Skip to content

feat(base): Add infrastructure stack with Traefik, Portainer, Watchtower#326

Open
ljapptest-art wants to merge 1 commit intoillbnm:masterfrom
ljapptest-art:feature/base-stack
Open

feat(base): Add infrastructure stack with Traefik, Portainer, Watchtower#326
ljapptest-art wants to merge 1 commit intoillbnm:masterfrom
ljapptest-art:feature/base-stack

Conversation

@ljapptest-art
Copy link

@ljapptest-art ljapptest-art commented Mar 25, 2026

Implements Issue #1 - Base Infrastructure Stack.

Services

  • Traefik v3.1.6 (reverse proxy + auto HTTPS)
  • Portainer CE 2.21.3 (Docker management UI)
  • Watchtower 1.7.1 (automatic container updates)
  • Socket Proxy 0.2.0 (secure Docker socket)

Features

  • HTTP to HTTPS redirect
  • Let's Encrypt automatic certificates
  • Basic Auth protected dashboard
  • Docker socket isolation (read-only)
  • Daily container updates at 3:00 AM
  • ntfy notifications
  • Health checks for all services

Configuration

  • TLS options with modern ciphers
  • Security headers middleware
  • Rate limiting middleware
  • IP whitelist middleware

Validation

  • ✅ YAML syntax verified
  • ✅ Config files validated
  • ✅ Image versions match Issue requirements

Closes #1

feat(base): Add infrastructure stack with Traefik, Portainer, Watchtower
56681e1 
- Docker Compose with exact versions per Issue illbnm#1:
  - traefik:v3.1.6
  - portainer/portainer-ce:2.21.3
  - containrrr/watchtower:1.7.1
  - tecnativa/docker-socket-proxy:0.2.0

- Services:
  - Traefik: Reverse proxy with automatic HTTPS
  - Portainer: Docker management UI
  - Watchtower: Automatic container updates
  - Socket Proxy: Secure Docker socket access

- Features:
  - HTTP to HTTPS redirect
  - Let's Encrypt automatic certificates
  - Basic Auth protected dashboard
  - Docker socket isolation (read-only)
  - Daily container updates (3:00 AM)
  - ntfy notifications for Watchtower
  - Health checks for all services

- Configuration:
  - TLS options with modern ciphers
  - Security headers middleware
  - Rate limiting middleware
  - IP whitelist middleware

Closes illbnm#1
@ljapptest-art
Copy link
Author

ljapptest-art commented Mar 25, 2026

✅ Test Results

Validation

Test Status
YAML syntax (docker-compose.yml) ✅ Pass
YAML syntax (traefik.yml) ✅ Pass
YAML syntax (tls.yml) ✅ Pass
YAML syntax (middlewares.yml) ✅ Pass

Image Versions (per Issue #1)

Service Required Actual Status
Traefik traefik:v3.1.6 traefik:v3.1.6
Portainer portainer/portainer-ce:2.21.3 portainer/portainer-ce:2.21.3
Watchtower containrrr/watchtower:1.7.1 containrrr/watchtower:1.7.1
Socket Proxy tecnativa/docker-socket-proxy:0.2.0 tecnativa/docker-socket-proxy:0.2.0

Acceptance Criteria

Criteria Status
4 containers configured
Health checks ✅ (4 services)
HTTP → HTTPS redirect
Let's Encrypt support
Basic Auth dashboard
Docker socket isolation
External proxy network

Files

  • stacks/base/docker-compose.yml (212 lines)
  • stacks/base/.env.example (31 lines)
  • stacks/base/README.md (276 lines)
  • config/traefik/traefik.yml (50 lines)
  • config/traefik/dynamic/tls.yml (25 lines)
  • config/traefik/dynamic/middlewares.yml (43 lines)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BOUNTY $180] Base Infrastructure — Traefik + Portainer + Watchtower

1 participant

@ljapptest-art