init

docs/traefik.md

@@ -0,0 +1,43 @@
+# Traefik
+
+**Purpose:** Reverse proxy and TLS termination for all homelab services.
+
+| Property       | Value              |
+| -------------- | ------------------ |
+| Status         | Running            |
+| Image          | `traefik:v3.6`     |
+| Ports          | `80:80`, `443:443` |
+| Created by     | jens               |
+| Restart policy | `unless-stopped`   |
+| Compose file   | [`../services/traefik/docker-compose.yml`](../services/traefik/docker-compose.yml) |
+
+---
+
+## Configuration
+
+- HTTP (port 80) → automatically redirects to HTTPS
+- HTTPS (port 443) → TLS termination via Let's Encrypt
+- TLS wildcard certificate for `*.home.jens.pub` and `home.jens.pub`
+- Certificate resolver: **Let's Encrypt** via **DNS-01 challenge** (Namecheap provider)
+- DNS resolvers used for challenge: `1.1.1.1`, `8.8.8.8`
+- Docker provider: auto-discovers containers via socket (opt-in with `traefik.enable=true`)
+- Dashboard: enabled, exposed at `traefik.home.jens.pub` (secured, no insecure mode)
+
+## Environment Variables (sensitive)
+
+| Variable              | Description                             |
+| --------------------- | --------------------------------------- |
+| `NAMECHEAP_API_USER`  | Namecheap account username              |
+| `NAMECHEAP_API_KEY`   | Namecheap API key for DNS challenge     |
+| `NAMECHEAP_SOURCE_IP` | Whitelisted IP for Namecheap API access |
+
+## Volumes
+
+| Volume                 | Mount                                       |
+| ---------------------- | ------------------------------------------- |
+| `/var/run/docker.sock` | `:ro` — Docker socket for service discovery |
+| `traefik_acme`         | `/acme` — Let's Encrypt certificate storage |
+
+## Networks
+
+- `proxy` (external)