feat: adds basic auth middleware

.env.sample

@@ -1,4 +1,6 @@
 TYPE=traefik
+TIMEOUT=300
+ENABLE_AUTO_UPDATE=true
 
 DOMAIN=traefik.example.com
 LETS_ENCRYPT_ENV=production
@@ -63,6 +65,12 @@ COMPOSE_FILE="compose.yml"
 ## used used by the coop-cloud monitoring stack
 #METRICS_ENABLED=1
 
+#####################################################################
+# File provider directory configuration                             #
+# (Route bare metal and non-docker services on the machine!)        #
+#####################################################################
+#FILE_PROVIDER_DIRECTORY_ENABLED=1
+
 #####################################################################
 # Additional services                                               #
 #####################################################################
@@ -102,3 +110,9 @@ COMPOSE_FILE="compose.yml"
 ## Matrix
 #COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
 #MATRIX_FEDERATION_ENABLED=1
+
+## BASIC_AUTH
+## Use httpasswd to generate the secret
+#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"
+#BASIC_AUTH=1
+#SECRET_USERSFILE_VERSION=v1

abra.sh

@@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v15
-export FILE_PROVIDER_YML_VERSION=v6
+export TRAEFIK_YML_VERSION=v16
+export FILE_PROVIDER_YML_VERSION=v7
 export ENTRYPOINT_VERSION=v2

compose.basicauth.yml

@@ -0,0 +1,12 @@
+version: "3.8"
+services:
+  app:
+    environment:
+      - BASIC_AUTH
+    secrets:
+      - usersfile
+
+secrets:
+  usersfile:
+    name: ${STACK_NAME}_usersfile_${SECRET_USERSFILE_VERSION}
+    external: true

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v2.9.9"
+    image: "traefik:v2.10.1"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
@@ -13,6 +13,7 @@ services:
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
       - "letsencrypt:/etc/letsencrypt"
+      - "file-providers:/etc/traefik/file-providers"
     configs:
       - source: traefik_yml
         target: /etc/traefik/traefik.yml
@@ -46,7 +47,8 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.service=api@internal"
         - "traefik.http.routers.${STACK_NAME}.middlewares=security@file"
-        - "coop-cloud.${STACK_NAME}.version=2.1.0+v2.9.9"
+        - "coop-cloud.${STACK_NAME}.version=2.2.0+v2.10.2"
+        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
 
 networks:
   proxy:
@@ -68,3 +70,4 @@ configs:
 
 volumes:
   letsencrypt:
+  file-providers:

file-provider.yml.tmpl

@@ -17,6 +17,11 @@ http:
         authResponseHeaders:
           - X-Forwarded-User
     {{ end }}
+    {{ if eq (env "BASIC_AUTH") "1" }}
+    basicauth:
+      basicAuth:
+        usersFile: "/run/secrets/usersfile"
+    {{ end }}
     security:
       headers:
         frameDeny: true

traefik.yml.tmpl

@@ -8,8 +8,14 @@ providers:
     exposedByDefault: false
     network: proxy
     swarmMode: true
+  {{ if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }}
+  file:
+    directory: /etc/traefik/file-providers
+    watch: true
+  {{ else }}
   file:
     filename: /etc/traefik/file-provider.yml
+  {{ end }}
 
 api:
   dashboard: {{ env "DASHBOARD_ENABLED" }}