Instead of always using the default web and websecure entrypoints, this request would allow for customizing those on a per role basis to fine tune control over how certain services can be accessed via Traefik.
Example:
Certain services accessible via Tailscale (specific host IP address) or other VPN only and not accessible publicly. In this instance, custom Traefik entrypoint(s) could be defined in the Traefik config for that address only. For services that should have this restriction, the new custom entrypoint(s) would be applied to the Docker labels for the container at run time.
Ideally, there would be the ability to flip the default entrypoints as well. In this scenario, the default entrypoint(s) are as specified in a global variable and role variables could flip them to the default web and websecure if public access is desired.
Instead of always using the default
web
andwebsecure
entrypoints, this request would allow for customizing those on a per role basis to fine tune control over how certain services can be accessed via Traefik.Example: Certain services accessible via Tailscale (specific host IP address) or other VPN only and not accessible publicly. In this instance, custom Traefik entrypoint(s) could be defined in the Traefik config for that address only. For services that should have this restriction, the new custom entrypoint(s) would be applied to the Docker labels for the container at run time.
Ideally, there would be the ability to flip the default entrypoints as well. In this scenario, the default entrypoint(s) are as specified in a global variable and role variables could flip them to the default
web
andwebsecure
if public access is desired.