSsIwcyZw3F2VGfYVNH5rl5EX6BPILEf11OIRdmnKA9QKgLAYXlj8Wsw6SI7tkclCbDG1yeZ+kZkaYvKmNhjOusAcaYDAUT3zTjpWbaq8OtMJQb7FKsWzaCI3ruzfRmXYA8R7mfHnpe/rskucSXvKTad7FzrEDRFdvzZptbzDw/KjwuSc1P8i8NdZ3UAxYwKCAQBylwVhEVDlNhyVfVmBbsdZdsaIbUhZzAjSkiLWqLzaUExskUHrYV9Jr2h7Z6Oj4yC3vWDyOewmxoc9eVu6qAVlYrV2XTuMQyGLk66Jws69HkhpG4QANRdKkOen0p+HvEWgag3a0vpn3IYpFAeXSIjIjnXpd/bXCLNqRGJUO7w42xmhmSxn8Rdmpi9mzdwIvm/QsptW4OCmp+0OFJ2z4JX407p0O051QdHrYQauVCkqJLV4uhv5e2tuqsgusqU9qxK90eVCbaQb+TFejRL7LJILx+ve7DJ2xKH86nM/fLdautgnQDOQDYA1sReuH6Kh0UzJpnnrt3+yXBhg2HBM9iy/AoIBAEqimuU5Zhq0FoaedsU8BE377UIPY0zRszTWGZLNVq/Zdqeyy/NtMjGEfywxt1NBCeyjo75i5PAqU6SG8abSdfOo4kQ9PdyZOgtcFk1pUqcsHRls97AQXrRRrPnp5gKZQtSxG+sQO1QAX2L54kdU5mVT6SM1PBGCZgi9OQf3CefDedBSLmUxznSvr5oWoqsLwjK4d3cnhud6KA5E08yzFJcdDO0/0lPuExKPBopxEnnI4dMzRU9UxDvkTR1VWvVHTmvirO5hyzdbPLsL7hbwFe8H80GwEEmc2Nee6FeSM7jmhmNQoi8jp89ZZNvXpE6i7pj0VB8SC3H7xxP21k7zy0MCggEAAIJh//zP5aE9pIXnMbca7WNXgqRL5sBkKFtCyvPSmEQ7zi9AFeCczEm/hQS30XQCzF0eUVKANFEjMVyxoDmbSRp8Cr33PvuGIFju7/3vr6ie36e9Fv/mq9M3lbOGipYDmvPONb85ka8RqcqkyQqnZbemWDmGq1qIRQ1Co8aUtlPPi2ztdASNDeLQssOMnTnbuRO6tii19Dkpl7A4AxnWoepM55ZNoqloxC8jOdHv2TMCxz3c2jS/P86bdjWOjvgFI8hp8SLJzWjKm7LsRBObJ4iW8r1kuTUyKyee23bq+UcpRqdSi3uWnImWAqkOSl/Q7RuN0Ckwq7oKnH8g16eOaw==", + "KeyType": "4096" + }, + "Certificates": null + } +} \ No newline at end of file diff --git a/traefik.yml b/traefik.yml new file mode 100644 index 0000000..3c8d7b1 --- /dev/null +++ b/traefik.yml @@ -0,0 +1,31 @@ +# traefik.yml +# yml file to define traefik global settings. Individual containers get lables to define their own settings + +api: + # dashboard: true + insecure: true + +providers: + docker: + # Do not expose every container automatically + exposedByDefault: false + +entryPoints: + web: + address: ":80" + # Global HTTP -> HTTPS Redirection + http: + redirections: + entryPoint: + to: websecure + scheme: https + websecure: + address: ":443" + +certificatesResolvers: + myresolver: + acme: + email: web-admin@riverrooks.art + storage: /letsencrypt/acme.json + # Use the TLS challenge for domain verification + tlsChallenge: {} diff --git a/whoami.yml b/whoami.yml new file mode 100644 index 0000000..16268a6 --- /dev/null +++ b/whoami.yml @@ -0,0 +1,9 @@ +services: + whoami: + image: traefik/whoami + labels: + # - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)" + - "traefik.enable=true" + - "traefik.http.routers.whoami.rule=Host(`whoami.dev`) || Host(`whoami.art`)" + - "traefik.http.routers.whoami.entrypoints=websecure" + - "traefik.http.routers.whoami.tls.certresolver=myresolver"