Enforce mTLS on private-admin Traefik routes

2026-04-13 12:05:43 +10:00
parent 0ddbb7d7ad
commit 24047b0eaa
15 changed files with 200 additions and 0 deletions
@@ -24,6 +24,7 @@ services:
    volumes:
      - ${PROJECT_ROOT}/core/traefik/data/letsencrypt:/letsencrypt
      - ${PROJECT_ROOT}/core/traefik/data/logs:/logs
+      - ${PROJECT_ROOT}/core/traefik/certs:/etc/traefik/certs:ro
      - ${PROJECT_ROOT}/core/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
      - ${PROJECT_ROOT}/core/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
      - ${PROJECT_ROOT}/core/traefik/data/plugins:/plugins-storage
@@ -37,6 +38,7 @@ services:
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
+      - "traefik.http.routers.traefik.tls.options=mtls-private-admin@file"
      - "traefik.http.routers.traefik.middlewares=authelia"
      - "io.portainer.accesscontrol.public"
      - "traefik.docker.network=core_traefik"