From 3ffe0095fbe9c3332ae21d02a464750ae211e939 Mon Sep 17 00:00:00 2001
From: Cameron Clough <cameronjclough@gmail.com>
Date: Thu, 14 Apr 2022 13:54:17 +0100
Subject: [PATCH] traefik: disable insecure mode, re-add ip allowlist

---
 environment/uat/docker-compose.yml   | 3 +++
 environment/uat/traefik/traefik.toml | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/environment/uat/docker-compose.yml b/environment/uat/docker-compose.yml
index dc94121..e38244c 100644
--- a/environment/uat/docker-compose.yml
+++ b/environment/uat/docker-compose.yml
@@ -20,6 +20,9 @@ services:
       - "traefik.http.routers.dashboard.rule=Host(`localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
       - "traefik.http.routers.dashboard.entrypoints=dashboard"
       - "traefik.http.routers.dashboard.service=api@internal"
+      # Secure the dashboard with IPWhiteList middleware
+      - "traefik.http.routers.dashboard.middlewares=dashboard-allowlist@docker"
+      - "traefik.http.middlewares.dashboard-allowlist.ipwhitelist.sourcerange=127.0.0.1/32,172.16.0.0/12"
 
   # PostgreSQL database
   db:
diff --git a/environment/uat/traefik/traefik.toml b/environment/uat/traefik/traefik.toml
index dab7965..c953af2 100644
--- a/environment/uat/traefik/traefik.toml
+++ b/environment/uat/traefik/traefik.toml
@@ -3,7 +3,6 @@
 
 [api]
   dashboard = true
-  insecure = true
 
 [log]
   level = "INFO"