From bd48a6de4bc60bf77a94b39893e96b51f47916d9 Mon Sep 17 00:00:00 2001
From: Florian Zirker <florian.zirker@kapsweyer.de>
Date: Sun, 17 Jan 2021 14:31:22 +0100
Subject: [PATCH 1/3] traefik 2.4 was only RC

---
 proxy/docker-compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml
index ed595d0..263e8f6 100644
--- a/proxy/docker-compose.yaml
+++ b/proxy/docker-compose.yaml
@@ -3,7 +3,7 @@ version: "3.3"
 services:
 
   traefik:
-    image: traefik:v2.4
+    image: traefik:v2.3
     restart: unless-stopped
     command:
       - "--api.insecure=false"

From 3ca68ec3dce2c27d0c154fca1fa5c1ada4890acc Mon Sep 17 00:00:00 2001
From: Florian Zirker <florian.zirker@kapsweyer.de>
Date: Sun, 17 Jan 2021 14:32:09 +0100
Subject: [PATCH 2/3] Add Traefik Board with HttpBasicAuth

---
 proxy/docker-compose.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/proxy/docker-compose.yaml b/proxy/docker-compose.yaml
index 263e8f6..406c531 100644
--- a/proxy/docker-compose.yaml
+++ b/proxy/docker-compose.yaml
@@ -7,6 +7,7 @@ services:
     restart: unless-stopped
     command:
       - "--api.insecure=false"
+      - "--api.dashboard=true"
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
       #- "--log.level=DEBUG"
@@ -29,6 +30,15 @@ services:
       - ${VOLUMES_PATH}/letsencrypt:/letsencrypt
       - $PWD/tls.toml:/etc/traefik/tls.toml
     labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.dashboard.rule=Host(`traefik.${DOMAIN}`)"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.tls.certresolver=myresolver"
+      - "traefik.http.routers.gitea.tls.options=intermediate@file"
+      - "traefik.http.routers.dashboard.middlewares=auth"
+      - "traefik.http.middlewares.auth.basicauth.users=${HTPASSWD}"
+      - "traefik.docker.network=web"
       - "docker.group=web"
 
 

From 8c446c9e1599ffa9b1e242b70e8e6e78165da8b4 Mon Sep 17 00:00:00 2001
From: Florian Zirker <florian.zirker@kapsweyer.de>
Date: Sun, 17 Jan 2021 14:33:07 +0100
Subject: [PATCH 3/3] Enable rewrite for webfinger to shut up nextcloud check

---
 nextcloud/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud/nginx.conf b/nextcloud/nginx.conf
index 4d3cca2..b28955c 100644
--- a/nextcloud/nginx.conf
+++ b/nextcloud/nginx.conf
@@ -70,7 +70,7 @@ http {
 
         # The following rule is only needed for the Social app.
         # Uncomment it if you're planning to use this app.
-        #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
+        rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
 
         location = /.well-known/carddav {
             return 301 https://$host:443/remote.php/dav;