From 6df03d68ad9ec426d874a3f822964f0b7a714d53 Mon Sep 17 00:00:00 2001
From: Christopher Bisset <chris@gurucomputing.com.au>
Date: Mon, 8 Aug 2022 12:47:06 +1000
Subject: [PATCH] added additional documentation

---
 Caddyfile                      | 20 ++++++-------
 README.md                      | 53 +++++++++++++++++++---------------
 documentation/configuration.md | 50 ++++++++++++++++++++++++++++++++
 3 files changed, 89 insertions(+), 34 deletions(-)
 create mode 100644 documentation/configuration.md

diff --git a/Caddyfile b/Caddyfile
index f84fa89..4e17858 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -1,13 +1,13 @@
 {
-  skip_install_trust
+	skip_install_trust
 }
 :443 {
-  redir / /web
-  uri strip_prefix /web
-  tls internal {
-    on_demand
-  }
-  file_server {
-    root ./build
-  }
-}
\ No newline at end of file
+	redir / /web
+	uri strip_prefix /web
+	tls internal {
+		on_demand
+	}
+	file_server {
+		root ./build
+	}
+}
diff --git a/README.md b/README.md
index 6e4b12b..b1d7f45 100644
--- a/README.md
+++ b/README.md
@@ -51,41 +51,46 @@ https://hs.yourdomain.com.au {
 	reverse_proxy * http://headscale:8080
 }
 
+
 ```
 
 ### Cross Domain Installation
 If you do not want to configure headscale-ui on the same subdomain as headscale, you must intercept headscale traffic via your reverse proxy to fix CORS (see https://github.com/juanfont/headscale/issues/623). Here is an example fix with Caddy, replacing your headscale UI domain with `hs-ui.yourdomain.com.au`:
 ```
-hs.yourdomain.com.au {
-  @hs-options {
-    host hs.yourdomain.com.au
-    method OPTIONS
-  }
-  @hs-other {
-    host hs.yourdomain.com.au
-  }
-  handle @hs-options {
-    header {
-      Access-Control-Allow-Origin https://hs-ui.yourdomain.au
-      Access-Control-Allow-Headers *
-      Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE"
-    }
-    respond 204
-  }
-  handle @hs-other {
-    reverse_proxy http://headscale:8080 {
-      header_down Access-Control-Allow-Origin https://hs-ui.yourdomain.com.au
-      header_down Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE"
-      header_down Access-Control-Allow-Headers *
-    }
-  }
+https://hs.yourdomain.com.au {
+	@hs-options {
+		host hs.yourdomain.com.au
+		method OPTIONS
+	}
+	@hs-other {
+		host hs.yourdomain.com.au
+	}
+	handle @hs-options {
+		header {
+			Access-Control-Allow-Origin https://hs-ui.yourdomain.au
+			Access-Control-Allow-Headers *
+			Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE"
+		}
+		respond 204
+	}
+	handle @hs-other {
+		reverse_proxy http://headscale:8080 {
+			header_down Access-Control-Allow-Origin https://hs-ui.yourdomain.com.au
+			header_down Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE"
+			header_down Access-Control-Allow-Headers *
+		}
+	}
 }
+
 ```
 
+### Other Configurations
+See [Other Configurations](/documentation/configuration.md) for further proxy examples, such as Traefik
+
 ## Development
 see [development](/documentation/development.md) for details
 
-### Style Guide
+## Style Guide
 see [style](/documentation/style.md) for details
 
 ## Architecture
diff --git a/documentation/configuration.md b/documentation/configuration.md
new file mode 100644
index 0000000..eebbe41
--- /dev/null
+++ b/documentation/configuration.md
@@ -0,0 +1,50 @@
+## Traefik Configuration
+(Thanks @DennisGaida)
+```yaml
+  headscale:
+    image: headscale/headscale:latest
+    container_name: headscale
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+    command: headscale serve
+    volumes:
+      - $DOCKERDIR/headscale/config:/etc/headscale
+    labels:
+      - "traefik.enable=true"
+      ## HTTP Routers
+      - "traefik.http.routers.headscale-rtr.entrypoints=https"
+      - "traefik.http.routers.headscale-rtr.rule=Host(`hs.${DOMAIN_PUBLIC}`)"
+      ## Middlewares
+      - "traefik.http.routers.headscale-rtr.middlewares=chain-no-auth@file"
+      ## HTTP Services
+      - "traefik.http.routers.headscale-rtr.service=headscale-svc"
+      - "traefik.http.services.headscale-svc.loadbalancer.server.port=8080"
+
+  headscale-ui:
+    image: ghcr.io/gurucomputing/headscale-ui:latest
+    container_name: headscale-ui
+    restart: unless-stopped
+    networks:
+      - traefik_proxy
+    labels:
+      - "traefik.enable=true"
+      ## HTTP Routers
+      - "traefik.http.routers.headscale_ui-rtr.entrypoints=https"
+      - "traefik.http.routers.headscale_ui-rtr.rule=Host(`hs.${DOMAIN_PUBLIC}`) && PathPrefix(`/web`)"
+      ## Middlewares
+      - "traefik.http.routers.headscale_ui-rtr.middlewares=chain-no-auth@file"
+      ## HTTP Services
+      - "traefik.http.routers.headscale_ui-rtr.service=headscale_ui-svc"
+      - "traefik.http.services.headscale_ui-svc.loadbalancer.server.port=443"
+      - "traefik.http.services.headscale_ui-svc.loadbalancer.server.scheme=https"
+      - "traefik.http.services.headscale_ui-svc.loadbalancer.serversTransport=disableSSLCheck@file"
+```
+
+and `traefik.yaml`
+```yaml
+http:
+  serversTransports:
+    disableSSLCheck:
+      insecureSkipVerify: true
+```
\ No newline at end of file