fixed traefik/rules/ext-home-assistant.yml to point to home-assistant-px

mealie/.env

@@ -4,7 +4,8 @@ APPLICATION_NAME=mealie
 DOCKERDIR=/mnt/SSD1/docker/
 MEDIADIR=/mnt/stpool1/NData1/Media
 
-STACKSDIR=${DOCKERDIR}/stacks/${APPLICATION_NAME}
+STACKSROOT=${DOCKERDIR}/stacks
+STACKSDIR=${STACKSROOT}/${APPLICATION_NAME}
 DATAROOT=${DOCKERDIR}/data
 DATADIR=${DATAROOT}/${APPLICATION_NAME}
 SECRETSDIR=${STACKSDIR}/secrets
@@ -25,20 +26,20 @@ MEALIE_DB_PASSWORD_FILE=/run/secrets/mealie_postgresql_password
 
 SMTP_PORT=25
 SMTP_SSL=true
-SMTP_FROM_FILE=/run/secrets/mealie_smtp_from
+SMTP_FROM_FILE=/run/secrets/smtp_from
-SMTP_HOST_FILE=/run/secrets/mealie_smtp_host
+SMTP_HOST_FILE=/run/secrets/smtp_host
-SMTP_PASSWORD_FILE=/run/secrets/mealie_smtp_password
+SMTP_PASSWORD_FILE=/run/secrets/smtp_password
-SMTP_USERNAME_FILE=/run/secrets/mealie_smtp_username
+SMTP_USERNAME_FILE=/run/secrets/smtp_username
 SMTP_AUTH_STRATEGY=NONE # Options: 'TLS', 'SSL', 'NONE'
 
 ################################################################
 # unfortunately, couldn't get mealie to work with docker secrets
-MEALIE_DB=mealie
+# MEALIE_DB=mealie
-MEALIE_DB_USER=mealie
+# MEALIE_DB_USER=mealie
-MEALIE_DB_PASSWORD="jVaGsWdohfnAVYn7hIxSh94qAzLi6G2BYd9TnaeS" 
+# MEALIE_DB_PASSWORD="jVaGsWdohfnAVYn7hIxSh94qAzLi6G2BYd9TnaeS" 
-SMTP_HOST=smtp.telkomsa.net
+# SMTP_HOST=smtp.telkomsa.net
-SMTP_FROM=stuurman30@telkomsa.net
+# SMTP_FROM=stuurman30@telkomsa.net
-SMTP_USERNAME=stuurman30@telkomsa.net
+# SMTP_USERNAME=stuurman30@telkomsa.net
-SMTP_PASSWORD=UltraM3!2024#
+# SMTP_PASSWORD=Saterdag!230@
 
 

mealie/.mealie.env

@@ -32,11 +32,11 @@ SMTP_USERNAME_FILE=${SMTP_USERNAME_FILE}
 
 ################################################################################
 # unfortunately, couldn't get mealie to work with docker secrets, so we need to override above with clear text "secrets"
-POSTGRES_DB=${MEALIE_DB}
+# POSTGRES_DB=${MEALIE_DB}
-POSTGRES_USER=${MEALIE_DB_USER}
+# POSTGRES_USER=${MEALIE_DB_USER}
-POSTGRES_PASSWORD=${MEALIE_DB_PASSWORD}
+# POSTGRES_PASSWORD=${MEALIE_DB_PASSWORD}
-SMTP_FROM=${SMTP_FROM}
+# SMTP_FROM=${SMTP_FROM}
-SMTP_HOST=${SMTP_HOST}
+# SMTP_HOST=${SMTP_HOST}
-SMTP_PASSWORD=${SMTP_PASSWORD}
+# SMTP_PASSWORD=${SMTP_PASSWORD}
-SMTP_USERNAME=${SMTP_USERNAME}
+# SMTP_USERNAME=${SMTP_USERNAME}
 

mealie/compose.yml

@@ -29,7 +29,7 @@ networks:
 
 services:
   mealie:
-    image: ghcr.io/mealie-recipes/mealie:v2.2.0   # v1.12.0
+    image: ghcr.io/mealie-recipes/mealie:latest #v2.2.0   # v1.12.0
     hostname: mealie
     env_file: .mealie.env
     restart: unless-stopped
@@ -58,19 +58,20 @@ services:
       - traefik.enable=true
       - traefik.docker.network=traefik-net
       #
+      - "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.middlewares.${APPLICATION_NAME}-https-redirect.redirectscheme.permanent=true"
+      #
       - "traefik.http.services.${APPLICATION_NAME}-svc.loadbalancer.server.port=${WEBUI_PORT}"
       #
       - "traefik.http.routers.${APPLICATION_NAME}-rtr.entrypoints=web"
       - "traefik.http.routers.${APPLICATION_NAME}-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
-      - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress-redirect@file"
+      - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-https-redirect"
       - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=${APPLICATION_NAME}-svc"
       #
       - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
       - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`${APPLICATION_NAME}.${DOMAINNAME}`)&& PathPrefix(`/`)"
-      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.middlewares=http-mw-rateLimit-secureHeaders-compress@file"
       - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls=true"
-      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.options=tls-options@file"
+      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=sthomeresolver"
-      - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
       - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=${APPLICATION_NAME}-svc"      
 
   postgresql:

traefik/.env

@@ -18,3 +18,6 @@ PUID=3012
 PGID=3011
 TZ=Africa/Johannesburg
 
+#TRAEFIK2_DNS_MAPPER=traefik2:10.0.0.51
+#TRAEFIK2_HOST_SNI=`traefik-px.sthome.org`
+#TRAEFIK2_NET1_ADDRESS=traefik-px.sthome.org:443

traefik/compose.yml

@@ -13,7 +13,7 @@ networks:
     external: true
   mariadb-net:
     external: true
-    
+
 ###############################################################
 # Docker Secrets
 # Owner (default): root:root
@@ -151,7 +151,7 @@ services:
       - "traefik.http.routers.${APPLICATION_NAME}-rtr.middlewares=${APPLICATION_NAME}-auth, http-mw-rateLimit-secureHeaders-compress-redirect@file"
       # assign svc target to router
       - "traefik.http.routers.${APPLICATION_NAME}-rtr.service=api@internal"
-      
+
       # https
       - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.entrypoints=websecure"
       - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.rule=Host(`traefik.${DOMAINNAME}`)&& PathPrefix(`/`)"
@@ -163,7 +163,8 @@ services:
       - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.tls.certresolver=solver-dns"
       # assign svc target to router
       - "traefik.http.routers.${APPLICATION_NAME}-secure-rtr.service=api@internal"
-      
+#    extra_hosts:
+#      - "${$TRAEFIK2_DNS_MAPPER}"
 ###############################################################
   socket-proxy:
     image: tecnativa/docker-socket-proxy:0.2.0 #0.1.2

traefik/config/traefik.yml

@@ -96,18 +96,18 @@ entryPoints:
   sftp2:
     address: ":2023"
   sftp3:
-    address: ":2024"    
+    address: ":2024"
   sftp4:
-    address: ":2025"    
+    address: ":2025"
   sftp5:
-    address: ":2026"    
+    address: ":2026"
   sftp6:
-    address: ":2027"    
+    address: ":2027"
   sftp7:
-    address: ":2028"    
+    address: ":2028"
   sftp8:
     address: ":2029"
-    
+
 ping:
   entryPoint: "ping"
 ################################################################
@@ -253,4 +253,4 @@ certificatesResolvers:
   #      resolvers:
   #        - "10.0.0.15:53"
   #        - "192.168.2.1:53"
-  
+

traefik/rules/ext-home-assistant.yml

@@ -0,0 +1,52 @@
+# external service
+# https://doc.traefik.io/traefik/providers/file/
+
+http:
+  #
+  # http routers
+  # ------------
+  routers:
+    home-assistant-rtr:
+      entryPoints:
+        - "web"
+      rule: "Host(`home-assistant.sthome.org`)&& PathPrefix(`/`)"
+      tls:
+        certresolver: "solver-dns"
+      middlewares:
+#        - home-assistant-auth
+        - http-mw-secureHeaders-redirect
+      service: "ext-home-assistant-svc"
+
+    home-assistant-secure-rtr:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`home-assistant.sthome.org`)&& PathPrefix(`/`)"
+      tls:
+        certresolver: "solver-dns"
+      middlewares:
+#        - home-assistant-auth
+        - http-mw-secureHeaders
+      service: "ext-home-assistant-svc"
+  #
+  # http middlewares
+  # ----------------
+#  middlewares:
+#    home-assistant-auth:
+#      basicauth:
+#        usersfile: "/mnt/users/home-assistant.txt"
+
+#    home-assistant-https-redirect:
+#      redirectscheme:
+#        scheme: https
+#        permanent: true
+  #
+  # http service
+  # ------------
+  # https://doc.traefik.io/traefik/routing/services/
+  services:
+    ext-home-assistant-svc:
+      loadBalancer:
+        servers:
+          - url: "https://home-assistant-px.sthome.org" # requires url to be added to /etc/hosts; must also be https, other browser will emit "too many redirects error"
+          #- url: "http://10.0.0.51:8123" # safest to use ip address, with reservation in dhcp server
+        passHostHeader: true