feat: https a certifikaty s ca

2026-03-01 23:40:24 +01:00
parent a321b89111
commit 69f5bb7068
9 changed files with 225 additions and 38 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,2 +1,2 @@
-DEV_URL=localhost
+DEV_URL=dev.linuxak.com
 EXTERNAL_NETWORK=traefiknet
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,7 @@
+.idea
 .env
 portainer/*
 !portainer/.gitkeep
 traefik/logs/*
-!traefik/logs/.gitkeep
+!traefik/logs/.gitkeep
+certificates
--- a/README.md
+++ b/README.md
@@ -9,29 +9,60 @@ Docker stack s reverse proxy (Traefik) a webovým rozhraním pro správu kontejn

 ## Instalace

-1. **Konfigurace prostředí**
-   ```bash
-   # Přejmenujte soubor .env.example na .env
-   mv .env.example .env
+### 1. Konfigurace prostředí
+```bash
+# Přejmenujte soubor .env.example na .env
+mv .env.example .env

-   # Upravte .env soubor dle svých nastavení
-   DEV_URL=dev.linuxak.com
-   EXTERNAL_NETWORK=traefiknet
-   ```
+# Upravte .env soubor dle svých nastavení
+DEV_URL=dev.linuxak.com
+EXTERNAL_NETWORK=traefiknet
+```

-2. **Spuštění**
-   ```bash
-   ./run up         # Spustit stack
-   ./run restart    # Restartovat stack
-   ./run down       # Zastavit stack
-   ```
+> **Poznámka:**
+> 
+> Doménu `dev.linuxak.com` můžete ponechat, směřuje na `127.0.0.1` tedy na váš lokální počítač. Pokud chcete použít
+> jinou doménu, nezapomeňte ji přidat do vašeho `/etc/hosts` souboru a vygenerovat novou sadu certifikátů pro tuto doménu.
+
+### 2. Import CA do systému
+   
+Traefik používá vlastní certifikát pro HTTPS komunikaci. Pro správné fungování je potřeba importovat `rootCA.pem` do důvěryhodných certifikátů vašeho operačního systému.
+
+#### MacOS
+```bash
+sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain traefik/certs/rootCA.pem
+```
+
+#### Linux (Ubuntu/Debian)
+```bash
+sudo cp traefik/certs/rootCA.pem /usr/local/share/ca-certificates/linuxak-dev-ca.crt
+sudo update-ca-certificates
+```
+
+#### Linux (CentOS/RHEL/Fedora)
+```bash
+sudo cp traefik/certs/rootCA.pem /etc/pki/ca-trust/source/anchors/linuxak-dev-ca.crt
+sudo update-ca-trust
+```
+
+#### Windows (PowerShell jako Admin)
+```bash
+Import-Certificate -FilePath "traefik/certs/rootCA.pem" -CertStoreLocation Cert:\LocalMachine\Root
+```
+
+### 3. Spuštění
+```bash
+./run up         # Spustit stack
+./run restart    # Restartovat stack
+./run down       # Zastavit stack
+```

 ## Přístup ke službám

-| Služba | URL |
-|--------|-----|
-| Traefik Dashboard | http://traefik.dev.linuxak.com |
-| Portainer | http://portainer.dev.linuxak.com |
+| Služba | URL                               |
+|--------|-----------------------------------|
+| Traefik Dashboard | https://traefik.dev.linuxak.com   |
+| Portainer | https://portainer.dev.linuxak.com |

 ## Struktura

@@ -40,26 +71,29 @@ Stack/
 ├── docker-compose.yml    # Definice služeb
 ├── run                   # Skript pro správu
 ├── .env                  # Konfigurace prostředí
-├── traefik/             # Traefik konfigurace a logy
-└── portainer/           # Portainer data
+├── traefik/              # Traefik konfigurace, certifikáty a logy
+└── portainer/            # Portainer data
 ```

 ## Persistence

 Složka `portainer` je persistentním úložištěm pro službu Portainer a všechna data této služby zůstanou uložená i po vypnutí stacku, dokud je ručně nesmažete.

-## Přidání nové služby
+## Připojení vaší služby do Traefiku

 Do vašeho `docker-compose.yml` přidejte Traefik labels:

-Hodnotu `<PORT>` nahraďte skutečným portem své služby.
+> Hodnotu `<VASE_URL>` nahraďte skutečnou doménou své služby.  
+> Hodnotu `<VAS_PORT>` nahraďte skutečným portem své služby.  
+> Hodnotu `<VASE_EXTERNI_SIT>` nahraďte skutečným náyvem své externí sítě.

 ```yaml
 labels:
  - "traefik.enable=true"
-  - "traefik.http.routers.myapp.rule=Host(`myapp.${DEV_URL}`)"
-  - "traefik.http.routers.myapp.entrypoints=web"
-  - "traefik.http.services.myapp.loadbalancer.server.port=<PORT>"
+  - "traefik.http.routers.myapp.rule=Host(`myapp.<VASE_URL>`)"
+  - "traefik.http.routers.myapp.entrypoints=websecure"
+  - "traefik.http.routers.myapp.tls=true"
+  - "traefik.http.services.myapp.loadbalancer.server.port=<VAS_PORT>"
 networks:
-  - ${EXTERNAL_NETWORK}
+  - <VASE_EXTERNI_SIT>
 ```
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,3 +1,8 @@
+networks:
+  external-net:
+    name: ${EXTERNAL_NETWORK:-traefiknet}
+    external: true
+
 services:
  traefik:
    image: traefik:latest
@@ -11,12 +16,15 @@ services:
      - "--accesslog.filepath=/logs/access.log"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.forwardedheaders.trustedips=0.0.0.0/0"
+      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.forwardedheaders.trustedips=0.0.0.0/0"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
-      - "--providers.docker.network=${EXTERNAL_NETWORK}"
+      - "--providers.docker.network=${EXTERNAL_NETWORK:-traefiknet}"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.watch=true"
      - "--providers.file.filename=/etc/traefik/traefik_dynamic.yml"
@@ -24,17 +32,19 @@ services:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.${DEV_URL}`)"
-      - "traefik.http.routers.traefik-dashboard.entrypoints=web"
+      - "traefik.http.routers.traefik-dashboard.entrypoints=websecure"
      - "traefik.http.routers.traefik-dashboard.service=api@internal"
+      - "traefik.http.routers.traefik-dashboard.tls=true"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik/certs:/certs:ro
      - ./traefik/traefik_dynamic.yml:/etc/traefik/traefik_dynamic.yml:ro
      - ./traefik/logs:/logs
    networks:
-      - ${EXTERNAL_NETWORK}
+      - external-net

  portainer:
    image: portainer/portainer-ce:latest
@@ -46,13 +56,9 @@ services:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`portainer.${DEV_URL}`)"
-      - "traefik.http.routers.portainer.entrypoints=web"
+      - "traefik.http.routers.portainer.entrypoints=websecure"
      - "traefik.http.routers.portainer.service=portainer"
+      - "traefik.http.routers.portainer.tls=true"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"
    networks:
-      - ${EXTERNAL_NETWORK}
-
-networks:
-  traefiknet:
-    name: ${EXTERNAL_NETWORK}
-    external: true
+      - external-net
--- a/5
+++ b/5
@@ -20,6 +20,11 @@ case "$ACTION" in
  "up")
    docker network create $EXTERNAL_NETWORK > /dev/null 2>&1 || true
    docker compose up -d
+    echo "\nServices are starting up..."
+    sleep 2
+    echo "\nAvailable services:"
+    echo "Traefik:    https://traefik.${DEV_URL}"
+    echo "Portainer:  https://portainer.${DEV_URL}"
    ;;
  "restart")
    docker compose restart
--- a/traefik/certs/dev.linuxak.com+1-key.pem
+++ b/traefik/certs/dev.linuxak.com+1-key.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDMByTfe8cZC6Mr
+/F59ewhgg6VFLlgmOO0whq9X/MvfKEsBNlSFKX5zqaaxPfzurE2IBOeJYNVehDoJ
+E72C5wBpftwaEpizyLvPRz9IKKOab+kjNAI2vlW3jJWgPct/Ye2DSsjX3hpZ3Xyu
+woOjXfpzPDZBokh9bpD81evx6DdHhYRRIsPYfKEc1njBTZ684JBEmi4e70q1tgFq
+3srFcPhwio/O5vQFfKZ1BqYppRhWUfV7+ABCE+v24sPyUEA4fWbH0OYcGVSYMA/s
+KfS8Lzrh4+/601/9b+53JJ0iuC1H+UVwOLLbE1rI3/PP25cMP0U+8dOCVRb7/PEb
+POjvWvLvzcHTnb05wTlw4N2t0sOii7boBnm8TtRU816soYlBUs90QRI+kGTIPE27
+H/kAIUtnP0qQaTGX5i9MBt59uiZ3v76Ph8GZ2vymNu5bKU1a8+vjPuIxYBemI/++
+bWSQvsq60XW0DKnOlJ56TBVzlhbOzMDP2kkcMFTNdxFbBsJ1WSsQsg1KyWC3DT/T
+VGN6EMswHVansoSVCC6ppUv+SJnWv90GBJT8Uc+rkO1xGjnwfSmXsr4+cfR5I6uR
+MEyk7vOxnwG8hiBN9lUB9biv5J8s8jb4AxCNcQOrbQG5YWoaNokbRoPICPrbfgHP
+1F319sk+NJr+2TNbCrcwXSdm6wDttQIDAQABAoICAC7ChGTjzWGkFSWDlXRUujrE
+cSBF2tYHvfSdKZqUyXS/m1EPzpcmR2DixN1iQ5G/05UU6qvFkaEz1Mk3yPszThjf
+hjpDgNPTcZez0IENL1G5zEjRJqC9Ro/mnHQ5NWZgXzrz7Mvsj0WBSY4T7m+GnlvC
+tPyd4Nc+e+Q2cvjiK6kspIKj4RbAmXwue0ZyL6tCHE5ct61HUmwK5pBDt11A4u+I
+EiVtMQgA5XV0rKhmugkuh4B9+jEqt63Bkv75/X3035Vz/wj5lTW77ipGA10NxgT3
+ZIyr3RgMiy6rKYhHhbk1HAD4PaWP7gKTsSE2Rov8BDbE3aDFN5tRAUEo2Ini4kJC
+fpDDpfzbjDlmN0KyUKorlHWfIwP3YCBpaSQRzCdLbCVSd/euhYV2FIhQ0mLe9nkJ
+imJtrUpQ29+ybLVZLLp86r+jqOQi/yk6VMHmxvRyM8O07aY7QLrFey/5RItRkPrX
+P21Qu+TXRK+c7xdoGWjlfnSDWfGYmflMZWBXse7HyGjrMaCfWNN8wrMH5pUA+AXt
+qFdC6eiOG5Nr3yk/I+zP/ueo8dQvU88srT7rBu2fyDodhPAOcuSJVnch7jBYqLVB
+5X8j+dx5N81NZpBO6QTxW5uTgPVxuBCOfy73pke5fEDM92D5xCYMo7rF0fEi0icT
+c39yQvjQ0Bqf+1QMVzARAoIBAQDz/vveNWzrPBGg4UVaBOfkbbKLmMLQfqr4Nc6p
+8h99UjnMowncLylv5s4hqtm6Ff+qgxY/LLe598WBNHo9ocjzjk2OQqM8ZqwfkmEx
+mo7zm3OCHg4KKiWoNmNErcY8Zr3Q5Qes1AfJSi+6bdK33/ghtqgpjvfPWjQxUbpC
+0L88EPZlvmyzM1FY67E5ch08G4j9znP07NRr7df4bKAi+MLcRYreUB119LWdZrGM
+IAJz1RRFpiA+lgxoBbXmjdl8nuBiho4qboVhup0HAxAMqCG+XO0Icf0kax2z7Z7S
+lJBElwGdNX9wtZcUQl6oVdGuTxtTYQsnCFKBmpSSHbrYayq3AoIBAQDWEMfB3qW+
+uS4fLqNZQjtdeZfdUFImP/zbS4sVYR5LyJ44NpVVsoTDGJ5//2mIhg55p7U0C7GA
+/X+Y4f1i/DNfFhGY0EzukWfCuCVnSZ1q3oznoCfR45T3ff9AFuis2+cLtRHRMNUg
+HSf56ul9L6nCTHSyuwMiQ7gMKaDzoOGDLMVbmq6eo/mM9DamZyepTxEKJ4Nh8dJV
+9jVtBBhuoB/AwjuuL6YMdvjxVmsmGg4Z3YOrSWHXausPCznXUubfdnanidI6RXHO
+9PT3pI0jabfIdywPMwjJzx+kxD62A5FyzFwuG+/PeUnajGNxN9B7aqDF6YX4nuEz
+q/3lhl14ua7zAoIBAEsE3P/nQUPaRjlGygHxfDL5n2nYYB2mtH54XMBX12K6w1at
+0jxGq+DiAALN+v+CAAe3IkHuR9b/3VPqhKMqeRSZbjMNPg82KjnS0dtkgAtagltB
+TmPFrapYfpEBNPAhTr9Ji+CRmItFKgOR/LXYQPxsoquUb5DrVRzM2g3tDL81H+0M
+bXNzldFXNjhJY7+1X5tZvMFTh8RfboXNMDdQcOk04IuV6lj4ElcA2hoRRW/D1eXM
+PCHCFLJu/wySFIqCds8UO+XD8XKo49riEC80CpvzClYMZh6qaImHx8tLLkhIfZCO
+gE5xJrBt75imOj/zxp0OO1WW83cxxfhe97HO0WUCggEAJdFNGQj2ix038rZQkWJM
+DpV+qNCZ0rwXNb7A0YQY0BafLRsngr5JChZ9WeuLf1z/jap9LraqIzmloyK5mxUn
+FjNV5INYNAVoKVRS905gCxNKHVmD72afWKHfyDjD3lXzGXRhs21HGadM+q/vk/gp
+q3PKYhD72r/P8gYgsynG7V+pdid7lfcuDSLPzNIIhba8MekNIu6P1DPs+Fdy4YhU
+U798v6cXVLhn/mrf/xk3SIaDzmzmZiIzaLL5AvtYYj4RdEO66iR+mKtZ464kaQ8y
+Mq4rEHxZnx2CX59z3MAAoCFOX677zNGGpJ+MqeHMaSFLSeuZiXS4IGLQNg5o0P0s
+1QKCAQEAqxH1CBklRS8N2qyCoZM9Z3FDaEeSnDcc0RKzxJdl5nzmp+oCI3Q9YmUp
+7pwUsoIDlP5mTv1ZaeKGoEnsSzHqK78Pz2x1EMFBT7WblOHhLGTiKtKIDP1DE/zF
+qB63fg8IpM7XffybLeoFN6cMiYUnsdBrQ90gBVo1jx8fmd8YpDihQKDxAajVx3EY
+lC7N2noGmN+cyeBri34pvARwdtDC1fQEkHlrcYyKsAlCYulFMNOe7nY0FNNJkCir
+8E2BOpjZXehU7wkbowpDfa+8Bpr1+HrQTUA1aQYMM9PUIr8GMiQalXi3l+tof+cM
+gT0Pm/C+wmvW8vz3JzUP6lorpLwuWQ==
+-----END PRIVATE KEY-----
--- a/traefik/certs/dev.linuxak.com+1.pem
+++ b/traefik/certs/dev.linuxak.com+1.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIFzTCCA7WgAwIBAgIUBnaccxGlwm24NDrZf19qkoCrnBgwDQYJKoZIhvcNAQEL
+BQAwVTEXMBUGA1UECgwOTGludXhhayBzLnIuby4xGTAXBgNVBAsMEERldmVsb3Bt
+ZW50IFRlYW0xHzAdBgNVBAMMFkxpbnV4YWsgRGV2ZWxvcG1lbnQgQ0EwHhcNMjYw
+MzAxMjEyOTQwWhcNMzYwMjI3MjEyOTQwWjBOMRcwFQYDVQQKDA5MaW51eGFrIHMu
+ci5vLjEZMBcGA1UECwwQRGV2ZWxvcG1lbnQgVGVhbTEYMBYGA1UEAwwPZGV2Lmxp
+bnV4YWsuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzAck33vH
+GQujK/xefXsIYIOlRS5YJjjtMIavV/zL3yhLATZUhSl+c6mmsT387qxNiATniWDV
+XoQ6CRO9gucAaX7cGhKYs8i7z0c/SCijmm/pIzQCNr5Vt4yVoD3Lf2Htg0rI194a
+Wd18rsKDo136czw2QaJIfW6Q/NXr8eg3R4WEUSLD2HyhHNZ4wU2evOCQRJouHu9K
+tbYBat7KxXD4cIqPzub0BXymdQamKaUYVlH1e/gAQhPr9uLD8lBAOH1mx9DmHBlU
+mDAP7Cn0vC864ePv+tNf/W/udySdIrgtR/lFcDiy2xNayN/zz9uXDD9FPvHTglUW
+/zxGzzo71ry783B0529OcE5cODdrdLDoou26AZ5vE7UVPNerKGJQVLPdEESPpBk
+yDxNux/5ACFLZz9KkGkxl+YvTAbefbomd7++j4fBmdr8pjbuWylNWvPr4z7iMWAX
+piP/vm1kkL7KutF1tAypzpSeekwVc5YWzszAz9pJHDBUzXcRWwbCdVkrELINSslg
+tw0/01RjehDLMB1Wp7KElQguqaVL/kiZ1r/dBgSU/FHPq5DtcRo58H0pl7K+PnH0
+eSOrkTBMpO7zsZ8BvIYgTfZVAfW4r+SfLPI2+AMQjXEDq20BuWFqGjaJG0aDyAj6
+234Bz9Rd9fbJPjSa/tkzWwq3MF0nZusA7bUCAwEAAaOBmzCBmDAJBgNVHRMEAjAA
+MAsGA1UdDwQEAwIFoDA+BgNVHREENzA1gg9kZXYubGludXhhay5jb22CESouZGV2
+LmxpbnV4YWsuY29tgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0OBBYEFA6ToYeHe+Op
+jTN++uk7Fro7wXHrMB8GA1UdIwQYMBaAFBFJ7aCOprxOULdjBrB1Cd88FkRYMA0G
+CSqGSIb3DQEBCwUAA4ICAQCfX6iDWxzqaQfmF7j9GoaNuVa2vToHFdNRWMcEVIyx
+BmPUG5d7UqVPhKGcs8EgYo5uXCy422WKPU2D+nxMmcpkRuXaxmoUK0c2wy0QH5xb
+9Z7bakAW3dmLipNUySdc4VKyqRzDGdqfClLynM+3+UiCa3chA4mEkiptZgcaJVpF
+7t4IVB+r4xFs1lkve/tecDyBABsNUmxNiPHBddYxXMvC3NMvG+EMTp/dbCGsHr0m
+3Odbw8n16EuFmdQbJw3MLfFm2YnE7CT7t1qJzBCE7Tzxt/n5lk6xVHp6H7GGn0IF
+ZF9rD+6S2IsJkER7AE43pkDDcPTpgOb1lioxkuIkAIcsUIg5MRNyzSPIpTVpQGHa
+Tl/MXnktX0HN1CVN2Q7KSJBBl7LscUHE69avGvfRggRNHk0Y6bC7fiDsPL6wA3yN
+n8pCmAHXRWq5ssnBftTxyqOdVNlWkUgGQwE3UAauB5oVm7H8Rt+vzBjGV29lkEcE
+G0drlzX5b78HCX79u7Jo/pbG8eWNjCpGiM1D8/mXQxgQWavHsNGdjNgF8ghaQcQt
+0zs7dfUNRy7ylwoUaqu8lD0mPHUZ/4hrUO/eaCIt4wZWBE+nLB1yp6YJvTWBvnU2
+dLulonqDMtWoM4WnBcFcpuuhpOqNgplyrxFKn38fd2C8nKwPgi9LS2/1N+M2W/yp
+EQ==
+-----END CERTIFICATE-----
--- a/traefik/certs/rootCA.pem
+++ b/traefik/certs/rootCA.pem
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFlTCCA32gAwIBAgIULLksopGuwUuUc+OMyV0whPx7EI8wDQYJKoZIhvcNAQEL
+BQAwVTEXMBUGA1UECgwOTGludXhhayBzLnIuby4xGTAXBgNVBAsMEERldmVsb3Bt
+ZW50IFRlYW0xHzAdBgNVBAMMFkxpbnV4YWsgRGV2ZWxvcG1lbnQgQ0EwHhcNMjYw
+MzAxMjEyOTQwWhcNMzYwMjI3MjEyOTQwWjBVMRcwFQYDVQQKDA5MaW51eGFrIHMu
+ci5vLjEZMBcGA1UECwwQRGV2ZWxvcG1lbnQgVGVhbTEfMB0GA1UEAwwWTGludXhh
+ayBEZXZlbG9wbWVudCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AOar3Rv1Mflr9m7mgrGU9FGyjaTILe8iUmF7Tl4dCTozfKPnOEmdTvW3KZABzNCJ
+elX/4tgRTFklIowpgAkO9DTrc6JUK7fJ0QDLWP35Z0go0Rel/7lp/2LCW8dRypep
+v0D9en9p7dEKaZu1oFmGVdHEwcTru45gtjV13MdhJD5DPWt+WRtlnI5EpzDbMi9N
+f2v600NokTR/v6rfaPoFqGxVdbxWAfczl3oIrWAD7MCW7czHa3ke15Rsip6iLq0O
+sHKPFTFpVjS7FmE5RgT82TRwnknYmmvJeaLQFQgOueS67IqTVtlshZtCWz04owKy
+9Y0dXyxVJIZOprmH3nUcybvkB3hI5KiPD4NUbCx83kchmWJ05wtL+wIKCqUPtpfL
+6qziQtkGoxM8uMzOjyXNXZvRtjLSy9JQEdmqVQklFR5rK1C33ESVm7VtW5eYd83R
+sM5Saqs6CmfB1A/aG6S3SGB049qglBqGJ7e9nK37NINdHyAW7Ud8l3dsFVX4QEg8
+BUnB7WBSmsXy4maEs7vCVr27a+RVqo/G32SJisKi29MUnRWKQ4yB4opi4hb8gReR
+IA9SbK44wMCckFSLkMkMX7YDDWEpJOoNSlMmMg1O+9VNSef1qn5U37cELkJUBLQ2
+uTi4Y69sk2NMBKqMfx2nbG9TyhKJlqRtQCLBolH2g+71AgMBAAGjXTBbMAwGA1Ud
+EwQFMAMBAf8wCwYDVR0PBAQDAgKkMB0GA1UdDgQWBBQRSe2gjqa8TlC3YwawdQnf
+PBZEWDAfBgNVHSMEGDAWgBQRSe2gjqa8TlC3YwawdQnfPBZEWDANBgkqhkiG9w0B
+AQsFAAOCAgEAWiJTvYXGgwc8TpbQL7A3xrj1nI9YrCx6MbiYXFPef6uknU8IMncQ
+AinuV/qtiwdvtQHMhjqVzQ2QTj+pBsTwAJZwyYpxtRVLBPgtsH1P2pUjVTbPiRXd
+na9yvtAaK+Wezf9mxmgA6iZVhbv6izcDgv9UODyQlqFvnFelTYKFvRxws9VwoNAx
+YwXk8acS+VJv1sNVm7Lrb/Vucsnq/2POOuqKGLiO64VA1m8A7I2jyYw0hRPD2Qo+
+HlckvYjfMq37YpMZbORd77kz/SLg91u3HdITdQJGrvC1ASytFAYk7IxfkLLMw6qy
+jRndCxx/KoUCEr1PpxUlmWqh5R6YB+KCPwkNaP82xATsXxVzJGq4G9HfjyfGb2OF
+iiFPSzeKHIhfAu5OnralkbbxcM43rW8YCSgoHj9qQeUMaKEeBO+zkyAOcInEXoYn
+vqjwmkqTVu1doP+qJ89sSvFvo97IYfKgDRzeqrtYmbWkaZ3pO6Q6Yfy84cEzJacz
+oA1txjc94UOZeo33F/OJTBRA2Ic5XVkoLR0iv2/L5spEq+eN+qICO0MFc1k90XU7
+g/9LYJdmvw4JNgpx4eOaXJZqwqXBWiPJY5hiso5xF4jO0BzJdIMCpxqrXNHneF47
+qfzGA5QN+XRqwAfoGl4eAEkiXnVEll/9rWbNiiXqPj0XfRJB31lVzTU=
+-----END CERTIFICATE-----
--- a/traefik/traefik_dynamic.yml
+++ b/traefik/traefik_dynamic.yml
@@ -0,0 +1,22 @@
+http:
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
+
+tls:
+  options:
+    modern:
+      minVersion: VersionTLS12
+      sniStrict: true
+  certificates:
+    - certFile: /certs/dev.linuxak.com+1.pem
+      keyFile: /certs/dev.linuxak.com+1-key.pem
+      stores:
+        - default
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /certs/dev.linuxak.com+1.pem
+        keyFile: /certs/dev.linuxak.com+1-key.pem