From 893e3528884a80b85a3c94a195de639ea89f7fb5 Mon Sep 17 00:00:00 2001
From: Nicole Rappe <nicole.rappe@bunny-lab.io>
Date: Thu, 11 Jul 2024 05:28:26 -0600
Subject: [PATCH] Update Docker & Kubernetes/Docker/Docker Compose/Traefik.md

---
 .../Docker/Docker Compose/Traefik.md          | 80 ++++++-------------
 1 file changed, 26 insertions(+), 54 deletions(-)

diff --git a/Docker & Kubernetes/Docker/Docker Compose/Traefik.md b/Docker & Kubernetes/Docker/Docker Compose/Traefik.md
index 17abbfe..a2dc723 100644
--- a/Docker & Kubernetes/Docker/Docker Compose/Traefik.md	
+++ b/Docker & Kubernetes/Docker/Docker Compose/Traefik.md	
@@ -6,7 +6,7 @@ services:
   traefik:
     image: "traefik:latest"
     restart: always
-    container_name: "traefik"
+    container_name: "traefik-bunny-lab-io"
     ulimits:
       nofile:
         soft: 65536
@@ -24,31 +24,29 @@ services:
       - "--api.insecure=true"
       - "--global.sendAnonymousUsage=false"
       # Docker
-#     - "--providers.docker=true"
-#     - "--providers.docker.exposedbydefault=false"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
       # File Provider
       - "--providers.file.directory=/etc/traefik/dynamic"
       - "--providers.file.watch=true"
+
       # Entrypoints
       - "--entrypoints.web.address=:80"
       - "--entrypoints.websecure.address=:443"
-      - "--entrypoints.web.http.redirections.entrypoint.to=websecure" #Redirect HTTP to HTTPS
-      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" #Redirect HTTP to HTTPS
-      - "--entrypoints.web.http.redirections.entrypoint.permanent=true" #Redirect HTTP to HTTPS
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure" # Redirect HTTP to HTTPS
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https" # Redirect HTTP to HTTPS
+      - "--entrypoints.web.http.redirections.entrypoint.permanent=true" # Redirect HTTP to HTTPS
       # LetsEncrypt
-#     - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
-      - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" #TEMPORARY CHANGE
-      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" #TEMPORARY CHANGE
-      - "--certificatesresolvers.letsencrypt.acme.email=cyberstrawberry101@gmail.com"
+###      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
+      - "--certificatesresolvers.letsencrypt.acme.email=nicole.rappe@bunny-lab.io"
       - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
-#    labels:
-#      # API
-#      - "traefik.enable=true"
-#      # Global http --> https
-#      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:[a-z-.]+}`)"
-#      - "traefik.http.routers.http-catchall.entrypoints=web"
-#      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
-#      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+
+      # Keycloak plugin configuration
+      - "--experimental.plugins.keycloakopenid.moduleName=github.com/Gwojda/keycloakopenid"
+      - "--experimental.plugins.keycloakopenid.version=v0.1.34"
+      
     ports:
       - "80:80"
       - "443:443"
@@ -62,50 +60,24 @@ services:
         docker_network:
           ipv4_address: 192.168.5.29
     environment:
-      - CF_API_EMAIL=cyberstrawberry101@gmail.com
-      - CF_API_KEY=REDACTED
+      - CF_API_EMAIL=${CF_API_EMAIL}
+      - CF_API_KEY=${CF_API_KEY}
     extra_hosts:
-      - "flask.cyberstrawberry.local:192.168.3.21"
-      - "searx.cyberstrawberry.local:192.168.3.21"
-      - "heimdall.cyberstrawberry.local:192.168.3.21"
-      - "status.cyberstrawberry.local:192.168.3.21"
-      - "rancher.cyberstrawberry.local:192.168.3.21"
-      - "trilium.blockaderunners.local:192.168.3.21"
-      - "pw.cyberstrawberry.local:192.168.3.22"
-      - "remote.cyberstrawberry.local:192.168.5.43"
-      - "cluster-cloud.cyberstrawberry.local:192.168.3.22"
-      - "searx.blockaderunners.local:192.168.3.22"
-      - "searx.deeptree-labs.local:192.168.3.22"
-      - "cyberstrawberry.local:192.168.3.22"
-      - "storage.cyberstrawberry.local:192.168.3.22"
-      - "cloud.cyberstrawberry.local:192.168.5.146"
-      - "cloud.blockaderunners.local:192.168.5.90"
-      - "docs.blockaderunners.local:192.168.5.212"
-      - "status.blockaderunners.local:192.168.5.13"
-      - "blockaderunners.local:192.168.5.219"
-      - "office.cyberstrawberry.local:192.168.5.143"
-      - "git.deeptree.local:192.168.5.166"
-      - "pw.deeptree.local:192.168.5.170"
-      - "status.deeptree.local:192.168.5.211"
-      - "temp.cyberstrawberry.local:192.168.5.197"
-      - "drop.cyberstrawberry.local:192.168.5.14"
-      - "vault.cyberstrawberry.local:192.168.3.22"
-      - "bitwarden.cyberstrawberry.local:192.168.5.141"
-      - "chat.cyberstrawberry.local:192.168.3.22"
-      - "trilium.cyberstrawberry.local:192.168.3.22"
-      - "node-red.cyberstrawberry.local:192.168.3.21"
-      - "homelab.cyberstrawberry.local:192.168.3.22"
-      - "awx.cyberstrawberry.local:192.168.3.21"
-      - "git.cyberstrawberry.local:192.168.3.21"
-      - "lab.cyberstrawberry.local:192.168.5.44"
+      - "mail.bunny-lab.io:192.168.3.13"
+      - "rmm.bunny-lab.io:192.168.3.22" # Tactical RMM
+      - "api.bunny-lab.io:192.168.3.22" # Tactical RMM
+      - "mesh.bunny-lab.io:192.168.3.22" # Tactical RMM
+
 networks:
   default:
     external:
       name: docker_network
   docker_network:
     external: true
+
 ```
 
 ```jsx title=".env"
-Not Applicable
+CF_API_EMAIL=nicole.rappe@bunny-lab.io
+CF_API_KEY=REDACTED-CLOUDFLARE-DOMAIN-API-KEY
 ```