Suport full/httponly traefik

.env.local.tuffy.dotenv

@@ -0,0 +1,22 @@
+# user-config/.env.local.tuffy.dotenv
+ACME_EMAIL=acme.admin@shefet.net
+
+HOST_UID=3000
+HOST_GID=3000
+
+INTERNAL_IP=192.168.2.16
+
+# RUNTIPI's root on the docker host
+# TIPI_VERSION="v3.8.0"
+RUNTIPI_ROOT_FOLDER_HOST=/mnt/shefet/data/apps/runtipi
+ROOT_FOLDER_HOST=/mnt/shefet/data/apps/runtipi
+
+# ALT_ROOT_DOMAIN=<alt domain> # optional, alternative public domain
+TRAEFIK_STATIC=httponly
+ROOT_DOMAIN=
+DOMAIN=
+LOCAL_DOMAIN=tipi.tuffy.lan
+
+TZ=America/New_York
+
+# vi: ft=sh

_bin/rtpctl.d

@@ -68,6 +68,7 @@ case "${1}" in
         POSTGRES_PASSWORD=_ TIPI_VERSION=_ LOCAL_DOMAIN=_ DOMAIN=_ runtipi-app-docker-compose "${2:-runtipi}" logs ${3:+"${@:3}"}
         ;;
     start)
+        ROOT_FOLDER_HOST="${RUNTIPI_ROOT}" RUNTIPI_APP_DATA_PATH="${RUNTIPI_ROOT}" \
         runtipi-cli start --env-file user-config/.env.local --no-permissions
         ;;
     update)
@@ -83,7 +84,7 @@ case "${1}" in
     dls)
         dls "${@:2}"
         ;;
-    dcoapp)
+    app)
         runtipi-app-docker-compose "${@:2}"
         ;;
     dockge)
@@ -114,7 +115,7 @@ case "${1}" in
             "" "update"     "update runtipi to a specific version" \
             "" "" "" \
             "docker/docker-compose" "" ""\
-            "" "dcoapp"     "docker compose for runtipi apps" \
+            "" "app"        "docker compose for runtipi apps" \
             "" "dls"        "stylized docker ls" \
             "" "docker"     "docker" \
             "" "dockge"     "docker compose for dockge stacks" \

_traefik/static.httponly.yml

@@ -0,0 +1,32 @@
+  # log:
+  #   level: INFO
+
+  api:
+    dashboard: true
+    insecure: true
+
+  providers:
+    docker:
+      endpoint: "unix:///var/run/docker.sock"
+      watch: true
+      exposedByDefault: false
+    file:
+      directory: /srv/traefik/dynamic
+      watch: true
+
+  entryPoints:
+    web:
+      address: ':88'
+      forwardedHeaders:
+        trustedIPs:
+          - "127.0.0.1/32"
+          - "172.16.0.0/12"
+    websecure:
+      address: ':8443'
+      forwardedHeaders:
+        trustedIPs:
+          - "127.0.0.1/32"
+          - "172.16.0.0/12"
+
+  certificatesResolvers:
+    myresolver:

tipi-compose.yml

@@ -1,3 +1,4 @@
+    password: $2a$10$kUIu7BzRM8UDTUnD9ugjreRFgGUmKtrqXGI9NAjP5x1FYla9k1YI0
 secrets:
 # tipi_jwt_secret:
 #   file: ${RUNTIPI_ROOT_FOLDER_HOST}/user-config/_secrets/tipi_jwt_secret.txt
@@ -28,7 +29,7 @@ services:
       target: /srv/traefik/dynamic/
       read_only: true
     - type: bind
-      source: ./user-config/_traefik/static.yml
+      source: ./user-config/_traefik/static.${TRAEFIK_STATIC:-full}.yml
       target: /srv/traefik/static.yml
       read_only: true
     logging:
@@ -49,7 +50,7 @@ services:
     networks:
     - tipi_main_network
     - tipi_internal_network
-    - ix-dockge
+#   - ix-dockge
 
 networks:
   tipi_internal_network: