| Both sides previous revision Previous revision Next revision | Previous revision |
| docker_notes:docker-reverse-proxy [2024-01-12 Fri wk02 21:18] – [whitelisting] baumkp | docker_notes:docker-reverse-proxy [2024-04-28 Sun wk17 11:11] (current) – [Cloudsec] baumkp |
|---|
| <code bash [enable_line_numbers="true"]>docker-compose up -d</code> | <code bash [enable_line_numbers="true"]>docker-compose up -d</code> |
| =====Portainer===== | =====Portainer===== |
| | *[[https://www.portainer.io/|portainer]] |
| <code bash [enable_line_numbers="true"]>cd /home/docker_store | <code bash [enable_line_numbers="true"]>cd /home/docker_store |
| sudo mkdir portainer | sudo mkdir portainer |
| │ ├── acme.json | This is the Lets Encrypt RSA key file downloaded by Traefik | │ ├── acme.json | This is the Lets Encrypt RSA key file downloaded by Traefik |
| │ ├── config | │ ├── config |
| | | ├── http.yml | This is the dynamic configuration file for http | | | ├── http.yml | This is the dynamic configuration file for http (want to separate into 2 smaller files, basic and main services) |
| | | └── tcp.yml | This is the dynamic configuration file for tcp | | | └── tcp.yml | This is the dynamic configuration file for tcp (not using at the moment, starttls is not supported by Traefik at this time) |
| │ ├── provider.env | This has the key file for DNS wildcard challenge on LetsEncrypt | │ ├── provider.env | This has the key file for DNS wildcard challenge on LetsEncrypt |
| │ ├── traefik.yml | This is the main traefik static configuration file | │ ├── traefik.yml | This is the main traefik static configuration file |
| ++++ | ++++ |
| |
| | =====BasicAuth===== |
| | For any internal service I expose to the public internet that are either not full services with own password, e.g. dokuwiki, nextcloud and mail server, but I do not want general public access I would like to add basic password protection. This is built into the web server applications such as Apache and presumably Nginx, but Traefik also has some functionality. |
| | |
| | The middleware [[https://doc.traefik.io/traefik/middlewares/http/basicauth/|BasicAuth]] seems to define this functionality. If I setup Gotify, that does not have an iOS client I can then use a public access webpage with password protection to check notifications. Unfortunately this is not active, in that it does not actively alert of new messages that presumably an app would do, but would probably meet my needs. |
| |
| =====SSL Services===== | =====SSL Services===== |
| |
| |
| <- docker_notes:docker|Back ^ docker_notes:index|Start page ^ docker_notes:docker-dokuwiki|Next -> | <- docker_notes:init|Back ^ docker_notes:index|Start page ^ docker_notes:docker-dokuwiki|Next -> |
| |