run traefik as non-root user, closes #1992

{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile

@@ -3,3 +3,10 @@ RUN mkdir -p /etc/traefik/acme
 RUN touch /etc/traefik/acme/acme.json
 RUN chmod 600 /etc/traefik/acme/acme.json
 COPY ./compose/production/traefik/traefik.toml /etc/traefik
+
+RUN addgroup -g 101 -S traefik
+RUN adduser -S -D -H -u 101 -s /sbin/nologin -G traefik -g traefik traefik
+RUN chown -R traefik /etc/traefik
+
+USER traefik
+EXPOSE 8080/tcp 8443/tcp

{{cookiecutter.project_slug}}/compose/production/traefik/traefik.toml

@@ -5,12 +5,12 @@ defaultEntryPoints = ["http", "https"]
 [entryPoints]
   # http should be redirected to https
   [entryPoints.http]
-  address = ":80"
+  address = ":8080"
     [entryPoints.http.redirect]
     entryPoint = "https"
   # https is the default
   [entryPoints.https]
-  address = ":443"
+  address = ":8443"
     [entryPoints.https.tls]
 
 # Enable ACME (Let's Encrypt): automatic SSL

{{cookiecutter.project_slug}}/production.yml

@@ -40,8 +40,8 @@ services:
     volumes:
       - production_traefik:/etc/traefik/acme
     ports:
-      - "0.0.0.0:80:80"
+      - "0.0.0.0:80:8080"
-      - "0.0.0.0:443:443"
+      - "0.0.0.0:443:8443"
 
   redis:
     image: redis:5.0