configure traefik and smallstep

3 files changed, 27 insertions, 2 deletions

diff --git a/volumes/proxy/acme.json b/volumes/proxy/acme.json
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/volumes/proxy/acme.json
diff --git a/volumes/proxy/traefik.toml b/volumes/proxy/traefik.toml
index 6d3acb6..22ec105 100644
--- a/volumes/proxy/traefik.toml
+++ b/volumes/proxy/traefik.toml
@@ -11,7 +11,7 @@
   dashboard = true
 
 [certificatesResolvers.smallstep.acme]
-  caServer = "https://root-ca" # acme-staging-v02.api.letsencrypt.org/directory"
+  caServer = "https://root-ca.castle:9000" # acme-staging-v02.api.letsencrypt.org/directory"
   storage = "acme.json"
   [certificatesResolvers.smallstep.acme.httpChallenge]
     entryPoint = "web"
@@ -21,4 +21,4 @@
   network = "fediverse"
 
 [providers.file]
-  filename = "traefik_dynamic.toml"
+  filename = "/etc/traefik/traefik_dynamic.toml"
diff --git a/volumes/proxy/traefik_dynamic.toml b/volumes/proxy/traefik_dynamic.toml
new file mode 100644
index 0000000..cda5b24
--- /dev/null
+++ b/volumes/proxy/traefik_dynamic.toml
@@ -0,0 +1,25 @@
+[http.middlewares.simpleAuth.basicAuth]
+  users = [
+    # username: sandcastles
+    # password: admin
+    "sandcastles:$apr1$Xe1bQOFU$OQ.6qf4QCcRk5E8mQ.yt4."
+  ]
+
+[http.routers.api]
+  rule = "Host(`dashboard.castle`)"
+  entrypoints = ["websecure"]
+  middlewares = ["simpleAuth"]
+  service = "api@internal"
+  [http.routers.api.tls]
+    certResolver = "smallstep"
+
+[http.routers.dockerhost]
+    rule = "Host(`host.castle`)"
+    entrypoints = ["websecure"]
+    service = "dockerhost"
+    [http.routers.dockerhost.tls]
+    certResolver = "smallstep"
+
+[http.services.dockerhost]
+    [http.services.dockerhost.loadbalancer.servers]
+        url = "http://host.docker.internal:5127"
\ No newline at end of file