From 24d46bfbf3457bc4c652a9d72922efd763199e68 Mon Sep 17 00:00:00 2001
From: groales <gustavo.roales@ictiberia.com>
Date: Mon, 1 Dec 2025 13:19:04 +0100
Subject: [PATCH] =?UTF-8?q?Fix:=20consolidar=20configuraci=C3=B3n=20din?=
 =?UTF-8?q?=C3=A1mica=20en=20config.yml=20=C3=BAnico?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 dynamic/README.md       |   6 +--
 dynamic/config.yml      | 108 ++++++++++++++++++++++++++++++++++++++++
 dynamic/middlewares.yml |  44 ----------------
 dynamic/routers.yml     |  26 ----------
 dynamic/services.yml    |  23 ---------
 5 files changed, 110 insertions(+), 97 deletions(-)
 create mode 100644 dynamic/config.yml
 delete mode 100644 dynamic/middlewares.yml
 delete mode 100644 dynamic/routers.yml
 delete mode 100644 dynamic/services.yml

diff --git a/dynamic/README.md b/dynamic/README.md
index 535730f..463336b 100644
--- a/dynamic/README.md
+++ b/dynamic/README.md
@@ -4,11 +4,9 @@ Este directorio contiene configuración que Traefik recarga automáticamente sin
 
 ## Archivos
 
-- **middlewares.yml**: Middlewares reutilizables (headers seguridad, rate limit, auth, etc.)
-- **routers.yml**: Routers HTTP/HTTPS (ejemplos comentados)
-- **services.yml**: Servicios backend (ejemplos comentados)
+- **config.yml**: Configuración dinámica completa (middlewares, routers, servicios)
 
-**Importante:** Cada archivo debe tener la estructura `http:` como raíz cuando se usa `directory:` en el proveedor file.
+**Importante:** Con `directory:` en el proveedor file, se debe usar un único archivo consolidado con la estructura `http:` como raíz.
 
 ## Autenticación Básica
 
diff --git a/dynamic/config.yml b/dynamic/config.yml
new file mode 100644
index 0000000..3f268f5
--- /dev/null
+++ b/dynamic/config.yml
@@ -0,0 +1,108 @@
+# ============================================
+# CONFIGURACIÓN DINÁMICA DE TRAEFIK
+# ============================================
+# Este archivo contiene middlewares, routers y servicios
+# Traefik recarga automáticamente los cambios (~10s)
+
+http:
+  # ============================================
+  # MIDDLEWARES
+  # ============================================
+  middlewares:
+    # Headers de seguridad
+    security-headers:
+      headers:
+        stsSeconds: 63072000
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        frameDeny: true
+        contentTypeNosniff: true
+        browserXssFilter: true
+        referrerPolicy: "strict-origin-when-cross-origin"
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
+
+    # Rate limiting
+    rate-limit:
+      rateLimit:
+        average: 100
+        burst: 200
+        period: 1m
+
+    # IP Allow List (ejemplo - ajusta tus IPs)
+    ip-allowlist:
+      ipAllowList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "10.0.0.0/8"
+          - "172.16.0.0/12"
+          - "192.168.0.0/16"
+
+    # Autenticación básica (genera hash con: docker run --rm httpd:alpine htpasswd -nbB admin tu_password)
+    auth-basic:
+      basicAuth:
+        users:
+          - "admin:$2y$05$example_hash_CHANGE_THIS"  # CAMBIA ESTE HASH
+
+    # Redirect www a root
+    redirect-www:
+      redirectRegex:
+        regex: "^https?://www\\.(.+)"
+        replacement: "https://${1}"
+        permanent: true
+
+  # ============================================
+  # ROUTERS (Ejemplos comentados)
+  # ============================================
+  # routers:
+  #   # Ejemplo: Router para aplicación web con HTTPS y middlewares
+  #   whoami:
+  #     rule: "Host(`whoami.tudominio.com`)"
+  #     entryPoints:
+  #       - websecure
+  #     middlewares:
+  #       - security-headers
+  #       - rate-limit
+  #     service: whoami-service
+  #     tls:
+  #       certResolver: letsencrypt
+  #
+  #   # Ejemplo: Router con autenticación básica y restricción IP
+  #   admin-panel:
+  #     rule: "Host(`admin.tudominio.com`)"
+  #     entryPoints:
+  #       - websecure
+  #     middlewares:
+  #       - auth-basic
+  #       - ip-allowlist
+  #       - security-headers
+  #     service: admin-service
+  #     tls:
+  #       certResolver: letsencrypt
+
+  # ============================================
+  # SERVICES (Ejemplos comentados)
+  # ============================================
+  # services:
+  #   # Ejemplo: Servicio apuntando a contenedor local
+  #   whoami-service:
+  #     loadBalancer:
+  #       servers:
+  #         - url: "http://whoami:80"
+  #
+  #   # Ejemplo: Servicio apuntando a servidor externo
+  #   admin-service:
+  #     loadBalancer:
+  #       servers:
+  #         - url: "http://192.168.1.100:8080"
+  #
+  #   # Ejemplo: Servicio con health check
+  #   api-service:
+  #     loadBalancer:
+  #       servers:
+  #         - url: "http://api:3000"
+  #       healthCheck:
+  #         path: "/health"
+  #         interval: "10s"
+  #         timeout: "3s"
diff --git a/dynamic/middlewares.yml b/dynamic/middlewares.yml
deleted file mode 100644
index 583af56..0000000
--- a/dynamic/middlewares.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-http:
-  middlewares:
-    # Headers de seguridad
-    security-headers:
-      headers:
-        stsSeconds: 63072000
-        forceSTSHeader: true
-        stsIncludeSubdomains: true
-        stsPreload: true
-        frameDeny: true
-        contentTypeNosniff: true
-        browserXssFilter: true
-        referrerPolicy: "strict-origin-when-cross-origin"
-        customResponseHeaders:
-          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
-
-    # Rate limiting
-    rate-limit:
-      rateLimit:
-        average: 100
-        burst: 200
-        period: 1m
-
-    # IP Allow List (ejemplo - ajusta tus IPs)
-    ip-allowlist:
-      ipAllowList:
-        sourceRange:
-          - "127.0.0.1/32"
-          - "10.0.0.0/8"
-          - "172.16.0.0/12"
-          - "192.168.0.0/16"
-
-    # Autenticación básica (genera hash con: docker run --rm httpd:alpine htpasswd -nbB admin tu_password)
-    auth-basic:
-      basicAuth:
-        users:
-          - "admin:$2y$05$example_hash_CHANGE_THIS"  # CAMBIA ESTE HASH
-
-    # Redirect www a root
-    redirect-www:
-      redirectRegex:
-        regex: "^https?://www\\.(.+)"
-        replacement: "https://${1}"
-        permanent: true
diff --git a/dynamic/routers.yml b/dynamic/routers.yml
deleted file mode 100644
index 126a11b..0000000
--- a/dynamic/routers.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-http:
-  routers:
-    # Ejemplo: Router para aplicación web con HTTPS y middlewares
-    # whoami:
-    #   rule: "Host(`whoami.tudominio.com`)"
-    #   entryPoints:
-    #     - websecure
-    #   middlewares:
-    #     - security-headers
-    #     - rate-limit
-    #   service: whoami-service
-    #   tls:
-    #     certResolver: letsencrypt
-
-    # Ejemplo: Router con autenticación básica y restricción IP
-    # admin-panel:
-    #   rule: "Host(`admin.tudominio.com`)"
-    #   entryPoints:
-    #     - websecure
-    #   middlewares:
-    #     - auth-basic
-    #     - ip-allowlist
-    #     - security-headers
-    #   service: admin-service
-    #   tls:
-    #     certResolver: letsencrypt
diff --git a/dynamic/services.yml b/dynamic/services.yml
deleted file mode 100644
index 85ecbd8..0000000
--- a/dynamic/services.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-http:
-  services:
-    # Ejemplo: Servicio apuntando a contenedor local
-    # whoami-service:
-    #   loadBalancer:
-    #     servers:
-    #       - url: "http://whoami:80"
-
-    # Ejemplo: Servicio apuntando a servidor externo
-    # admin-service:
-    #   loadBalancer:
-    #     servers:
-    #       - url: "http://192.168.1.100:8080"
-
-    # Ejemplo: Servicio con health check
-    # api-service:
-    #   loadBalancer:
-    #     servers:
-    #       - url: "http://api:3000"
-    #     healthCheck:
-    #       path: "/health"
-    #       interval: "10s"
-    #       timeout: "3s"