Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds support for .deb package builder in Traefik #10713

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Adds support for .deb package builder in Traefik #10713

wants to merge 1 commit into from

Conversation

robertoberto
Copy link

Implements a Dockerfile and adjusts the Makefile for automated .deb package building in Traefik

This commit introduces a Dockerfile configured for Ubuntu 24, enhancing the environment setup and handling of environment variables for the automated construction of .deb packages. Significant improvements and additions include:

  • Integration of logrotate to manage log files.
  • Provision of a traefik.yml example that redirects traffic from port 80 to 8000.
  • Installation instructions for setting up Traefik as a standalone service on Ubuntu without Docker.
  • Implementation of a systemd service configuration for robust service management, featuring:
    • Running as user www-data to enhance security.
    • AmbientCapabilities=CAP_NET_BIND_SERVICE to allow binding to well-known ports without elevated privileges.
    • Restart=always to ensure the service restarts automatically if it crashes.
    • Enhanced filesystem and service isolation with ProtectSystem=strict, PrivateTmp=true, ProtectHome=true, PrivateDevices=true, ProtectKernelTunables=true, ProtectControlGroups=true.
    • Specified ReadWritePaths=/etc/traefik/acme.json /var/log/traefik/ to restrict read-write permissions to essential paths.
  • Configuration to run Traefik under the www-data user for improved security and compliance.

These enhancements are aimed at solidifying Traefik's deployment as a secure and reliable reverse proxy and load balancer on Ubuntu systems.

Can be enhanced to support other debian and ubuntu releases.

@robertoberto robertoberto mentioned this pull request May 11, 2024
Open
2 tasks
@ldez
Copy link
Member

ldez commented May 11, 2024

Hello,

Due to the maintenance, I think it would be better to use a dedicated repository inside the contributor organization https://github.com/traefik-contrib

The organization already has the Snap https://github.com/traefik-contrib/traefik-snap

@robertoberto if you agree, I will set up a repository and invite you to this organization.

@robertoberto
Copy link
Author

robertoberto commented May 12, 2024 via email

@ldez
Copy link
Member

ldez commented May 12, 2024
edited

traefik-repos is too generic, I created https://github.com/traefik-contrib/traefik-apt

I sent you an invitation.

@ldez
Copy link
Member

ldez commented May 12, 2024

We can continue the discussion here if you want

@robertoberto
Copy link
Author

robertoberto commented May 12, 2024 via email

@ldez
Copy link
Member

ldez commented May 12, 2024

The packages builder is now inside https://github.com/traefik-contrib/traefik-apt

So we can close this PR.

Thank you @robertoberto

@ldez ldez closed this May 12, 2024
@emilevauge
Copy link
Member

Hello @robertoberto & @ldez, we need to discuss this topic with the maintainers team as the https://github.com/traefik-contrib organization isn't offially maintained by the project team.
We will get back to you ASAP.

@emilevauge emilevauge reopened this May 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
size/L status/0-needs-triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@robertoberto @ldez @emilevauge @traefiker @bertogravscale