Configure Traefik for public-facing access with frostlabs.me domains

- Fixed certificatesResolvers configuration in static.yml (moved out of tls section) - Added DNS resolvers to Cloudflare ACME challenge configuration - Added persistent volume mount for Let's Encrypt certificates - Updated Outline service labels to use flow.frostlabs.me with proper cert resolver - Updated Authentik service labels to use auth.frostlabs.me with proper cert resolver - Added security headers and rate limiting middlewares to dynamic.yml - Added example templates for public-facing service configuration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-10 11:27:47 +00:00
parent ad08678553
commit 3871e30abd
5 changed files with 56 additions and 17 deletions
--- a/stacks/apps/outline/stack.yml
+++ b/stacks/apps/outline/stack.yml
@@ -40,9 +40,11 @@ services:
      labels:
      - "traefik.enable=true"
      - "traefik.swarm.network=homelab"
-      - "traefik.http.routers.outline.rule=Host(`flow.swarm.home`)"
+      # Public-facing domain with Let's Encrypt certificate
+      - "traefik.http.routers.outline.rule=Host(`flow.frostlabs.me`)"
      - "traefik.http.routers.outline.entrypoints=websecure"
      - "traefik.http.routers.outline.tls=true"
+      - "traefik.http.routers.outline.tls.certresolver=cloudflare"
      - "traefik.http.services.outline.loadbalancer.server.port=3000"
    depends_on:
    - redis
--- a/stacks/core/authentik/stack.yml
+++ b/stacks/core/authentik/stack.yml
@@ -61,9 +61,11 @@ services:
      labels:
      - "traefik.enable=true"
      - "traefik.swarm.network=homelab"
+      # Public-facing domain with Let's Encrypt certificate
      - "traefik.http.routers.authentik.rule=Host(`auth.frostlabs.me`)"
      - "traefik.http.routers.authentik.entrypoints=websecure"
-      - "traefik.http.routers.authentik.tls=certificatesResolvers=cloudflare"
+      - "traefik.http.routers.authentik.tls=true"
+      - "traefik.http.routers.authentik.tls.certresolver=cloudflare"
      - "traefik.http.services.authentik.loadbalancer.server.port=9000"

    depends_on:
--- a/stacks/core/traefik/stack.yml
+++ b/stacks/core/traefik/stack.yml
@@ -10,9 +10,9 @@ services:
    - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_api_token
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
-    #
    - /home/doc/projects/swarm/conf/traefik-conf/static.yml:/etc/traefik/traefik.yml:ro
    - /home/doc/projects/swarm/conf/traefik-conf/dynamic.yml:/etc/traefik/dynamic/dynamic.yml:rw
+    - /home/doc/projects/swarm-data/appdata/traefik/certificates:/certificates
    secrets:
    - cloudflare_api_token
    networks: