6. June 2019
Improvements to the Traefik usage with NAV/BC or why Open Source is awesome
I had introduced the usage of Traefik with NAV/BC containers and also shared the integration into navcontainerhelper over the last couple of months. As always, there was room for improvement and to my delight Damien Duportal, Developer Advocate at Containous, the company behind Traefik, contacted me via email to suggest three important changes:
- I had used the [web] directive in the Traefik config file to make the Traefik dashboard and API available on port 8080. That directive however is deprecated and Damien suggested to replace it with [api] as you can see here
- Having the API open for everyone has a security impact (see CVE-2018-15598 and CVE-2019-12452), so he changed the port binding of the Docker container so that the API is only available from the Docker host VM itself, not from the outside, as you can see here
- And last but not least, something I really should have done to begin with: He referenced the Traefik image with a version tag as you can see here
Overall, while maybe not having a huge impact for most users, those are very good improvements. And all of this is only possible because Microsoft (i.e. Freddy) is sharing all this as Open Source on Github. Otherwise I wouldn’t have been able to implement the Traefik support and definitely Damien would never have come across it and improved it. That’s why Open Source rocks!
thank you for this post!
Alternatively you can set up user password authentication right?
yes, it is documented here: https://docs.traefik.io/v1.7/configuration/api/#authentication
Thank you for your answer! 🙂
I’ve created a PR to the navcontainerhelper for using a custom toml with a certificate:
Thanks for that!