From 2c3cfbf15922ddfa49d5a0007e04c6c72326e2b9 Mon Sep 17 00:00:00 2001
From: Ognir <tortosaantonio@gmail.com>
Date: Tue, 6 Jan 2026 20:14:49 +0100
Subject: [PATCH] security: blindaje de dashboard con doble factor (muro-seguro
 + auth) y alias de host

---
 traefik/dynamic/dashboard.yml | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/traefik/dynamic/dashboard.yml b/traefik/dynamic/dashboard.yml
index 1004bb7..4e52eaf 100755
--- a/traefik/dynamic/dashboard.yml
+++ b/traefik/dynamic/dashboard.yml
@@ -1,11 +1,16 @@
+# ################################################################# #
+# CONFIGURACIÓN DEL DASHBOARD DE TRAEFIK - ACCESO SEGURO            #
+# ################################################################# #
+
 http:
   routers:
-    api:
+    router-traefik-dash:
       rule: "Host(`traefik.ognir-server.synology.me`) || Host(`ognir-server.synology.me`)"
-      service: api@internal
-      middlewares:
-        - auth-dashboard@file
       entryPoints:
-        - websecure
+        - "websecure"
+      service: "api@internal"
+      middlewares:
+        - "muro-seguro@file"      # Control por IP (Whitelist)
+        - "auth-dashboard@file"   # Control por Usuario (Basic Auth)
       tls:
-        certResolver: letsencrypt
+        certResolver: "letsencrypt"