docs: add Traefik reverse proxy examples (labels and file provider) to all READMEs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-17 10:23:23 +02:00
parent 53417985ba
commit bda8ac0546
3 changed files with 153 additions and 3 deletions
@@ -147,7 +147,9 @@ docker compose start backend

 ### HTTPS

-Esta aplicación no termina TLS. Para uso en producción, colócala detrás de un reverse proxy que gestione HTTPS:
+Esta aplicación no termina TLS. Para uso en producción, colócala detrás de un reverse proxy que gestione HTTPS.
+
+#### Nginx

 ```nginx
 server {
@@ -167,6 +169,54 @@ server {
 }
 ```

+#### Traefik — Labels Docker
+
+Añadir estas etiquetas al servicio `frontend` y conectarlo a la red compartida con Traefik:
+
+```yaml
+# docker-compose.override.yml
+services:
+  frontend:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.inventory.rule=Host(`inventory.example.com`)"
+      - "traefik.http.routers.inventory.entrypoints=websecure"
+      - "traefik.http.routers.inventory.tls.certresolver=letsencrypt"
+      - "traefik.http.services.inventory.loadbalancer.server.port=8080"
+    networks:
+      - internal
+      - traefik_public  # red compartida con tu instancia de Traefik
+
+networks:
+  traefik_public:
+    external: true
+```
+
+#### Traefik — Configuración dinámica (file provider)
+
+Si Traefik no corre en Docker (o prefieres el file provider), deposita un archivo en tu directorio de configuración dinámica:
+
+```yaml
+# /etc/traefik/dynamic/inventory.yml
+http:
+  routers:
+    inventory:
+      rule: "Host(`inventory.example.com`)"
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+      service: inventory-svc
+
+  services:
+    inventory-svc:
+      loadBalancer:
+        servers:
+          - url: "http://127.0.0.1:8080"
+```
+
+Traefik detecta el archivo automáticamente — no se requiere reinicio.
+
 Para uso solo local, enlazar a loopback para evitar exposición accidental en la LAN:

 ```yaml
@@ -147,7 +147,9 @@ docker compose start backend

 ### HTTPS

-Cette application ne termine pas TLS. Pour un usage en production, placez-la derrière un reverse proxy gérant HTTPS :
+Cette application ne termine pas TLS. Pour un usage en production, placez-la derrière un reverse proxy gérant HTTPS.
+
+#### Nginx

 ```nginx
 server {
@@ -167,6 +169,54 @@ server {
 }
 ```

+#### Traefik — Labels Docker
+
+Ajouter ces labels au service `frontend` et le connecter au réseau partagé avec Traefik :
+
+```yaml
+# docker-compose.override.yml
+services:
+  frontend:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.inventory.rule=Host(`inventory.example.com`)"
+      - "traefik.http.routers.inventory.entrypoints=websecure"
+      - "traefik.http.routers.inventory.tls.certresolver=letsencrypt"
+      - "traefik.http.services.inventory.loadbalancer.server.port=8080"
+    networks:
+      - internal
+      - traefik_public  # réseau partagé avec votre instance Traefik
+
+networks:
+  traefik_public:
+    external: true
+```
+
+#### Traefik — Configuration dynamique (file provider)
+
+Si Traefik ne tourne pas dans Docker (ou si vous préférez le file provider), déposez un fichier dans votre répertoire de configuration dynamique :
+
+```yaml
+# /etc/traefik/dynamic/inventory.yml
+http:
+  routers:
+    inventory:
+      rule: "Host(`inventory.example.com`)"
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+      service: inventory-svc
+
+  services:
+    inventory-svc:
+      loadBalancer:
+        servers:
+          - url: "http://127.0.0.1:8080"
+```
+
+Traefik prend en compte le fichier automatiquement — aucun redémarrage requis.
+
 Pour un usage local uniquement, lier à la boucle locale pour éviter une exposition LAN accidentelle :

 ```yaml
@@ -147,7 +147,9 @@ docker compose start backend

 ### HTTPS

-This application does not terminate TLS. For production use, place it behind a reverse proxy that handles HTTPS:
+This application does not terminate TLS. For production use, place it behind a reverse proxy that handles HTTPS.
+
+#### Nginx

 ```nginx
 server {
@@ -167,6 +169,54 @@ server {
 }
 ```

+#### Traefik — Docker labels
+
+Add these labels to the `frontend` service and connect it to the network shared with Traefik:
+
+```yaml
+# docker-compose.override.yml
+services:
+  frontend:
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.inventory.rule=Host(`inventory.example.com`)"
+      - "traefik.http.routers.inventory.entrypoints=websecure"
+      - "traefik.http.routers.inventory.tls.certresolver=letsencrypt"
+      - "traefik.http.services.inventory.loadbalancer.server.port=8080"
+    networks:
+      - internal
+      - traefik_public  # network shared with your Traefik instance
+
+networks:
+  traefik_public:
+    external: true
+```
+
+#### Traefik — Dynamic configuration (file provider)
+
+If Traefik is not running in Docker (or you prefer the file provider), drop a file in your dynamic config directory:
+
+```yaml
+# /etc/traefik/dynamic/inventory.yml
+http:
+  routers:
+    inventory:
+      rule: "Host(`inventory.example.com`)"
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+      service: inventory-svc
+
+  services:
+    inventory-svc:
+      loadBalancer:
+        servers:
+          - url: "http://127.0.0.1:8080"
+```
+
+Traefik picks up the file automatically — no restart required.
+
 For local-only use, bind to loopback to prevent accidental LAN exposure:

 ```yaml