feat: Differenciate backend & frontend hostnames

* Route the backend server with a certresolver for automatic TLS certificate provisioning and the frontend without the certresolver set. * Plain text is kept responding to all hosts.
SUSE · Feb 26, 2025 · cf74f3c · cf74f3c
1 parent dc52db7
commit cf74f3c
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/docker-compose.override.yml b/docker-compose.override.yml
@@ -28,13 +28,16 @@ services:
       - 8000:8080
     labels:
       traefik.enable: "true"
-      traefik.http.routers.frontend.rule: "Host(`${NETBOX_HOSTNAME}`)"
+      traefik.http.routers.frontend.rule: "Host(`${NETBOX_FRONTEND_HOST}`) || Host(`${NETBOX_BACKEND_HOST}`)"
       traefik.http.routers.frontend.entrypoints: web
       traefik.http.routers.frontend.middlewares: https_redirect
-      traefik.http.routers.frontendtls.rule: "Host(`${NETBOX_HOSTNAME}`)"
+      traefik.http.routers.backendtls.rule: "Host(`${NETBOX_BACKEND_HOST}`)"
+      traefik.http.routers.backendtls.entrypoints: websecure
+      traefik.http.routers.backendtls.tls: true
+      traefik.http.routers.backendtls.tls.certresolver: myresolver
+      traefik.http.routers.frontendtls.rule: "Host(`${NETBOX_FRONTEND_HOST}`)"
       traefik.http.routers.frontendtls.entrypoints: websecure
       traefik.http.routers.frontendtls.tls: true
-      traefik.http.routers.frontendtls.tls.certresolver: myresolver
       traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
       traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
       traefik.http.services.frontend.loadbalancer.server.port: 8080
@@ -52,7 +55,7 @@ services:
         - CMD
         - curl
         - "-f"
-        - http://localhost:8080/api/status/?format=json
+        - http://127.0.0.1:8080/api/status/?format=json
   netbox-worker:
     env_file: /etc/opt/netbox-docker/netbox.env
     image: netbox:${TAG}

diff --git a/env/netbox.env b/env/netbox.env
@@ -32,3 +32,5 @@ RELEASE_CHECK_URL=https://api.github.com/repos/netbox-community/netbox/releases
 SECRET_KEY='r(m)9nLGnz$(_q3N4z1k(EFsMCjjjzx08x9VhNVcfd%6RF#r!6DE@+V5Zk2X'
 SKIP_SUPERUSER=true
 WEBHOOKS_ENABLED=true
+NETBOX_FRONTEND_HOST=netbox-front.localhost
+NETBOX_BACKEND_HOST=netbox-back.localhost