From ce1abca2cc97a8a703f0e1af92da0233beb5eb71 Mon Sep 17 00:00:00 2001
From: Pierre-Emmanuel Jacquier <pierre-emmanuel.jacquier@exoscale.ch>
Date: Fri, 13 Sep 2019 12:21:30 +0000
Subject: [PATCH] Add https and traefix instructions

Signed-off-by: Pierre-Emmanuel Jacquier <pierre-emmanuel.jacquier@exoscale.ch>
---
 README.md                  | 70 ++++++++++++++++++++++++++++++++++++++
 traefik/docker-compose.yml | 47 +++++++++++++++++++++++++
 traefik/treafik.toml       | 29 ++++++++++++++++
 3 files changed, 146 insertions(+)
 create mode 100644 traefik/docker-compose.yml
 create mode 100644 traefik/treafik.toml

diff --git a/README.md b/README.md
index 47b28ce..dbdb8b3 100644
--- a/README.md
+++ b/README.md
@@ -150,6 +150,76 @@ Or
 % docker-compose up -d
 ```
 
+### TLS - https with traefik
+
+Put files of `./traekik` folder in root repo
+
+
+`docker-compose` sample with traefik:
+```Yaml
+version: "3"
+services:
+  iptv-proxy:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    volumes:
+      # If your are using local m3u file instead of m3u remote file
+      # put your m3u file in this folder
+      - ./iptv:/root/iptv
+    container_name: "iptv-proxy"
+    restart: on-failure
+    exospose:
+      # have to be the same as ENV variable PORT
+      - 443
+    labels:
+      - "traefik.enable=true"
+      - "traefik.frontend.rule=Host:iptv.proxyexample.xyz"
+    environment:
+      # if you are using m3u remote file
+      # M3U_URL: https://example.com/iptvfile.m3u
+      M3U_URL: /root/iptv/iptv.m3u
+      # Port to expose the IPTVs endpoints
+      PORT: 443
+      # Hostname or IP to expose the IPTVs endpoints (for machine not for docker)
+      HOSTNAME: iptv.proxyexample.xyz
+      GIN_MODE: release
+      # Inportant to activate https protocol on proxy links
+      HTTPS: 1
+      ## Xtream-code proxy configuration
+      XTREAM_USER: xtream_user
+      XTREAM_PASSWORD: xtream_password
+      XTREAM_BASE_URL: "http://example.tv:8080"
+      #will be used for m3u and xtream auth poxy
+      USER: test
+      PASSWORD: testpassword
+
+  traefik:
+    restart: unless-stopped
+    image: traefik
+    read_only: true
+    command:  --web
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./acme.json:/acme.json
+      - ./traefik.toml:/traefik.toml
+
+```
+
+Replace `iptv.proxyexample.xyz` in `docker-compose.yml` and `traefik.toml` with your desired domain.
+
+```Shell
+$ touch acme.json && chmod 600 acme.json
+```
+
+
+```Shell
+$ docker-compose up -d
+```
+
 ## TODO
 
 there is unsafe auth just for testing.
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
new file mode 100644
index 0000000..053588b
--- /dev/null
+++ b/traefik/docker-compose.yml
@@ -0,0 +1,47 @@
+version: "3"
+services:
+  iptv-proxy:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    volumes:
+      # If your are using local m3u file instead of m3u remote file
+      # put your m3u file in this folder
+      - ./iptv:/root/iptv
+    container_name: "iptv-proxy"
+    restart: on-failure
+    expose:
+       # have to be the same as ENV variable PORT
+      - 443
+    labels:
+      - "traefik.enable=true"
+      - "traefik.frontend.rule=Host:iptv.proxyexample.com"
+    environment:
+      # if you are using m3u remote file
+      # M3U_URL: https://example.com/iptvfile.m3u
+      M3U_URL: "http://provider.example.tv:25555/get.php?..."
+      # Port to expose the IPTVs endpoints
+      PORT: 443
+      # Hostname or IP to expose the IPTVs endpoints (for machine not for docker)
+      HOSTNAME: iptv.proxyexample.com
+      GIN_MODE: release
+      ## Xtream-code proxy configuration
+      XTREAM_USER: xtream_user
+      XTREAM_PASSWORD: xtream_password
+      XTREAM_BASE_URL: "http://provider.example.tv:8080"
+      HTTPS: 1
+      #will be used for m3u and xtream auth poxy
+      USER: test
+      PASSWORD: testpassword
+  traefik:
+    restart: unless-stopped
+    image: traefik
+    read_only: true
+    command:  --web
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./acme.json:/acme.json
+      - ./traefik.toml:/traefik.toml
\ No newline at end of file
diff --git a/traefik/treafik.toml b/traefik/treafik.toml
new file mode 100644
index 0000000..8f61c71
--- /dev/null
+++ b/traefik/treafik.toml
@@ -0,0 +1,29 @@
+debug = false
+
+logLevel = "ERROR"
+defaultEntryPoints = ["https","http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+  [entryPoints.https.tls]
+
+[retry]
+
+[docker]
+endpoint = "unix:///var/run/docker.sock"
+domain = "iptv.proxyexample.xyz"
+watch = true
+exposedByDefault = false
+
+[acme]
+email = "support@iptv.proxyexample.xyz"
+storage = "acme.json"
+entryPoint = "https"
+onHostRule = true
+[acme.httpChallenge]
+entryPoint = "http"