dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

refactor: update Traefik configuration for improved security and logging

Browse Source 
- Removed unnecessary volume mapping for production environment.
- Added insecure API access and debug logging for development environment.
- Ensured consistent handling of Docker provider exposure settings.
- Updated certificate resolver storage path for clarity.
This commit is contained in:
Andras Bacsai
2024-12-06 13:07:56 +01:00
parent 8405f241f3
commit f82d95e908
1 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
bootstrap/helpers/proxy.php
View File

@@ -173,13 +173,12 @@ function generate_default_proxy_configuration(Server $server)
], ],
'volumes' => [ 'volumes' => [
'/var/run/docker.sock:/var/run/docker.sock:ro', '/var/run/docker.sock:/var/run/docker.sock:ro',
"{$proxy_path}:/traefik",
], ],
'command' => [ 'command' => [
'--ping=true', '--ping=true',
'--ping.entrypoint=http', '--ping.entrypoint=http',
'--api.dashboard=true', '--api.dashboard=true',
'--api.insecure=false',
'--entrypoints.http.address=:80', '--entrypoints.http.address=:80',
'--entrypoints.https.address=:443', '--entrypoints.https.address=:443',
'--entrypoints.http.http.encodequerysemicolons=true', '--entrypoints.http.http.encodequerysemicolons=true',
@@ -187,21 +186,26 @@ function generate_default_proxy_configuration(Server $server)
'--entrypoints.https.http.encodequerysemicolons=true', '--entrypoints.https.http.encodequerysemicolons=true',
'--entryPoints.https.http2.maxConcurrentStreams=50', '--entryPoints.https.http2.maxConcurrentStreams=50',
'--entrypoints.https.http3', '--entrypoints.https.http3',
'--providers.docker.exposedbydefault=false',
'--providers.file.directory=/traefik/dynamic/', '--providers.file.directory=/traefik/dynamic/',
'--providers.docker.exposedbydefault=false',
'--providers.file.watch=true', '--providers.file.watch=true',
'--certificatesresolvers.letsencrypt.acme.httpchallenge=true', '--certificatesresolvers.letsencrypt.acme.httpchallenge=true',
'--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json',
'--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http', '--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http',
'--certificatesresolvers.letsencrypt.acme.storage=/traefik/acme.json',
], ],
'labels' => $labels, 'labels' => $labels,
], ],
], ],
]; ];
if (isDev()) { if (isDev()) {
// $config['services']['traefik']['command'][] = "--log.level=debug"; $config['services']['traefik']['command'][] = '--api.insecure=true';
$config['services']['traefik']['command'][] = '--log.level=debug';
$config['services']['traefik']['command'][] = '--accesslog.filepath=/traefik/access.log'; $config['services']['traefik']['command'][] = '--accesslog.filepath=/traefik/access.log';
$config['services']['traefik']['command'][] = '--accesslog.bufferingsize=100'; $config['services']['traefik']['command'][] = '--accesslog.bufferingsize=100';
$config['services']['traefik']['volumes'][] = '/var/lib/docker/volumes/coolify_dev_coolify_data/_data/proxy/:/traefik';
} else {
$config['services']['traefik']['command'][] = '--api.insecure=false';
$config['services']['traefik']['volumes'][] = "{$proxy_path}:/traefik";
} }
if ($server->isSwarm()) { if ($server->isSwarm()) {
data_forget($config, 'services.traefik.container_name'); data_forget($config, 'services.traefik.container_name');