traefik/docker-compose-global.yml aktualisiert

traefik/docker-compose-global.yml

@@ -4,17 +4,30 @@ services:
     container_name: ${TRAEFIK_NAME:-traefik}
     restart: unless-stopped
 
+    # Wir erzeugen den Basic-Auth-Hash dynamisch beim Start
+    entrypoint:
+      - /bin/sh
+      - -c
+      - |
+        echo "🔐 Generating Basic Auth hash..."
+        HASH=$(openssl passwd -apr1 "$TRAEFIK_AUTH_PASSWORD")
+        echo "[http.middlewares.traefik-auth.basicauth]" > /dynamic-auth.toml
+        echo "  users = [\"${TRAEFIK_AUTH_USER}:$HASH\"]" >> /dynamic-auth.toml
+        echo "🚀 Starting Traefik..."
+        exec traefik
+
     command:
       # Provider
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.filename=/dynamic-auth.toml"
 
       # EntryPoints
       - "--entrypoints.web.address=:80"
       - "--entrypoints.websecure.address=:443"
 
       # Let's Encrypt (ACME)
-      - "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL:-admin@example.com}"
+      - "--certificatesresolvers.le.acme.email=${TRAEFIK_ACME_EMAIL}"
       - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
       - "--certificatesresolvers.le.acme.httpchallenge=true"
       - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
@@ -27,8 +40,8 @@ services:
       - "--log.level=${TRAEFIK_LOGLEVEL:-INFO}"
 
     ports:
-      - "80:80"
-      - "443:443"
+      - "${TRAEFIK_HTTP_PORT:-80}:80"
+      - "${TRAEFIK_HTTPS_PORT:-443}:443"
 
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
@@ -47,10 +60,7 @@ services:
       - "traefik.http.routers.traefik.tls=true"
       - "traefik.http.routers.traefik.tls.certresolver=le"
 
-      # Basic Auth Middleware
-      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_AUTH_USER}:${TRAEFIK_AUTH_HASH}"
-
-      # Apply Auth
+      # Basic Auth Middleware (aus dynamic-auth.toml)
       - "traefik.http.routers.traefik.middlewares=traefik-auth"
 
 networks: