Added traefik labels for frigate WEBUI

2025-12-09 12:00:58 +02:00 · 2025-12-09 12:00:58 +02:00 · 3485f0d61a
commit 3485f0d61a
parent 3e1a3f691f
2 changed files with 51 additions and 3 deletions
--- a/frigate/.env
+++ b/frigate/.env
@ -1 +1,19 @@
-# VARIABLE=value #comment
+#
+# values to be used for substitution by docker compose in compose.yml AND .*.env files
+#
+DOMAINNAME=sthome.org
+
+APPLICATION_NAME=frigate
+WEBAPP_NAME=frigate-px 
+DOCKERDIR=/opt
+MEDIADIR=/mnt/frigate/media
+
+STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
+DATAROOT=${DOCKERDIR}/data
+DATADIR=${DATAROOT}/${APPLICATION_NAME}
+SECRETSDIR=${STACKSDIR}/secrets
+
+INTERNAL_PORT=5000 # (HTTP): Internal, unauthenticated access. Good for local access or Home Assistant integration, but should be blocked externally
+RTSP_PORT=8554 # (RTSP): For streaming camera feeds, especially the Birdseye view
+WEBRTC_PORT=8555 # (WebRTC): For two-way audio and live streams, often used by mobile apps
+WEBUI_PORT=8971 # (HTTPS/WS): Main authenticated access for UI and API. Use with reverse proxies for TLS/SSL
--- a/frigate/compose.yaml
+++ b/frigate/compose.yaml
@ -1,3 +1,13 @@
+name: frigate
+
+secrets:
+  frigate_rtsp_password:
+    file: ${SECRETSDIR}/frigate_rtsp_password
+
+networks:
+  traefik-net:
+    external: true
+
 services:
  frigate:
    hostname: frigate
@ -27,6 +37,26 @@ services:
      - 8554:8554 # (RTSP): For streaming camera feeds, especially the Birdseye view
      - 8555:8555/tcp # (WebRTC): For two-way audio and live streams, often used by mobile apps
      - 8555:8555/udp # (WebRTC): For two-way audio and live streams, often used by mobile apps
-      - 8971:8971 # (HTTPS/WS): Main authenticated access for UI and API. Use with reverse proxies for TLS/SSL
+    #  - 8971:8971 # (HTTPS/WS): Main authenticated access for UI and API. Use with reverse proxies for TLS/SSL
    env_file: .frigate.env
-networks: {}
+    secrets:
+      - frigate_rtsp_password
+    networks:
+      - traefik-net
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network=traefik-net
+      - traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}
+      - traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web
+      - traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)
+      - traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-secureHeaders-redirect@file
+      - traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc
+      - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure
+      - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${WEBAPP_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`) || Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)
+      - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-secureHeaders@file
+      - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true
+      - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file
+      - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns
+      - traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc
+
+