diff --git a/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile b/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile index aa879052b..e07f4b2d8 100644 --- a/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile +++ b/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile @@ -1,5 +1,21 @@ -FROM traefik:v2.2.11 -RUN mkdir -p /etc/traefik/acme \ - && touch /etc/traefik/acme/acme.json \ - && chmod 600 /etc/traefik/acme/acme.json -COPY ./compose/production/traefik/traefik.yml /etc/traefik +FROM traefik:2.3 + +WORKDIR /etc/traefik/ + +RUN addgroup --system traefik \ + && adduser \ + --disabled-password \ + --gecos '' \ + --no-create-home \ + --ingroup traefik \ + traefik \ + && mkdir acme/ \ + && touch acme/acme.json \ + && chmod 0600 acme/acme.json \ + && chown -R traefik:traefik . + +EXPOSE 8080/tcp 8443/tcp + +VOLUME /etc/traefik/acme/ + +USER traefik diff --git a/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml b/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml index a1e4f6be3..07552bb94 100644 --- a/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml +++ b/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml @@ -5,7 +5,7 @@ log: entryPoints: web: # http - address: ":80" + address: ":8080" http: # https://docs.traefik.io/routing/entrypoints/#entrypoint redirections: @@ -14,7 +14,7 @@ entryPoints: web-secure: # https - address: ":443" + address: ":8443" {%- if cookiecutter.use_celery == 'y' %} flower: diff --git a/{{cookiecutter.project_slug}}/production.yml b/{{cookiecutter.project_slug}}/production.yml index 93b61b134..b981e5ee8 100644 --- a/{{cookiecutter.project_slug}}/production.yml +++ b/{{cookiecutter.project_slug}}/production.yml @@ -39,6 +39,7 @@ services: - django volumes: - production_traefik:/etc/traefik/acme:z + - ./compose/production/traefik/traefik.yml:/etc/traefik/traefik.yml:ro ports: - "0.0.0.0:80:80" - "0.0.0.0:443:443"