From 060a006d6b1d47b69c724e59aea2ee2474b35d61 Mon Sep 17 00:00:00 2001
From: Schneider Roland <roland.schneider@extern.a1.at>
Date: Sat, 5 Oct 2024 22:05:12 +0200
Subject: [PATCH] vaultwarden,traefik: setup ssl

---
 traefik/docker-compose/traefik/docker-compose.yaml          | 4 +++-
 traefik/docker-compose/traefik/services/traefik/config.yaml | 3 +++
 vaultwarden/docker-compose/vaultwarden/docker-compose.yaml  | 2 ++
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 traefik/docker-compose/traefik/services/traefik/config.yaml

diff --git a/traefik/docker-compose/traefik/docker-compose.yaml b/traefik/docker-compose/traefik/docker-compose.yaml
index f4003fe..7d503ac 100644
--- a/traefik/docker-compose/traefik/docker-compose.yaml
+++ b/traefik/docker-compose/traefik/docker-compose.yaml
@@ -3,15 +3,17 @@ services:
     # The official v3 Traefik docker image
     image: traefik:v3.1
     # Enables the web UI and tells Traefik to listen to docker
-    command: --api.insecure=true --providers.docker
+    command: --api.insecure=true --providers.docker --configFile=/traefik/config.yml
     ports:
       # The HTTP port
       - "80:80"
       # The Web UI (enabled by --api.insecure=true)
       - "4113:8080"
+      - "433:433"
     volumes:
       # So that Traefik can listen to the Docker events
       - /var/run/docker.sock:/var/run/docker.sock
+      - ./services/traefik/config.yaml:/traefik/config.yaml
     networks:
       - traefik
 networks:
diff --git a/traefik/docker-compose/traefik/services/traefik/config.yaml b/traefik/docker-compose/traefik/services/traefik/config.yaml
new file mode 100644
index 0000000..97bf511
--- /dev/null
+++ b/traefik/docker-compose/traefik/services/traefik/config.yaml
@@ -0,0 +1,3 @@
+tls:
+  stores:
+    default:
diff --git a/vaultwarden/docker-compose/vaultwarden/docker-compose.yaml b/vaultwarden/docker-compose/vaultwarden/docker-compose.yaml
index 6b6164d..8f5ac7f 100644
--- a/vaultwarden/docker-compose/vaultwarden/docker-compose.yaml
+++ b/vaultwarden/docker-compose/vaultwarden/docker-compose.yaml
@@ -3,6 +3,8 @@ services:
     labels:
       - traefik.http.routers.vaultwarden.rule=Host(`vaultwarden.rschneider.net`)
       - traefik.http.services.vaultwarden.loadbalancer.server.port=80
+      - traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https
+      - traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true
     image: vaultwarden/server:latest
     container_name: vaultwarden
     restart: always