From f82d95e908861565bdccb1eaaffb3e79bf878f30 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <andras.bacsai@gmail.com>
Date: Fri, 6 Dec 2024 13:07:56 +0100
Subject: [PATCH] refactor: update Traefik configuration for improved security
 and logging

- Removed unnecessary volume mapping for production environment.
- Added insecure API access and debug logging for development environment.
- Ensured consistent handling of Docker provider exposure settings.
- Updated certificate resolver storage path for clarity.
---
 bootstrap/helpers/proxy.php | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/bootstrap/helpers/proxy.php b/bootstrap/helpers/proxy.php
index a8ef0fe5a..463e89b6f 100644
--- a/bootstrap/helpers/proxy.php
+++ b/bootstrap/helpers/proxy.php
@@ -173,13 +173,12 @@ function generate_default_proxy_configuration(Server $server)
                     ],
                     'volumes' => [
                         '/var/run/docker.sock:/var/run/docker.sock:ro',
-                        "{$proxy_path}:/traefik",
+
                     ],
                     'command' => [
                         '--ping=true',
                         '--ping.entrypoint=http',
                         '--api.dashboard=true',
-                        '--api.insecure=false',
                         '--entrypoints.http.address=:80',
                         '--entrypoints.https.address=:443',
                         '--entrypoints.http.http.encodequerysemicolons=true',
@@ -187,21 +186,26 @@ function generate_default_proxy_configuration(Server $server)
                         '--entrypoints.https.http.encodequerysemicolons=true',
                         '--entryPoints.https.http2.maxConcurrentStreams=50',
                         '--entrypoints.https.http3',
-                        '--providers.docker.exposedbydefault=false',
                         '--providers.file.directory=/traefik/dynamic/',
+                        '--providers.docker.exposedbydefault=false',
                         '--providers.file.watch=true',
                         '--certificatesresolvers.letsencrypt.acme.httpchallenge=true',
-                        '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json',
                         '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http',
+                        '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json',
                     ],
                     'labels' => $labels,
                 ],
             ],
         ];
         if (isDev()) {
-            // $config['services']['traefik']['command'][] = "--log.level=debug";
+            $config['services']['traefik']['command'][] = '--api.insecure=true';
+            $config['services']['traefik']['command'][] = '--log.level=debug';
             $config['services']['traefik']['command'][] = '--accesslog.filepath=/traefik/access.log';
             $config['services']['traefik']['command'][] = '--accesslog.bufferingsize=100';
+            $config['services']['traefik']['volumes'][] = '/var/lib/docker/volumes/coolify_dev_coolify_data/_data/proxy/:/traefik';
+        } else {
+            $config['services']['traefik']['command'][] = '--api.insecure=false';
+            $config['services']['traefik']['volumes'][] = "{$proxy_path}:/traefik";
         }
         if ($server->isSwarm()) {
             data_forget($config, 'services.traefik.container_name');