From 28aa6e28fef0454e195a0c0cf3f47abf99804463 Mon Sep 17 00:00:00 2001
From: James Thompson <1jamesthompson1@gmail.com>
Date: Mon, 23 Mar 2026 05:59:53 +0000
Subject: [PATCH] Wokring traefik

With whoami and gitea working (although I haven't rebuilt yet)
---
 .env.example               |  2 --
 Makefile                   | 22 ++++++++++++++++++----
 traefik/.env.example       |  2 +-
 traefik/README.md          |  4 +---
 traefik/docker-compose.yml |  6 +++++-
 whoami/docker-compose.yml  |  1 +
 6 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/.env.example b/.env.example
index 6684dd2..a128ce8 100755
--- a/.env.example
+++ b/.env.example
@@ -4,7 +4,6 @@
 
 # Storage
 STORAGE_PATH=/mnt/storage/docker-data
-MEDIA_PATH=/mnt/storage
 
 # User
 USER_UID=1000
@@ -12,7 +11,6 @@ USER_GID=1000
 
 # Domain
 DOMAIN=sjhl.nz
-DOMAIN_WWW=__CHANGEME__
 
 # Timezone
 TZ=Pacific/Auckland
diff --git a/Makefile b/Makefile
index 8767db8..06cdf3f 100755
--- a/Makefile
+++ b/Makefile
@@ -1,14 +1,28 @@
 SERVICES=traefik whoami gitea nextcloud devbox
 
-.PHONY: up down restart backup init-env env-sync docs generate-docs serve-docs logs status
+.PHONY: up down restart backup init-env env-sync docs generate-docs serve-docs logs status up-% down-%
 
 up:
-	@for svc in $(SERVICES); do \
+	for svc in $(SERVICES); do \
 		if [ -f "$$svc/docker-compose.yml" ]; then \
 			echo "Starting $$svc..."; \
-			(cd $$svc && docker compose up -d); \
+			(cd $$svc && docker compose --env-file ../.env `if [ -f .env ]; then echo --env-file .env; fi` up -d); \
 		fi; \
-	done
+	done; \
+
+up-%:
+	@svc=$*; \
+	if [ -f "$$svc/docker-compose.yml" ]; then \
+		echo "Starting $$svc..."; \
+		(cd $$svc && docker compose --env-file ../.env `if [ -f .env ]; then echo --env-file .env; fi` up -d); \
+	fi
+
+down-%:
+	@svc=$*; \
+	if [ -f "$$svc/docker-compose.yml" ]; then \
+		echo "Stopping $$svc..."; \
+		(cd $$svc && docker compose down); \
+	fi
 
 down:
 	@for svc in $(SERVICES); do \
diff --git a/traefik/.env.example b/traefik/.env.example
index ba9e547..7977106 100755
--- a/traefik/.env.example
+++ b/traefik/.env.example
@@ -1,6 +1,6 @@
 # traefik/.env
 # Copy to .env and fill in real values. NEVER commit .env.
 
-TRAEFIK_DASHBOARD_PORT=8082
+TRAEFIK_DASHBOARD_PORT=8080
 ACME_EMAIL=letsencrypt@example.com
 DASHBOARD_BASIC_AUTH=admin:$$apr1$$changeme$$REPLACE_WITH_HTPASSWD_HASH
diff --git a/traefik/README.md b/traefik/README.md
index 0a591ec..32a16ed 100644
--- a/traefik/README.md
+++ b/traefik/README.md
@@ -1,3 +1 @@
-THis is the project
-
-More information hear.
\ No newline at end of file
+This is the core proxy that protects my server. It handles SSL termination, routing, and the dashboard for monitoring. I use Traefik's Docker provider to automatically discover services and route traffic based on labels in their `docker-compose.yml` files.
\ No newline at end of file
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
index 006b9d0..f1cef20 100755
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@@ -6,11 +6,12 @@ services:
     ports:
       - "80:80"
       - "443:443"
-      - "${TRAEFIK_DASHBOARD_PORT:-8082}:8080"
+      - "${TRAEFIK_DASHBOARD_PORT}:8080"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ${STORAGE_PATH}/traefik/certs:/certs:rw
       - ${STORAGE_PATH}/traefik/dynamic:/dynamic:ro
+      - ${STORAGE_PATH}/traefik/letsencrypt:/letsencrypt
     networks:
       - web
     security_opt:
@@ -23,6 +24,7 @@ services:
       - "traefik.http.routers.dashboard.rule=Host(`dashboard.${DOMAIN}`)"
       - "traefik.http.routers.dashboard.service=api@internal"
       - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
     command:
       - "--entrypoints.web.address=:80"
       - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
@@ -31,6 +33,8 @@ services:
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
       - "--providers.docker.network=web"
+      - "--api.dashboard=true"
+      - "--api.insecure=false"
       - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
       - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
       - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
diff --git a/whoami/docker-compose.yml b/whoami/docker-compose.yml
index a33e08e..3c81f9e 100755
--- a/whoami/docker-compose.yml
+++ b/whoami/docker-compose.yml
@@ -10,6 +10,7 @@ services:
       - "traefik.http.routers.whoami.entrypoints=websecure"
       - "traefik.http.routers.whoami.rule=Host(`whoami.${DOMAIN}`)"
       - "traefik.http.routers.whoami.tls=true"
+      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
 
 networks:
   web: