I've set up a docker compose with traefik (and authentik for later), that has most stuff in the docker-compose.yml file, but I want to move some of the settings to the dynamic config.
My docker-compose.yml traefik snippet looks like this:
traefik:
image: "traefik:v3.0"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.cfresolver.acme.dnschallenge=true"
- "--certificatesresolvers.cfresolver.acme.dnschallenge.provider=cloudflare"
# - "--certificatesresolvers.cfresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.cfresolver.acme.email=email"
- "--certificatesresolvers.cfresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- "TRAEFIK_PROVIDERS_FILE_DIRECTORY=/etc/traefik"
- "TRAEFIK_PROVIDERS_FILE_WATCH=true"
- "CF_DNS_API_TOKEN=xxx"
volumes:
- "./letsencrypt:/letsencrypt"
- "./traefik/traefik.yml:/etc/traefik/traefik.yml"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
My traefik.yml looks like this (this is the entirity of it):
http:
middlewares:
local-ipallowlist:
ipAllowList:
sourceRange:
- "192.168.0.0/16"
- "10.11.12.0/24"
- "127.0.0.1/32"
I just want to see if I can limit the access to this site on IP, and I want that config to not be in the docker compose file.
When I start it, it get's angry with me:
traefik | {"level":"error","error":"command traefik error: no valid configuration found in file: /etc/traefik/traefik.yml","time":"2024-07-10T19:57:21Z","message":"Command error"}
The docs are a bit confusing about what goes in the file, so if somebody could clarify this for me, I would appreciate it.