Hello,
I would like to set up an IP filtering on my DokuWiki container. For this, I have implemented the configuration below, but the filtering works randomly. Sometimes the filtering works, but after a container restart, it no longer works, then after another restart, it sometimes works again.
Here is my docker-compose.yml file:
version: "3"
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik-data/traefik.yml:/traefik.yml:ro
- ./traefik-data/acme.json:/acme.json
- ./traefik-data/configurations:/configurations
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.com`)"
- "traefik.http.routers.traefik-secure.middlewares=user-auth@file"
- "traefik.http.routers.traefik-secure.service=api@internal"
dokuwiki:
image: lscr.io/linuxserver/dokuwiki:latest
container_name: dokuwiki
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
volumes:
- /home/Traefik/dokuwiki/config:/config
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.dokuwiki.rule=Host(`wiki.domain.com`)"
- "traefik.http.routers.dokuwiki-https.rule=Host(`wiki.domain.com`)"
- "traefik.http.routers.wokuwiki-https.entrypoints=websecure"
- "traefik.http.routers.dokuwiki-https.tls=true"
- "traefik.http.routers.dokuwiki.middlewares=filter-ipwhitelist@file"
networks:
- proxy
networks:
proxy:
external: true
My traefik.yml file :
api:
dashboard: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
websecure:
address: :443
http:
middlewares:
- secureHeaders@file
- user-auth@file
tls:
certResolver: letsencrypt
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /configurations/dynamic.yml
certificatesResolvers:
letsencrypt:
acme:
email: mail@gmail.com
storage: acme.json
keyType: EC384
httpChallenge:
entryPoint: web
and my dynamic.yml file :
# Dynamic configuration
http:
middlewares:
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
filter-ipwhitelist:
ipWhiteList:
sourceRange:
- "X.X.X.X/32"
user-auth:
basicAuth:
users:
- "admin:********************************"
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12
If I have forgotten any important details that would help you assist me, please do not hesitate to let me know. Thank you in advance