This project provides a hardened Traefik-based reverse proxy infrastructure, designed for secure local or remote routing with automated SSL certificates via Cloudflare DNS-01.
- Traefik v2.11: Modern reverse proxy with automated TLS.
- Cloudflare DNS-01: Secure ACME challenge for automated SSL certificates (Let's Encrypt), even for local domains.
- Docker Socket Proxy: Security hardening that restricts Traefik's access to the Docker API (read-only, limited scope).
- Secure Dashboard: Traefik dashboard protected by BasicAuth and HTTPS.
- Lefthook Integration: Pre-commit hooks with Gitleaks, Yamllint, and Checkov to ensure security and code quality.
-
Setup: Initialize the directory structure.
make setup
-
Environment: Configure your credentials in the
.envfile.cp .env.example .env # Edit .env with your Cloudflare token and domain -
Run: Start the infrastructure.
make up
-
Dashboard: Access your secure dashboard at:
https://traefik.your-domain.com/dashboard/(Trailing slash is mandatory).
make up: Start the infrastructure in detached mode.make status: Check container status.make logs: View live logs.make lint: Run security and style checks (Lefthook).make down: Stop services.make clean: Full cleanup (containers and volumes).
See the docs/ folder for detailed guides: