Update configs for trusted proxies, HTTPS, and log paths

Revised proxy settings to dynamically include trusted IPs and ensured HTTPS redirections. Adjusted log mount path in Docker compose to align with application structure. Removed unused Traefik certificate volume for cleanup.
This commit is contained in:
2025-01-10 12:49:43 +01:00
parent e09224754f
commit 76dfaf5d93
3 changed files with 11 additions and 4 deletions

View File

@@ -30,7 +30,7 @@ services:
volumes:
- './config/prod:/var/www/app/config/packages/prod:ro'
- './var:/var/www/app/var:rw'
- '/var/logs/chill:/var/www/app/logs'
- '/var/logs/chill:/var/www/app/var/logs'
- '{{ doc_storage_dir }}/{{ item['chill_environment'] }}:/var/storage'
links:
- redis

View File

@@ -1,3 +1,7 @@
framework:
trusted_proxies: '172.0.0.0/8'
trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
trusted_proxies: '127.0.0.1,REMOTE_ADDR{% for ip in traefik_trusted_ips|default([]) %},{{ ip }}{% endfor %}'
trusted_headers: ['x-forwarded-for', 'x-forwarded-host', 'x-forwarded-proto', 'x-forwarded-port']
parameters:
router.request_context.scheme: 'https'
asset.request_context.secure: true

View File

@@ -13,7 +13,11 @@ services:
- "--providers.docker=true"
- "--providers.docker.exposedByDefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.web.http.redirections.entrypoint.scheme=https"
- "--entryPoints.websecure.address=:443"
{%+ for ip in traefik_trusted_ips|default([]) +%}
- "--entryPoints.websecure.forwardedHeaders.trustedIPs={{ ip }}"
{%+ endfor +%}
{%+ for c in chills +%}
{%+ if c.expose_port is not false +%}
- "--entryPoints.chill{{ c.chill_environment }}.address=:{{ c.expose_port }}"
@@ -35,7 +39,6 @@ services:
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
- /var/traefik/certs:/var/traefik/certs
networks:
- traefik