From cdbe09b244229e3f9bf897d7f4e42f7fd2652297 Mon Sep 17 00:00:00 2001
From: Thomas M <thomas@famm.name>
Date: Fri, 2 Jan 2026 21:13:07 +0000
Subject: [PATCH] traefik/docker-compose-global.yml aktualisiert

---
 traefik/docker-compose-global.yml | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/traefik/docker-compose-global.yml b/traefik/docker-compose-global.yml
index 8702f4f..1122a27 100644
--- a/traefik/docker-compose-global.yml
+++ b/traefik/docker-compose-global.yml
@@ -4,17 +4,30 @@ services:
     container_name: ${TRAEFIK_NAME:-traefik}
     restart: unless-stopped
 
+    # Wir erzeugen den Basic-Auth-Hash dynamisch beim Start
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        echo "🔐 Generating Basic Auth hash..."
+        HASH=$(openssl passwd -apr1 "$TRAEFIK_AUTH_PASSWORD")
+        echo "[http.middlewares.traefik-auth.basicauth]" > /dynamic-auth.toml
+        echo "  users = [\"${TRAEFIK_AUTH_USER}:$HASH\"]" >> /dynamic-auth.toml
+        echo "🚀 Starting Traefik..."
+        exec traefik
+
     command:
       # Provider
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.filename=/dynamic-auth.toml"
 
       # EntryPoints
       - "--entrypoints.web.address=:80"
       - "--entrypoints.websecure.address=:443"
 
       # Let's Encrypt (ACME)
-      - "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL:-admin@example.com}"
+      - "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL}"
       - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
       - "--certificatesresolvers.le.acme.httpchallenge=true"
       - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
@@ -27,8 +40,8 @@ services:
       - "--log.level=${TRAEFIK_LOGLEVEL:-INFO}"
 
     ports:
-      - "80:80"
-      - "443:443"
+      - "${TRAEFIK_HTTP_PORT:-80}:80"
+      - "${TRAEFIK_HTTPS_PORT:-443}:443"
 
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
@@ -47,10 +60,7 @@ services:
       - "traefik.http.routers.traefik.tls=true"
       - "traefik.http.routers.traefik.tls.certresolver=le"
 
-      # Basic Auth Middleware
-      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_AUTH_USER}:${TRAEFIK_AUTH_HASH}"
-
-      # Apply Auth
+      # Basic Auth Middleware (aus dynamic-auth.toml)
       - "traefik.http.routers.traefik.middlewares=traefik-auth"
 
 networks: