Initial backup import

root/docker/traefik/data/dynamic/dynamic/.htpasswd

@@ -0,0 +1,2 @@
+admin:$apr1$kwoSW3.P$q.4mOtE14xAdBLR5tA4sA/
+

root/docker/traefik/data/dynamic/dynamic/middlewares.yml

@@ -0,0 +1,15 @@
+http:
+  middlewares:
+    drawio-auth:
+      basicAuth:
+        usersFile: /etc/traefik/dynamic/.htpasswd
+
+    dashboard-auth:
+      basicAuth:
+        usersFile: /etc/traefik/dynamic/.htpasswd     
+
+    lan-only:
+      ipWhiteList:
+        sourceRange:
+          - "192.168.0.0/16"
+          - "10.0.0.0/8"

root/docker/traefik/data/dynamic/dynamic/nextcloud.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    nextcloud-headers:
+      headers:
+        customRequestHeaders:
+          X-Forwarded-Proto: https

root/docker/traefik/data/dynamic/middlewares.yml

@@ -0,0 +1,15 @@
+http:
+  middlewares:
+    drawio-auth:
+      basicAuth:
+        usersFile: /etc/traefik/dynamic/.htpasswd
+
+    dashboard-auth:
+      basicAuth:
+        usersFile: /etc/traefik/dynamic/.htpasswd     
+
+    lan-only:
+      ipWhiteList:
+        sourceRange:
+          - "192.168.0.0/16"
+          - "10.0.0.0/8"

root/docker/traefik/data/dynamic/nextcloud.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    nextcloud-headers:
+      headers:
+        customRequestHeaders:
+          X-Forwarded-Proto: https

root/docker/traefik/docker-compose.yml

@@ -0,0 +1,60 @@
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    command:
+      - --global.sendanonymoususage=false
+      - --log.level=INFO
+
+      # Docker Provider
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.network=webproxy-net
+
+      # optional: zusätzliche dynamische Datei für Middlewares/TLS-Optionen
+      - --providers.file.directory=/etc/traefik/dynamic
+      - --providers.file.watch=true
+
+      # EntryPoints
+      - --entrypoints.web.address=:80
+      - --entrypoints.websecure.address=:443
+
+      # globaler HTTP -> HTTPS Redirect
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.web.http.redirections.entrypoint.permanent=true
+
+      # ACME / Let's Encrypt
+      - --certificatesresolvers.le.acme.email=Michael.Seidel@focus-on-it.de
+      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
+      - --certificatesresolvers.le.acme.httpchallenge=true
+      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
+
+      # Dashboard nur intern / testweise
+      - --api.dashboard=true
+      - --api.insecure=false
+
+    ports:
+      - "80:80"
+      - "443:443"
+
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /root/docker/traefik/data/letsencrypt:/letsencrypt
+      - /root/docker/traefik/data/dynamic:/etc/traefik/dynamic:ro
+
+    networks:
+      - webproxy-net
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.traefik.rule=Host(`traefik.focus-on-it.net`)
+      - traefik.http.routers.traefik.entrypoints=websecure
+      - traefik.http.routers.traefik.tls=true
+      - traefik.http.routers.traefik.tls.certresolver=le
+      - traefik.http.routers.traefik.service=api@internal
+      - traefik.http.routers.traefik.middlewares=lan-only@file,dashboard-auth@file
+    restart: unless-stopped
+
+networks:
+  webproxy-net:
+    external: true

root/docker/traefik/start.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+#/root/docker/traefik/start.sh
+
+set -euo pipefail
+cd "$(dirname "$0")"
+
+# Stack sauber stoppen und entfernen (Container weg, Volumes bleiben!)
+docker compose down
+
+# Images aktualisieren
+docker compose pull
+
+# Neu erstellen und starten
+docker compose up -d --force-recreate --remove-orphans
+
+# Optional: alte Images aufräumen
+docker image prune -f