Merge pull request 'Update traefik Docker tag to v3.6.10' (#11 ) from renovate/traefik-3.x into main

Update traefik Docker tag to v3.6.10
Merge pull request 'Update traefik Docker tag to v3.6.9' (#10 ) from renovate/traefik-3.x into main
2026-03-07 01:03:47 +01:00 · 2026-03-07 00:03:44 +00:00 · 2026-02-24 01:03:20 +01:00 · 2026-02-24 00:03:18 +00:00 · 2026-02-12 01:03:03 +01:00 · 2026-02-12 00:02:59 +00:00
13 changed files with 205 additions and 341 deletions
--- a/.env
+++ b/.env
@@ -18,6 +18,7 @@ PGID=1000
 SECOND_LEVEL_DOMAIN=crescentec
 TOP_LEVEL_DOMAIN=ch
 LOCAL_DOMAIN=crescentec.lan
+LOCAL_VPS_DOMAIN=crescentec-vps.lan
 PUBLIC_DOMAIN=crescentec.ch

 # Personal info
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1,12 @@
+# Ignore these files
+**/services/.env
+
+# Ignore these folders
+letsencrypt/
+certs/
+log-dashboard/
+lib/
+**/headscale/config/
+**/headscale/run/
+**/crowdsec/config/
+**/crowdsec/data/
--- a/README.md
+++ b/README.md
@@ -2,3 +2,9 @@

 This configuration includes a reverse proxy using caddy, headscale (VPN) and watchtower (automatic updates).
 It is particularly useful if you do not own an IPV4 address, as this could be deployed on a server. In this case it was deployed on an oracle server and automated using an ansible playbook found on this [repository](https://gitea.crescentec.ch/chriswin/vps-ansible)
+
+For Crowdsec, if an enrollment to your console is wanted, run the following command: 
+```
+docker compose -it exec cscli console enroll $ENROLLMENT_KEY
+```
+where the the enrollment can be found in your console under the engine page.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,10 +6,9 @@
 # Whenever I need to remove some service then I can comment out the lines here.
 include:
  - path:
-      - ${SERVICE_PATH}/caddy/caddy.yml
      - ${SERVICE_PATH}/crowdsec/crowdsec.yml
      - ${SERVICE_PATH}/headscale/headscale.yml
-      # - ${SERVICE_PATH}/traefik/traefik.yml
+      - ${SERVICE_PATH}/traefik/traefik.yml
    env_file: ${SERVICE_PATH}/.env

 networks:
--- a/renovate.json
+++ b/renovate.json
@@ -0,0 +1,48 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": [
+        "schedule:automergeDaily"
+    ],
+    "dependencyDashboard": true,
+    "dependencyDashboardTitle": "Renovate Dashboard",
+    "assignees": [
+        "chriswin"
+    ],
+    "labels": [
+        "renovate"
+    ],
+    "configMigration": true,
+    "prHourlyLimit": 0,
+    "packageRules": [
+        {
+            "matchCategories": [
+                "docker"
+            ],
+            "enabled": true,
+            "managerFilePatterns": [
+                "/(^|/)services/*\\Dockerfile$/"
+            ]
+        },
+        {
+            "matchUpdateTypes": [
+                "minor",
+                "patch"
+            ],
+            "automerge": true,
+            "automergeType": "pr"
+        },
+        {
+            "matchUpdateTypes": [
+                "major"
+            ],
+            "automerge": false
+        }
+    ],
+    "docker-compose": {
+        "enabled": true,
+        "managerFilePatterns": [
+            "/(^|/)docker-compose\\.yml$/",
+            "/(^|/)services/.*\\.yml$/"
+        ]
+    }
+}
--- a/services/.env
+++ b/services/.env
--- a/services/caddy/Caddyfile
+++ b/services/caddy/Caddyfile
@@ -1,189 +0,0 @@
-(forward_headers) {
-        header {
-                Permissions-Policy interest-cohort=()
-                Strict-Transport-Security "max-age=31536000; includeSubdomains"
-                X-XSS-Protection "1; mode=block"
-                X-Content-Type-Options "nosniff"
-                X-Robots-Tag noindex, nofollow
-                Referrer-Policy "same-origin"
-                Content-Security-Policy "frame-ancestors {$public_domain }} *.{$public_domain}"
-                -Server
-                Permissions-Policy "geolocation=(self {$public_domain }} *.{$public_domain}), microphone=()"
-        }
-}
-
-auth.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-audiobookshelf.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-gitea.{$public_domain} {
-        reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-headscale.{$public_domain} {
-        reverse_proxy headscale:8080
-        tls {$email}
-        import forward_headers
-}
-
-immich.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-ldap.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-linkwarden.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-mealie.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-navidrome.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-ntfy.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-paperless.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-radicale.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-rss.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-pdf.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-superset.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-vaultwarden.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-vikunja.{$public_domain} {
-	reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
-
-{$public_domain} {
-        reverse_proxy {$main_server_ip} {
-                transport http {
-                        tls_insecure_skip_verify
-                }
-        }
-        tls {$email}
-        import forward_headers
-}
--- a/services/caddy/caddy.yml
+++ b/services/caddy/caddy.yml
@@ -1,30 +0,0 @@
-services:
-  caddy:
-    extends:
-      file: ${TEMPLATES_PATH}
-      service: default
-    image: caddy 
-    container_name: caddy 
-    volumes:
-      - ${SERVICE_PATH}/caddy/config:/etc/headscale
-      - ${SERVICE_PATH}/caddy/Caddyfile:/etc/caddy/Caddyfile
-      - ${SERVICE_PATH}/caddy/site:/srv
-      - ${SERVICE_PATH}/caddy/data:/data
-      - ${SERVICE_PATH}/caddy/config:/config
-      - ${SERVICE_PATH}/caddy/certs:/certs
-    ports:
-      - "80:80"
-      - "443:443"
-      - "443:443/udp"
-    environment:
-      email: ${EMAIL}
-      public_domain: ${PUBLIC_DOMAIN}
-      private_domain: ${LOCAL_DOMAIN}
-      main_server_ip: ${MAIN_SERVER_NODE_IP:-10.10.10.2}
-    cap_add:
-      - NET_ADMIN
-    networks:
-      - ip4net
-    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
--- a/services/crowdsec/crowdsec.yml
+++ b/services/crowdsec/crowdsec.yml
@@ -4,7 +4,7 @@ services:
      file: ${TEMPLATES_PATH}
      service: default
    container_name: crowdsec
-    image: crowdsecurity/crowdsec:v1.7.4
+    image: crowdsecurity/crowdsec:v1.7.6
    environment:
      COLLECTIONS: crowdsecurity/traefik crowdsecurity/appsec-virtual-patching crowdsecurity/appsec-generic-rules crowdsecurity/http-cve
      CROWDSEC_BOUNCER_API_KEY: ${CROWDSEC_API_KEY}
--- a/services/headscale/headscale.yml
+++ b/services/headscale/headscale.yml
@@ -17,5 +17,10 @@ services:
    networks:
      - ip4net
    labels:
-      # Watchtower
-      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.headscale.rule=Host(`headscale.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.headscale.entrypoints=https"
+      - "traefik.http.routers.headscale.tls.certresolver=myresolver"
+      - "traefik.http.routers.headscale.tls=true"
+      - "traefik.http.routers.headscale.middlewares=crowdsec-bouncer@file"
--- a/services/traefik/config/config.yml
+++ b/services/traefik/config/config.yml
@@ -8,29 +8,31 @@ http:
          enabled: true 
          logLevel: INFO
          updateIntervalSeconds: 60
-          crowdsecMode: stream
+          crowdsecMode: live 
          crowdsecAppsecEnabled: true
+          crowdsecAppsecFailureBlock: true 
+          crowdsecAppsecUnreachableBlock: true 
          crowdsecAppsecHost: crowdsec:7422
          crowdsecLapiScheme: http
          crowdsecLapiHost: crowdsec:8080
          # generated using "docker exec crowdsec cscli bouncers add crowdsecBouncer"
-          crowdseclapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
+          crowdsecLapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
          forwardedHeadersTrustedIPs:
            - 10.0.0.0/8
          clientTrustedIPs:
            - 192.168.178.0/24
-          captchaProvider: hcaptcha
-          captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
-          captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }}
-          captchaGracePeriodSeconds: 1800
-          captchaHTMLFilePath: /captcha.html
-          banHTMLFilePath: /ban.html
+          # captchaProvider: hcaptcha
+          # captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
+          # captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }}
+          # captchaGracePeriodSeconds: 1800
+          # captchaHTMLFilePath: /captcha.html
+          # banHTMLFilePath: /ban.html

  routers:
    authelia:
      rule: "Host(`auth.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -38,7 +40,7 @@ http:
    audiobookshelf:
      rule: "Host(`audiobookshelf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -46,15 +48,7 @@ http:
    gitea:
      rule: "Host(`gitea.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
-      tls:
-        certresolver: myresolver
-      middlewares: crowdsec-bouncer@file
-
-    headscale:
-      rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
-      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -62,15 +56,15 @@ http:
    immich:
      rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file

    lldap:
-      rule: "Host(`lldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+      rule: "Host(`ldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -78,7 +72,7 @@ http:
    linkwarden:
      rule: "Host(`linkwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -86,7 +80,7 @@ http:
    mealie:
      rule: "Host(`mealie.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -94,7 +88,7 @@ http:
    navidrome:
      rule: "Host(`navidrome.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -102,7 +96,7 @@ http:
    ntfy:
      rule: "Host(`ntfy.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -110,7 +104,7 @@ http:
    paperless:
      rule: "Host(`paperless.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -118,7 +112,7 @@ http:
    pdf:
      rule: "Host(`pdf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -126,7 +120,7 @@ http:
    radicale:
      rule: "Host(`radicale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -134,23 +128,23 @@ http:
    rss:
      rule: "Host(`rss.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file

-    superset:
-      rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
-      service: node 
-      entryPoints: https,http
-      tls:
-        certresolver: myresolver
-      middlewares: crowdsec-bouncer@file
+    # superset:
+    #   rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
+    #   service: node 
+    #   entrypoints: https,http
+    #   tls:
+    #     certresolver: myresolver
+    #   middlewares: crowdsec-bouncer@file

    vaultwarden:
      rule: "Host(`vaultwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -158,7 +152,7 @@ http:
    vikunja:
      rule: "Host(`vikunja.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
      service: node 
-      entryPoints: https,http
+      entrypoints: https,http 
      tls:
        certresolver: myresolver
      middlewares: crowdsec-bouncer@file
@@ -167,4 +161,14 @@ http:
    node:
      loadBalancer:
        servers:
-          - url: http://{{ env "TRAEFIK_MAIN_SERVER_NODE_IP" }}
+          - url: https://{{ env "TRAEFIK_MAIN_SERVER_NODE_IP" }}
+
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /etc/certs/server-vps-lan.crt
+        keyFile: /etc/certs/server-vps-lan.key
+  certificates:
+    - certFile: /etc/certs/server-vps-lan.crt
+      keyFile: /etc/certs/server-vps-lan.key
--- a/services/traefik/config/traefik.yml
+++ b/services/traefik/config/traefik.yml
@@ -32,12 +32,6 @@ entryPoints:
        - "10.0.0.0/8"
        - "192.168.178.0/16"
        - "2a07:600:200:1::/64"
-    http:
-      redirections: # HTTPS redirection (80 to 443)
-        entryPoint:
-          to: "https" # The target element
-          scheme: "https" # The redirection target scheme
-          permanent: true # The target element

  https:
    address: "[::]:443" # Create the HTTPS entrypoint on port 443
@@ -58,7 +52,8 @@ certificatesResolvers:
  myresolver:
    acme:
      email: chris.windler@crescentec.ch
-      storage: acme.json
+      storage: letsencrypt/acme.json
+      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        # used during the challenge
        entryPoint: http
--- a/services/traefik/traefik.yml
+++ b/services/traefik/traefik.yml
@@ -3,7 +3,7 @@ services:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
-    image: traefik:v3.6.6
+    image: traefik:v3.6.10
    container_name: traefik
    ports:
      - "80:80"
@@ -16,7 +16,11 @@ services:
      TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
      TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP}
      TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
-      INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN}
+    deploy:
+      resources:
+        limits:
+          cpus: "0.3"
+          memory: 150M
    volumes:
      - "/var/log/traefik/:/var/log/traefik/"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
@@ -29,68 +33,77 @@ services:
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.service=api@internal"
-      - "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_DOMAIN}`)"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_VPS_DOMAIN}`)"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.tls=true"

-  # traefik-agent:
-  #   extends:
-  #     file: ${TEMPLATES_PATH}
-  #     service: default
-  #   image: hhftechnology/traefik-log-dashboard-agent:2.4.0
-  #   container_name: traefik-log-dashboard-agent
-  #   networks:
-  #     - ip4net
-  #   ports:
-  #     - "8078:5000"
-  #   volumes:
-  #     - "/var/log/crowdsec/:/logs:ro"
-  #     - "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
-  #   environment:
-  #     TRAEFIK_LOG_DASHBOARD_ACCESS_PATH: /logs/traefik.log
-  #     TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
-  #     TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true
-  #     TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json
-  #   healthcheck:
-  #     test:
-  #       [
-  #         "CMD",
-  #         "wget",
-  #         "--no-verbose",
-  #         "--tries=1",
-  #         "--spider",
-  #         "http://localhost:5000/api/logs/status",
-  #       ]
-  #     interval: 2m
-  #     timeout: 10s
-  #     retries: 3
-  #     start_period: 30s
-  #
-  # traefik-dashboard:
-  #   extends:
-  #     file: ${TEMPLATES_PATH}
-  #     service: default
-  #   image: hhftechnology/traefik-log-dashboard:2.4.0
-  #   container_name: traefik-log-dashboard
-  #   networks:
-  #     - ip4net
-  #   ports:
-  #     - "8077:3000"
-  #   volumes:
-  #     - ./data/dashboard:/app/data
-  #     - "${SERVICE_PATH}/traefik/log-dashboard/dashboard:/app/data"
-  #     - "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
-  #   environment:
-  #     AGENT_API_URL: http://192.168.178.35:8078
-  #     AGENT_API_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
-  #     # Display Configuration
-  #     NEXT_PUBLIC_SHOW_DEMO_PAGE: false
-  #   depends_on:
-  #     traefik-agent:
-  #       condition: service_healthy
-  #   labels:
-  #     # traefik
-  #     - "traefik.enable=true"
-  #     - "traefik.http.routers.traefik-log-dashboard.rule=Host(`traefik-dashboard.${LOCAL_DOMAIN}`)"
-  #     - "traefik.http.routers.traefik-log-dashboard.entrypoints=https"
-  #     - "traefik.http.routers.traefik-log-dashboard.tls=true"
+  traefik-agent:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: hhftechnology/traefik-log-dashboard-agent:2.5.0
+    container_name: traefik-log-dashboard-agent
+    networks:
+      - ip4net
+    ports:
+      - "8078:5000"
+    volumes:
+      - "/var/log/traefik/:/logs:ro"
+      - "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
+    environment:
+      TRAEFIK_LOG_DASHBOARD_ACCESS_PATH: /logs/access.log
+      TRAEFIK_LOG_DASHBOARD_AUTH_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
+      TRAEFIK_LOG_DASHBOARD_SYSTEM_MONITORING: true
+      TRAEFIK_LOG_DASHBOARD_LOG_FORMAT: json
+    deploy:
+      resources:
+        limits:
+          cpus: "0.10"
+          memory: 50M
+    healthcheck:
+      test:
+        [
+          "CMD",
+          "wget",
+          "--no-verbose",
+          "--tries=1",
+          "--spider",
+          "http://localhost:5000/api/logs/status",
+        ]
+      interval: 2m
+      timeout: 10s
+      retries: 3
+      start_period: 30s
+
+  traefik-dashboard:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    image: hhftechnology/traefik-log-dashboard:2.5.0
+    container_name: traefik-log-dashboard
+    networks:
+      - ip4net
+    ports:
+      - "8077:3000"
+    volumes:
+      - "${SERVICE_PATH}/traefik/log-dashboard/dashboard:/app/data"
+      - "${SERVICE_PATH}/traefik/log-dashboard/positions:/data"
+    environment:
+      AGENT_API_URL: http://traefik-agent:5000
+      AGENT_API_TOKEN: ${TRAEFIK_DASHBOARD_TOKEN}
+      # Display Configuration
+      NEXT_PUBLIC_SHOW_DEMO_PAGE: false
+    depends_on:
+      traefik-agent:
+        condition: service_healthy
+    deploy:
+      resources:
+        limits:
+          cpus: "0.1"
+          memory: 50M
+    labels:
+      # traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik-log-dashboard.rule=Host(`traefik-dashboard.${LOCAL_VPS_DOMAIN}`)"
+      - "traefik.http.routers.traefik-log-dashboard.entrypoints=https"
+      - "traefik.http.routers.traefik-log-dashboard.tls=true"
Author	SHA1	Message	Date
renovate_bot	ddf912a4e9	Merge pull request 'Update traefik Docker tag to v3.6.10' (#11 ) from renovate/traefik-3.x into main	2026-03-07 01:03:47 +01:00
Renovate Bot	15f47d5554	Update traefik Docker tag to v3.6.10	2026-03-07 00:03:44 +00:00
renovate_bot	6992333c6f	Merge pull request 'Update traefik Docker tag to v3.6.9' (#10 ) from renovate/traefik-3.x into main	2026-02-24 01:03:20 +01:00
Renovate Bot	2af1f4c5d9	Update traefik Docker tag to v3.6.9	2026-02-24 00:03:18 +00:00
renovate_bot	e74476439d	Merge pull request 'Update traefik Docker tag to v3.6.8' (#9 ) from renovate/traefik-3.x into main	2026-02-12 01:03:03 +01:00
Renovate Bot	c51f5a6d0d	Update traefik Docker tag to v3.6.8	2026-02-12 00:02:59 +00:00
renovate_bot	3f22dc885c	Merge pull request 'Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.5.0' (#8 ) from renovate/hhftechnology-traefik-log-dashboard-agent-2.x into main	2026-02-08 01:02:53 +01:00
renovate_bot	456416b04d	Merge pull request 'Update hhftechnology/traefik-log-dashboard Docker tag to v2.5.0' (#7 ) from renovate/hhftechnology-traefik-log-dashboard-2.x into main	2026-02-08 01:02:50 +01:00
Renovate Bot	9a01d992ad	Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.5.0	2026-02-08 00:02:50 +00:00
Renovate Bot	154165ab18	Update hhftechnology/traefik-log-dashboard Docker tag to v2.5.0	2026-02-08 00:02:49 +00:00
chris	445b638f55	resource and fixes	2026-01-25 22:19:02 +00:00
renovate_bot	afe037ffad	Merge pull request 'Update crowdsecurity/crowdsec Docker tag to v1.7.6' (#6 ) from renovate/crowdsecurity-crowdsec-1.x into main	2026-01-24 01:02:35 +01:00
Renovate Bot	54bcc89c7f	Update crowdsecurity/crowdsec Docker tag to v1.7.6	2026-01-24 00:02:32 +00:00
chris	d0e3149200	clean up traefik and crowdsec improvements	2026-01-23 17:10:12 +00:00
chriswin	c5a3763239	Merge pull request 'Update traefik Docker tag to v3.6.7' (#5 ) from renovate/traefik-3.x into main Reviewed-on: #5	2026-01-21 18:17:05 +01:00
renovate_bot	6287e7b6cd	Merge pull request 'Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.4.1' (#4 ) from renovate/hhftechnology-traefik-log-dashboard-agent-2.x into main	2026-01-21 18:16:39 +01:00
renovate_bot	f8857d8097	Merge pull request 'Update hhftechnology/traefik-log-dashboard Docker tag to v2.4.1' (#3 ) from renovate/hhftechnology-traefik-log-dashboard-2.x into main	2026-01-21 18:16:39 +01:00
Renovate Bot	74a1e0b0f7	Update traefik Docker tag to v3.6.7	2026-01-21 17:16:38 +00:00
Renovate Bot	9afb7ff397	Update hhftechnology/traefik-log-dashboard-agent Docker tag to v2.4.1	2026-01-21 17:16:37 +00:00
Renovate Bot	adc4358152	Update hhftechnology/traefik-log-dashboard Docker tag to v2.4.1	2026-01-21 17:16:35 +00:00
chriswin	139fe18e76	Update renovate.json	2026-01-21 18:14:26 +01:00
chriswin	152ad30a5a	Update renovate.json	2026-01-21 18:13:15 +01:00
chriswin	632a19e9cc	Merge pull request 'Configure Renovate' (#1 ) from renovate/configure into main Reviewed-on: #1	2026-01-21 17:45:02 +01:00
chriswin	ad916b67bb	Update renovate.json	2026-01-21 17:44:52 +01:00
Renovate Bot	5c3cc4ae60	Add renovate.json	2026-01-21 16:40:12 +00:00
chris	31cad6e3cb	add crowdsec console enrollment	2026-01-21 16:29:22 +00:00
chris	039354993e	cleanup gitignore, improve crowdsec	2026-01-21 16:25:39 +00:00
chris	f0521563b5	traefik dashboard	2026-01-19 21:53:16 +00:00
chris	286ccd6cc8	certificates	2026-01-19 18:50:07 +00:00
chris	97fcc660fb	config traefik	2026-01-19 18:04:58 +00:00
chris	dddd076150	:wqMerge branch 'main' of https://gitea.crescentec.ch/chriswin/vps-server	2026-01-18 14:35:54 +00:00
chris	ccb3bb91c0	fix config	2026-01-18 14:26:38 +00:00
chris	3863c9f8ef	updated traefik config	2026-01-18 13:59:32 +00:00