cryptgeon/examples/traefik/README.md

# Install Cryptgeon with Traefik

Assumptions:

- Traefik 2/3 installed.
- External proxy docker network `proxy`.
- A certificate resolver `le`.
- A https entrypoint `secure`.
- Domain name `example.org`.

```yaml
version: '3.8'

networks:
  proxy:
    external: true

services:
  redis:
    image: redis:7-alpine
    restart: unless-stopped

  app:
    image: cupcakearmy/cryptgeon:latest
    restart: unless-stopped
    depends_on:
      - redis
    networks:
      - default
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.cryptgeon.rule=Host(`example.org`)
      - traefik.http.routers.cryptgeon.entrypoints=secure
      - traefik.http.routers.cryptgeon.tls.certresolver=le
```

## With basic auth

Some times it's useful to hide the service behind auth. This is easily achieved with traefik middleware. Many reverse proxies support similar features, so while traefik is used in this example, other reverse proxies can do the same.

```yaml
services:
  traefik:
    image: traefik:v3.0
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  redis:
    image: redis:7-alpine

  cryptgeon:
    image: cupcakearmy/cryptgeon
    depends_on:
      - redis
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.cryptgeon.rule=Host(`cryptgeon.localhost`)"
      - "traefik.http.routers.cryptgeon.entrypoints=web"
      - "traefik.http.routers.cryptgeon.middlewares=cryptgeon-auth"
      - "traefik.http.middlewares.cryptgeon-auth.basicauth.users=user:$$2y$$05$$juUw0zgc5ebvJ00MFPVVLujF6P.rcEMbGZ99Jfq6ZWEa1dgetacEq"
```

```bash
docker compose up -d
```

1. Open http://cryptgeon.localhost
2. Log in with `user` and `secret`