From a0cb7643edfd43cb5cdc877f32eccef82d02cc20 Mon Sep 17 00:00:00 2001
From: Dongho Kim <dongho@ekstrah.com>
Date: Tue, 2 Dec 2025 14:23:51 +0100
Subject: [PATCH] update

---
 .env.example       | 19 +++++++++++++++++++
 docker-compose.yml |  2 ++
 2 files changed, 21 insertions(+)
 create mode 100644 .env.example

diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..f17a08f
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,19 @@
+# Gluetun VPN Configuration
+# Provider (e.g. airvpn, mullvad, nordvpn, surfshark, etc.)
+VPN_SERVICE_PROVIDER=
+# VPN Type (wireguard or openvpn)
+VPN_TYPE=
+
+# WireGuard Credentials
+WIREGUARD_PRIVATE_KEY=
+WIREGUARD_ADDRESSES=
+
+WIREGUARD_ENDPOINT_IP=
+# WIREGUARD_ENDPOINT_PORT=51820
+WIREGUARD_PUBLIC_KEY=
+WIREGUARD_PRIVATE_KEY=
+WIREGUARD_ADDRESSES=
+
+# Traefik Basic Auth
+# Format: username:hashedpassword (from htpasswd -nB username)
+TRAEFIK_AUTH=
diff --git a/docker-compose.yml b/docker-compose.yml
index fcaa800..ac274c9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -19,10 +19,12 @@ services:
       - traefik.http.middlewares.tidal-redirect.redirectscheme.permanent=true
       - traefik.http.middlewares.tidal-redirect.redirectscheme.scheme=https
       - traefik.http.routers.tidal.middlewares=tidal-redirect
+      - traefik.http.middlewares.tidal-auth.basicauth.users=${TRAEFIK_AUTH}
       - traefik.http.routers.tidal-secure.entrypoints=https
       - traefik.http.routers.tidal-secure.rule=Host(`tidal.dongho.kim`)
       - traefik.http.routers.tidal-secure.tls=true
       - traefik.http.routers.tidal-secure.tls.certresolver=cloudflare
+      - traefik.http.routers.tidal-secure.middlewares=tidal-auth
       - traefik.http.services.tidal-secure-service.loadbalancer.server.port=8080
   web:
     build: .