From 09f3ec9f700ba178edf63a2e5f9a3d8502c4ab46 Mon Sep 17 00:00:00 2001
From: Bryan Joshua Pedini <b.pedini@bjphoster.com>
Date: Thu, 2 May 2024 13:34:19 +0200
Subject: [PATCH] less static configuration, more variables

---
 docker-compose.yml | 16 +++++++---------
 env.example        | 10 ++++++++--
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 64ea001..3e388d8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,6 +33,7 @@ services:
     labels:
       # expose Træfik using Træfik (dashboard)
       - traefik.enable=${TRAEFIK_ENABLED}
+      - traefik.docker.network=${TRAEFIK_NETWORK}
       # configure a global whitelist for accessing the Træfik dashboard
       - traefik.http.middlewares.dashboard-whitelist.ipwhitelist.sourcerange=${TRAEFIK_DASHBOARD_WHITELIST}
       # configure a global middleware for redirecting HTTP to HTTPS
@@ -44,18 +45,15 @@ services:
       - traefik.http.middlewares.hsts.headers.stsPreload=${TRAEFIK_STS_PRELOAD}
       ### Section HTTP
       - traefik.http.routers.http-${TRAEFIK_ROUTER}.entrypoints=http
-      # only some people can access the dashboard, hence protect it with it's whitelist
-      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=dashboard-whitelist
       # redirect Træfik dashboard to HTTPS only
-      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=http-to-https
-      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.middlewares=${TRAEFIK_HTTP_MIDDLEWARES}
+      - traefik.http.routers.http-${TRAEFIK_ROUTER}.rule=${TRAEFIK_MATCHRULE}
       - traefik.http.routers.http-${TRAEFIK_ROUTER}.service=api@internal
       ### Section HTTPS
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.entrypoints=https
-      # only some people can access the dashboard, hence protect it with it's whitelist (and add HSTS for security)
-      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=hsts,dashboard-whitelist
       # configure Træfik dashboard to be the exposed service
-      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=Host(`${TRAEFIK_MATCHRULE}`)
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.middlewares=${TRAEFIK_HTTPS_MIDDLEWARES}
+      - traefik.http.routers.https-${TRAEFIK_ROUTER}.rule=${TRAEFIK_MATCHRULE}
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.service=api@internal
       # of course, enable TLS and it's certificate provider
       - traefik.http.routers.https-${TRAEFIK_ROUTER}.tls=${TRAEFIK_TLSENABLED}
@@ -67,8 +65,8 @@ services:
       - 443:443
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./config:/config:ro
-      - ./certs.json:/certs.json
+      - ${TRAEFIK_DYNAMIC}:/config:ro
+      - ${TRAEFIK_CERTFILE}:/certs.json
 
 networks:
   traefik:
diff --git a/env.example b/env.example
index 090ded1..1ddcfde 100644
--- a/env.example
+++ b/env.example
@@ -1,11 +1,13 @@
 # General environment
-TRAEFIK_VERSION=2.4
+TRAEFIK_VERSION=latest
 TRAEFIK_CERTRESOLVER=letsencrypt
 TRAEFIK_DASHBOARD_WHITELIST=1.2.3.4/24
 TRAEFIK_ENABLED=true
 TRAEFIK_NETWORK=traefik
-TRAEFIK_MATCHRULE=traefik.mydomain.com
+TRAEFIK_MATCHRULE=Host(`traefik.mydomain.com`)
 TRAEFIK_ROUTER=traefik_mydomain_com
+TRAEFIK_HTTP_MIDDLEWARES=dashboard-whitelist,http-to-https
+TRAEFIK_HTTPS_MIDDLEWARES=dashboard-whitelist,hsts
 
 # Security
 TRAEFIK_TLSENABLED=true
@@ -22,3 +24,7 @@ LETSENCRYPT_EMAIL=admin@mydomain.com
 # Debugging
 TRAEFIK_ACCESSLOG=false
 TRAEFIK_LOGLEVEL=INFO
+
+# Volumes
+TRAEFIK_DYNAMIC=./config
+TRAEFIK_CERTFILE=./certs.json