{"id":44317336,"url":"https://github.com/basher83/dockervm-traefik","last_synced_at":"2026-02-11T05:15:24.658Z","repository":{"id":306888600,"uuid":"1027505385","full_name":"basher83/dockervm-traefik","owner":"basher83","description":null,"archived":false,"fork":false,"pushed_at":"2025-07-28T08:41:15.000Z","size":37,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-28T09:24:15.903Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/basher83.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-28T05:47:07.000Z","updated_at":"2025-07-28T08:41:19.000Z","dependencies_parsed_at":"2025-07-28T09:24:17.577Z","dependency_job_id":"01cd412b-f112-43fd-8aa8-c1a6eda88212","html_url":"https://github.com/basher83/dockervm-traefik","commit_stats":null,"previous_names":["basher83/dockervm-traefik"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/basher83/dockervm-traefik","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basher83%2Fdockervm-traefik","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basher83%2Fdockervm-traefik/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basher83%2Fdockervm-traefik/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basher83%2Fdockervm-traefik/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/basher83","download_url":"https://codeload.github.com/basher83/dockervm-traefik/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/basher83%2Fdockervm-traefik/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29327165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T03:52:29.695Z","status":"ssl_error","status_checked_at":"2026-02-11T03:52:23.094Z","response_time":97,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-02-11T05:15:24.604Z","updated_at":"2026-02-11T05:15:24.652Z","avatar_url":"https://github.com/basher83.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dockervm-traefik\n\nA production-ready Traefik reverse proxy setup optimized for deployment via Komodo. This configuration provides SSL termination, Docker socket security, automatic certificate management, and includes multiple pre-configured services.\n\n## Features\n\n- **Traefik 3.3** reverse proxy with automatic HTTPS\n- **Socket Proxy** for secure Docker API access (all services configured)\n- **Let's Encrypt** automatic SSL certificate management\n- **Log Rotation** with automated cleanup\n- **Security Middleware** with rate limiting and headers\n- **Komodo Integration** for Infrastructure as Code deployment\n- **Pre-configured Services**: Dozzle, Windmill, Arcane, Zammad, and more\n- **Validation Scripts** for deployment readiness checks\n\n## Deployment via Komodo\n\n### Prerequisites\n\n1. **Komodo Server**: Ensure you have a Komodo server configured with a Periphery agent\n2. **Docker Network**: The `traefik-proxy` network will be created automatically\n3. **Domain**: Configure your domain to point to the server running this stack\n\n### Quick Deployment\n\n1. **Validate Configuration**:\n   ```bash\n   # Run comprehensive validation\n   ./scripts/validate-deployment.sh\n   \n   # Or run individual checks\n   ./scripts/validate-ports.py      # Check for port conflicts\n   ./scripts/validate-komodo.sh     # Validate Komodo configuration\n   ```\n\n2. **Update Resource Configuration**:\n\n   - Edit `komodo-sync-resources.toml`\n   - Replace `server_id = \"dockervm\"` with your actual Komodo server name\n   - Update git repository path if forked\n\n3. **Create ResourceSync in Komodo**:\n\n   - Navigate to Komodo UI → Resources → Syncs\n   - Create new Sync pointing to this repository\n   - Set resource path to `komodo-sync-resources.toml`\n   - Configure Git provider credentials if repository is private\n\n4. **Deploy**:\n   - Refresh the Sync to detect changes\n   - Review and apply the pending changes\n   - Monitor deployment status in Komodo dashboard\n\n### Environment Configuration\n\nThe stack uses environment variables for configuration. Key variables:\n\n| Variable                 | Description                    | Default                             |\n| ------------------------ | ------------------------------ | ----------------------------------- |\n| `DOMAIN`                 | Your domain name               | `lab.spaceships.work`               |\n| `LETSENCRYPT_EMAIL`      | Email for Let's Encrypt        | `admin@lab.spaceships.work`         |\n| `TRAEFIK_HTTP_PORT`      | HTTP port binding              | `8081`                              |\n| `TRAEFIK_HTTPS_PORT`     | HTTPS port binding             | `8443`                              |\n| `TRAEFIK_DASHBOARD_PORT` | Dashboard port                 | `8082`                              |\n| `DOZZLE_PORT`            | Dozzle log viewer port         | `8084`                              |\n| `DOCKER_HOST`            | Docker socket proxy URL        | `tcp://socket-proxy:2375`           |\n| `NGINX_EXPOSE_PORT`      | Zammad external port           | `8086`                              |\n| `PORT`                   | Flowise port                   | `3100`                              |\n| `DATABASE_URL`           | Windmill database connection   | `postgres://postgres:changeme@db/windmill?sslmode=disable` |\n\nAll environment variables are pre-configured in `komodo-sync-resources.toml` and will be applied during deployment.\n\n## Configuration\n\n### Traefik Configuration\n\nTraefik is configured via:\n\n- **Command line arguments** in `compose/traefik.yml`\n- **Dynamic configuration** files in `./appdata/traefik/rules/`\n- **Environment variables** for runtime settings\n- **Middleware chains** in `./appdata/traefik/rules/middlewares-*.yml`\n\n### Security Features\n\n- **Socket Proxy**: Isolates Docker API access with minimal permissions\n- **Security Headers**: HSTS, referrer policy, and custom headers\n- **Rate Limiting**: Configurable request rate limits\n- **Basic Auth**: Optional authentication for services\n\n### SSL/TLS\n\n- **Automatic Certificates**: Let's Encrypt HTTP challenge\n- **TLS Options**: Modern TLS configuration in `appdata/traefik/rules/tls-opts.yml`\n- **Certificate Storage**: Persistent storage in `appdata/traefik/acme/acme.json`\n\n## Included Services\n\nThe stack includes several pre-configured services:\n\n| Service | Port | Description |\n| ------- | ---- | ----------- |\n| Traefik | 80, 443, 8080 | Reverse proxy and SSL termination |\n| Socket Proxy | Internal | Secure Docker API access |\n| Dozzle | 8084 | Real-time Docker log viewer |\n| Windmill | 8085 | Workflow automation platform |\n| Arcane | 3000 | Docker management UI |\n| Zammad | 8086 | Helpdesk/ticketing system |\n| Beszel Hub | 8090 | System monitoring |\n| Hoarder | 3003 | Bookmark manager |\n| Backrest | 9898 | Web UI for restic backups |\n| Portainer Agent | 9001 | Container management agent |\n\nAll services are configured to use the socket proxy for Docker access instead of direct socket mounting.\n\n## Monitoring and Maintenance\n\n### Access Points\n\n- **Traefik Dashboard**: `https://traefik.yourdomain.com`\n- **Services**: Accessible via configured subdomains (e.g., `https://dozzle.yourdomain.com`)\n\n### Log Management\n\n- **Access Logs**: JSON format in `./logs/access.log`\n- **Application Logs**: JSON format in `./logs/traefik.log`\n- **Log Rotation**: Automated daily rotation, 7-day retention\n\n### Health Monitoring\n\nWhen deployed via Komodo:\n\n- Container health is monitored automatically\n- Alerts can be configured for service failures\n- Resource usage is tracked and displayed\n\n## Integration with Other Services\n\nThis Traefik setup is designed to work with other containerized services. To integrate a service:\n\n1. **Connect to Network**:\n\n   ```yaml\n   networks:\n     - traefik-proxy\n   ```\n\n2. **Add Traefik Labels**:\n   ```yaml\n   labels:\n     - \"traefik.enable=true\"\n     - \"traefik.http.routers.myapp.rule=Host(`myapp.yourdomain.com`)\"\n     - \"traefik.http.routers.myapp.entrypoints=websecure\"\n     - \"traefik.http.routers.myapp.tls.certresolver=letsencrypt\"\n   ```\n\n## Troubleshooting\n\n### Common Issues\n\n1. **Certificate Issues**: Check domain DNS and Let's Encrypt rate limits\n2. **Network Conflicts**: Ensure `traefik-proxy` network doesn't conflict\n3. **Port Conflicts**: Run `./scripts/validate-ports.py` to check for conflicts\n4. **Permissions**: Check Docker socket permissions for socket-proxy\n5. **Service Conflicts**: Ensure no services are using the same ports (see Port Allocation documentation)\n\n### Logs\n\n```bash\n# View Traefik logs\ndocker logs traefik\n\n# View all stack logs\ndocker compose -f docker-compose-prod.yml logs -f\n\n# Check specific service\ndocker logs socket-proxy\n\n# Use Dozzle for real-time log viewing\n# Access at http://localhost:8084 or https://dozzle.yourdomain.com\n```\n\n### Validation Scripts\n\nBefore deployment, use the validation scripts:\n\n```bash\n# Comprehensive validation\n./scripts/validate-deployment.sh\n\n# Check for port conflicts\n./scripts/validate-ports.py\n\n# Validate Komodo configuration\n./scripts/validate-komodo.sh\n```\n\n## Documentation\n\n- **Port Allocation**: See `docs/PORT-ALLOCATION.md` for complete port mapping\n- **Deployment Issues**: See `docs/TODO-DEPLOYMENT-ISSUES.md` for resolved issues and solutions\n\n## Contributing\n\nThis repository is configured for Komodo deployment. When making changes:\n\n1. Run validation scripts before committing\n2. Test changes locally first\n3. Update `komodo-sync-resources.toml` if configuration changes\n4. Ensure all services use socket-proxy instead of direct Docker socket\n5. Update documentation as needed\n6. Verify no port conflicts with existing services\n\n## License\n\nMIT License - see LICENSE file for details\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasher83%2Fdockervm-traefik","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbasher83%2Fdockervm-traefik","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbasher83%2Fdockervm-traefik/lists"}