From bda8ac05469c1db58ba46f88c316a14736ac0f7d Mon Sep 17 00:00:00 2001 From: Olivier Date: Sun, 17 May 2026 10:23:23 +0200 Subject: [PATCH] docs: add Traefik reverse proxy examples (labels and file provider) to all READMEs Co-Authored-By: Claude Sonnet 4.6 --- README.es.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++- README.fr.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++- README.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 153 insertions(+), 3 deletions(-) diff --git a/README.es.md b/README.es.md index 38ca7f5..25860b9 100644 --- a/README.es.md +++ b/README.es.md @@ -147,7 +147,9 @@ docker compose start backend ### HTTPS -Esta aplicación no termina TLS. Para uso en producción, colócala detrás de un reverse proxy que gestione HTTPS: +Esta aplicación no termina TLS. Para uso en producción, colócala detrás de un reverse proxy que gestione HTTPS. + +#### Nginx ```nginx server { @@ -167,6 +169,54 @@ server { } ``` +#### Traefik — Labels Docker + +Añadir estas etiquetas al servicio `frontend` y conectarlo a la red compartida con Traefik: + +```yaml +# docker-compose.override.yml +services: + frontend: + labels: + - "traefik.enable=true" + - "traefik.http.routers.inventory.rule=Host(`inventory.example.com`)" + - "traefik.http.routers.inventory.entrypoints=websecure" + - "traefik.http.routers.inventory.tls.certresolver=letsencrypt" + - "traefik.http.services.inventory.loadbalancer.server.port=8080" + networks: + - internal + - traefik_public # red compartida con tu instancia de Traefik + +networks: + traefik_public: + external: true +``` + +#### Traefik — Configuración dinámica (file provider) + +Si Traefik no corre en Docker (o prefieres el file provider), deposita un archivo en tu directorio de configuración dinámica: + +```yaml +# /etc/traefik/dynamic/inventory.yml +http: + routers: + inventory: + rule: "Host(`inventory.example.com`)" + entryPoints: + - websecure + tls: + certResolver: letsencrypt + service: inventory-svc + + services: + inventory-svc: + loadBalancer: + servers: + - url: "http://127.0.0.1:8080" +``` + +Traefik detecta el archivo automáticamente — no se requiere reinicio. + Para uso solo local, enlazar a loopback para evitar exposición accidental en la LAN: ```yaml diff --git a/README.fr.md b/README.fr.md index 6b27d2d..972e7a2 100644 --- a/README.fr.md +++ b/README.fr.md @@ -147,7 +147,9 @@ docker compose start backend ### HTTPS -Cette application ne termine pas TLS. Pour un usage en production, placez-la derrière un reverse proxy gérant HTTPS : +Cette application ne termine pas TLS. Pour un usage en production, placez-la derrière un reverse proxy gérant HTTPS. + +#### Nginx ```nginx server { @@ -167,6 +169,54 @@ server { } ``` +#### Traefik — Labels Docker + +Ajouter ces labels au service `frontend` et le connecter au réseau partagé avec Traefik : + +```yaml +# docker-compose.override.yml +services: + frontend: + labels: + - "traefik.enable=true" + - "traefik.http.routers.inventory.rule=Host(`inventory.example.com`)" + - "traefik.http.routers.inventory.entrypoints=websecure" + - "traefik.http.routers.inventory.tls.certresolver=letsencrypt" + - "traefik.http.services.inventory.loadbalancer.server.port=8080" + networks: + - internal + - traefik_public # réseau partagé avec votre instance Traefik + +networks: + traefik_public: + external: true +``` + +#### Traefik — Configuration dynamique (file provider) + +Si Traefik ne tourne pas dans Docker (ou si vous préférez le file provider), déposez un fichier dans votre répertoire de configuration dynamique : + +```yaml +# /etc/traefik/dynamic/inventory.yml +http: + routers: + inventory: + rule: "Host(`inventory.example.com`)" + entryPoints: + - websecure + tls: + certResolver: letsencrypt + service: inventory-svc + + services: + inventory-svc: + loadBalancer: + servers: + - url: "http://127.0.0.1:8080" +``` + +Traefik prend en compte le fichier automatiquement — aucun redémarrage requis. + Pour un usage local uniquement, lier à la boucle locale pour éviter une exposition LAN accidentelle : ```yaml diff --git a/README.md b/README.md index 71b4f64..182f9c9 100644 --- a/README.md +++ b/README.md @@ -147,7 +147,9 @@ docker compose start backend ### HTTPS -This application does not terminate TLS. For production use, place it behind a reverse proxy that handles HTTPS: +This application does not terminate TLS. For production use, place it behind a reverse proxy that handles HTTPS. + +#### Nginx ```nginx server { @@ -167,6 +169,54 @@ server { } ``` +#### Traefik — Docker labels + +Add these labels to the `frontend` service and connect it to the network shared with Traefik: + +```yaml +# docker-compose.override.yml +services: + frontend: + labels: + - "traefik.enable=true" + - "traefik.http.routers.inventory.rule=Host(`inventory.example.com`)" + - "traefik.http.routers.inventory.entrypoints=websecure" + - "traefik.http.routers.inventory.tls.certresolver=letsencrypt" + - "traefik.http.services.inventory.loadbalancer.server.port=8080" + networks: + - internal + - traefik_public # network shared with your Traefik instance + +networks: + traefik_public: + external: true +``` + +#### Traefik — Dynamic configuration (file provider) + +If Traefik is not running in Docker (or you prefer the file provider), drop a file in your dynamic config directory: + +```yaml +# /etc/traefik/dynamic/inventory.yml +http: + routers: + inventory: + rule: "Host(`inventory.example.com`)" + entryPoints: + - websecure + tls: + certResolver: letsencrypt + service: inventory-svc + + services: + inventory-svc: + loadBalancer: + servers: + - url: "http://127.0.0.1:8080" +``` + +Traefik picks up the file automatically — no restart required. + For local-only use, bind to loopback to prevent accidental LAN exposure: ```yaml