Cleaner file

docker/compose/dc-traefik.yml

@@ -1,3 +1,11 @@
+########################### SECRETS
+secrets:
+  cloudflare_email:
+    file: ${SECRETSDIR}/cloudflare_email
+  cloudflare_api_key:
+    file: ${SECRETSDIR}/cloudflare_api_key
+  cloudflare_api_token:
+    file: ${SECRETSDIR}/cloudflare_dns_api_token
 services:
   # Traefik 2 - Reverse Proxy
   # Touch (create empty files) traefik.log and acme/acme.json. Set acme.json permissions to 600.
@@ -12,9 +20,7 @@ services:
       - no-new-privileges:true
     networks:
       proxy:
-        ipv4_address: ${TRAEFIK_IP0} # You can specify a static IP
       socket_proxy:
-        ipv4_address: ${TRAEFIK_IP1}
     ports:
       - 80:80
       - 443:443
@@ -23,15 +29,16 @@ services:
     #  required: true # default
     #- path: ./override.env
     #  required: false
-    #environment:
-    #  - CF_API_EMAIL_FILE=/run/secrets/cloudflare_email
-    #  - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
+    environment:
+      - CF_API_EMAIL_FILE=/run/secrets/cloudflare_email
+      - CF_API_KEY_FILE=/run/secrets/cloudflare_api_key
+      - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
     command: # CLI arguments
       - --global.checkNewVersion=true
       - --global.sendAnonymousUsage=false #true
       - --entryPoints.http.address=:80
       - --entrypoints.http.http.redirections.entryPoint.to=https
-      #- --entrypoints.http.http.middlewares=middlewares-crowdsec-bouncer@file
+      - --entrypoints.http.http.middlewares=middlewares-crowdsec-bouncer@file
       - --entryPoints.https.address=:443
       - --entrypoints.https.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
 #      - --entryPoints.traefik.address=:8080
@@ -43,7 +50,7 @@ services:
       #(- --pilot.token=$TRAEFIK_PILOT_TOKEN)
       - --serversTransport.insecureSkipVerify=true
       - --log=true
-      - --log.level=INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
+      - --log.level=DEBUG #INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
       - --log.filePath= /var/log/traefik/traefik.log
       - --accessLog=true
       - --accessLog.filePath=/var/log/traefik/access.log
@@ -70,9 +77,8 @@ services:
       - --entrypoints.https.http.tls.domains[3].sans=*.$DOMAINNAME3 # Pulls wildcard cert for second domain
       - --providers.docker.network=proxy
       - --providers.file.directory=/config # Load dynamic configuration from one or more .toml or .yml files in a directory
-     #(- --providers.file.filename=/path/to/file # Load dynamic configuration from a file)
       - --providers.file.watch=true # Only works on top level files in the rules folder
-      - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
+      #- --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
       - --certificatesResolvers.$CERTRESOLVER.acme.email=${CF_API_EMAIL}
       - --certificatesResolvers.$CERTRESOLVER.acme.storage=/acme.json
       - --certificatesResolvers.$CERTRESOLVER.acme.dnsChallenge.provider=${DNS_PROVIDER}
@@ -88,18 +94,20 @@ services:
       - ${DOCKERDIR}/traefik/config:/config:ro # file provider directory
       - ${DOCKERDIR}/traefik/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600
       - ${DOCKERDIR}/traefik/logs:/var/log/traefik # for crowdsec - make sure to touch file before starting container
-    #secrets:
-    #  - cloudflare_email
+    secrets:
+      - cloudflare_email
+      - cloudflare_api_key
+      - cloudflare_api_token
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.traefik.entrypoints=http"
-      - "traefik.http.routers.traefik.rule=Host(`test-proxy.${DOMAINNAME1}`)"
+      - "traefik.http.routers.traefik.rule=Host(`${PROXYNAME}.${DOMAINNAME1}`)"
       - "traefik.http.middlewares.traefik-auth.basicauth.users=${BASICAUTHUSER}"
       - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
       - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
       - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
       - "traefik.http.routers.traefik-secure.entrypoints=https"
-      - "traefik.http.routers.traefik-secure.rule=Host(`test-proxy.${DOMAINNAME1}`)"
+      - "traefik.http.routers.traefik-secure.rule=Host(`${PROXYNAME}.${DOMAINNAME1}`)"
       - "traefik.http.routers.traefik-secure.middlewares=chain-no-auth@file"
       #- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
       - "traefik.http.routers.traefik-secure.service=api@internal"