refactor: update Traefik configuration for improved security and logging
- Removed unnecessary volume mapping for production environment. - Added insecure API access and debug logging for development environment. - Ensured consistent handling of Docker provider exposure settings. - Updated certificate resolver storage path for clarity.
This commit is contained in:
		| @@ -173,13 +173,12 @@ function generate_default_proxy_configuration(Server $server) | ||||
|                     ], | ||||
|                     'volumes' => [ | ||||
|                         '/var/run/docker.sock:/var/run/docker.sock:ro', | ||||
|                         "{$proxy_path}:/traefik", | ||||
| 
 | ||||
|                     ], | ||||
|                     'command' => [ | ||||
|                         '--ping=true', | ||||
|                         '--ping.entrypoint=http', | ||||
|                         '--api.dashboard=true', | ||||
|                         '--api.insecure=false', | ||||
|                         '--entrypoints.http.address=:80', | ||||
|                         '--entrypoints.https.address=:443', | ||||
|                         '--entrypoints.http.http.encodequerysemicolons=true', | ||||
| @@ -187,21 +186,26 @@ function generate_default_proxy_configuration(Server $server) | ||||
|                         '--entrypoints.https.http.encodequerysemicolons=true', | ||||
|                         '--entryPoints.https.http2.maxConcurrentStreams=50', | ||||
|                         '--entrypoints.https.http3', | ||||
|                         '--providers.docker.exposedbydefault=false', | ||||
|                         '--providers.file.directory=/traefik/dynamic/', | ||||
|                         '--providers.docker.exposedbydefault=false', | ||||
|                         '--providers.file.watch=true', | ||||
|                         '--certificatesresolvers.letsencrypt.acme.httpchallenge=true', | ||||
|                         '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json', | ||||
|                         '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http', | ||||
|                         '--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json', | ||||
|                     ], | ||||
|                     'labels' => $labels, | ||||
|                 ], | ||||
|             ], | ||||
|         ]; | ||||
|         if (isDev()) { | ||||
|             // $config['services']['traefik']['command'][] = "--log.level=debug";
 | ||||
|             $config['services']['traefik']['command'][] = '--api.insecure=true'; | ||||
|             $config['services']['traefik']['command'][] = '--log.level=debug'; | ||||
|             $config['services']['traefik']['command'][] = '--accesslog.filepath=/traefik/access.log'; | ||||
|             $config['services']['traefik']['command'][] = '--accesslog.bufferingsize=100'; | ||||
|             $config['services']['traefik']['volumes'][] = '/var/lib/docker/volumes/coolify_dev_coolify_data/_data/proxy/:/traefik'; | ||||
|         } else { | ||||
|             $config['services']['traefik']['command'][] = '--api.insecure=false'; | ||||
|             $config['services']['traefik']['volumes'][] = "{$proxy_path}:/traefik"; | ||||
|         } | ||||
|         if ($server->isSwarm()) { | ||||
|             data_forget($config, 'services.traefik.container_name'); | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Andras Bacsai
					Andras Bacsai