traefik/docker-compose-global.yml aktualisiert

traefik/docker-compose-global.yml

@@ -1,3 +1,5 @@
+version: "3.9"
+
 services:
   traefik:
     image: traefik:v3.1
@@ -7,10 +9,12 @@ services:
     command:
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
+
+      # EntryPoints
       - "--entrypoints.web.address=:80"
       - "--entrypoints.websecure.address=:443"
 
-      # Let's Encrypt (optional, aber hier aktiviert)
+      # Let's Encrypt
       - "--certificatesresolvers.le.acme.httpchallenge=true"
       - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
       - "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL:-admin@example.com}"
@@ -26,10 +30,7 @@ services:
       - "${TRAEFIK_DASHBOARD_PORT:-8080}:8080"
 
     volumes:
-      # Docker Socket (Read-Only)
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
-
-      # Parametrisierter Speicherort für Let's Encrypt + Fallback
       - "${TRAEFIK_DATA_PATH:-/opt/traefik}/letsencrypt:/letsencrypt"
 
     networks:
@@ -38,12 +39,18 @@ services:
     labels:
       - "traefik.enable=true"
 
-      # Dashboard über HTTPS
+      # Dashboard Router
       - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DASHBOARD_HOST:-traefik.local}`)"
-      - "traefik.http.routers.traefik.service=api@internal"
       - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.service=api@internal"
       - "traefik.http.routers.traefik.tls.certresolver=le"
 
+      # Basic Auth Middleware
+      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_AUTH_USER:-admin}:${TRAEFIK_AUTH_HASH:-$$apr1$$xyz123}"
+
+      # Dashboard secured with Basic Auth
+      - "traefik.http.routers.traefik.middlewares=traefik-auth"
+
 networks:
   proxy:
     name: proxy