From 7575b004ab259195508f67b88f3f0bc0981c7b23 Mon Sep 17 00:00:00 2001 From: groales Date: Mon, 1 Dec 2025 13:04:37 +0100 Subject: [PATCH] =?UTF-8?q?Consolidar=20configuraci=C3=B3n=20din=C3=A1mica?= =?UTF-8?q?=20en=20dynamic.yml=20(fix:=20http=20standalone=20error)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dynamic/dynamic.yml | 108 ++++++++++++++++++++++++++++++++++++++++ dynamic/middlewares.yml | 44 ---------------- dynamic/routers.yml | 54 -------------------- 3 files changed, 108 insertions(+), 98 deletions(-) create mode 100644 dynamic/dynamic.yml delete mode 100644 dynamic/middlewares.yml delete mode 100644 dynamic/routers.yml diff --git a/dynamic/dynamic.yml b/dynamic/dynamic.yml new file mode 100644 index 0000000..3f268f5 --- /dev/null +++ b/dynamic/dynamic.yml @@ -0,0 +1,108 @@ +# ============================================ +# CONFIGURACIÓN DINÁMICA DE TRAEFIK +# ============================================ +# Este archivo contiene middlewares, routers y servicios +# Traefik recarga automáticamente los cambios (~10s) + +http: + # ============================================ + # MIDDLEWARES + # ============================================ + middlewares: + # Headers de seguridad + security-headers: + headers: + stsSeconds: 63072000 + forceSTSHeader: true + stsIncludeSubdomains: true + stsPreload: true + frameDeny: true + contentTypeNosniff: true + browserXssFilter: true + referrerPolicy: "strict-origin-when-cross-origin" + customResponseHeaders: + X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" + + # Rate limiting + rate-limit: + rateLimit: + average: 100 + burst: 200 + period: 1m + + # IP Allow List (ejemplo - ajusta tus IPs) + ip-allowlist: + ipAllowList: + sourceRange: + - "127.0.0.1/32" + - "10.0.0.0/8" + - "172.16.0.0/12" + - "192.168.0.0/16" + + # Autenticación básica (genera hash con: docker run --rm httpd:alpine htpasswd -nbB admin tu_password) + auth-basic: + basicAuth: + users: + - "admin:$2y$05$example_hash_CHANGE_THIS" # CAMBIA ESTE HASH + + # Redirect www a root + redirect-www: + redirectRegex: + regex: "^https?://www\\.(.+)" + replacement: "https://${1}" + permanent: true + + # ============================================ + # ROUTERS (Ejemplos comentados) + # ============================================ + # routers: + # # Ejemplo: Router para aplicación web con HTTPS y middlewares + # whoami: + # rule: "Host(`whoami.tudominio.com`)" + # entryPoints: + # - websecure + # middlewares: + # - security-headers + # - rate-limit + # service: whoami-service + # tls: + # certResolver: letsencrypt + # + # # Ejemplo: Router con autenticación básica y restricción IP + # admin-panel: + # rule: "Host(`admin.tudominio.com`)" + # entryPoints: + # - websecure + # middlewares: + # - auth-basic + # - ip-allowlist + # - security-headers + # service: admin-service + # tls: + # certResolver: letsencrypt + + # ============================================ + # SERVICES (Ejemplos comentados) + # ============================================ + # services: + # # Ejemplo: Servicio apuntando a contenedor local + # whoami-service: + # loadBalancer: + # servers: + # - url: "http://whoami:80" + # + # # Ejemplo: Servicio apuntando a servidor externo + # admin-service: + # loadBalancer: + # servers: + # - url: "http://192.168.1.100:8080" + # + # # Ejemplo: Servicio con health check + # api-service: + # loadBalancer: + # servers: + # - url: "http://api:3000" + # healthCheck: + # path: "/health" + # interval: "10s" + # timeout: "3s" diff --git a/dynamic/middlewares.yml b/dynamic/middlewares.yml deleted file mode 100644 index 583af56..0000000 --- a/dynamic/middlewares.yml +++ /dev/null @@ -1,44 +0,0 @@ -http: - middlewares: - # Headers de seguridad - security-headers: - headers: - stsSeconds: 63072000 - forceSTSHeader: true - stsIncludeSubdomains: true - stsPreload: true - frameDeny: true - contentTypeNosniff: true - browserXssFilter: true - referrerPolicy: "strict-origin-when-cross-origin" - customResponseHeaders: - X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" - - # Rate limiting - rate-limit: - rateLimit: - average: 100 - burst: 200 - period: 1m - - # IP Allow List (ejemplo - ajusta tus IPs) - ip-allowlist: - ipAllowList: - sourceRange: - - "127.0.0.1/32" - - "10.0.0.0/8" - - "172.16.0.0/12" - - "192.168.0.0/16" - - # Autenticación básica (genera hash con: docker run --rm httpd:alpine htpasswd -nbB admin tu_password) - auth-basic: - basicAuth: - users: - - "admin:$2y$05$example_hash_CHANGE_THIS" # CAMBIA ESTE HASH - - # Redirect www a root - redirect-www: - redirectRegex: - regex: "^https?://www\\.(.+)" - replacement: "https://${1}" - permanent: true diff --git a/dynamic/routers.yml b/dynamic/routers.yml deleted file mode 100644 index 9faf744..0000000 --- a/dynamic/routers.yml +++ /dev/null @@ -1,54 +0,0 @@ -# ============================================ -# ROUTERS Y SERVICIOS (Ejemplos comentados) -# ============================================ -# Descomentar y adaptar según necesites - -http: - routers: - # Ejemplo: Router para aplicación web con HTTPS y middlewares - # whoami: - # rule: "Host(`whoami.tudominio.com`)" - # entryPoints: - # - websecure - # middlewares: - # - security-headers - # - rate-limit - # service: whoami-service - # tls: - # certResolver: letsencrypt - - # Ejemplo: Router con autenticación básica y restricción IP - # admin-panel: - # rule: "Host(`admin.tudominio.com`)" - # entryPoints: - # - websecure - # middlewares: - # - auth-basic - # - ip-allowlist - # - security-headers - # service: admin-service - # tls: - # certResolver: letsencrypt - - services: - # Ejemplo: Servicio apuntando a contenedor local - # whoami-service: - # loadBalancer: - # servers: - # - url: "http://whoami:80" - - # Ejemplo: Servicio apuntando a servidor externo - # admin-service: - # loadBalancer: - # servers: - # - url: "http://192.168.1.100:8080" - - # Ejemplo: Servicio con health check - # api-service: - # loadBalancer: - # servers: - # - url: "http://api:3000" - # healthCheck: - # path: "/health" - # interval: "10s" - # timeout: "3s"