From 4ca007c80b383ee2ed0167ec036afd47826ab004 Mon Sep 17 00:00:00 2001
From: Cantibra <cantibra@privlab.it>
Date: Thu, 11 Jun 2026 07:15:43 +0200
Subject: [PATCH] 2

---
 .env                                            | 2 +-
 traefik/DEBIAN/postinst                         | 5 ++++-
 traefik/etc/traefik/acme/00-export              | 5 -----
 traefik/etc/traefik/acme/01-changelog           | 4 ++--
 traefik/etc/traefik/traefik.yml                 | 3 +--
 traefik/lib/systemd/system/traefik-acme.service | 2 --
 6 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/.env b/.env
index f8ebbd1..59d5579 100644
--- a/.env
+++ b/.env
@@ -1 +1 @@
-VERSION='3.7.1'
+VERSION='3.7.5'
diff --git a/traefik/DEBIAN/postinst b/traefik/DEBIAN/postinst
index ae89d48..9494d52 100644
--- a/traefik/DEBIAN/postinst
+++ b/traefik/DEBIAN/postinst
@@ -37,7 +37,10 @@ case "${1}" in
     /usr/bin/install --directory --group='traefik' --mode='750' --owner='traefik' '/var/lib/traefik'
     /usr/bin/install --directory --group='traefik' --mode='750' --owner='traefik' '/var/log/traefik'
     /usr/bin/install --directory --group='traefik' --mode='750' --owner='traefik' '/var/logrotate/traefik'
-    /usr/bin/chown --quiet --recursive 'traefik' '/etc/traefik'
+    /usr/bin/chown --quiet --recursive 'traefik' \
+      '/etc/traefik/providers.yml' \
+      '/etc/traefik/traefik.env' \
+      '/etc/traefik/traefik.yml'
     if [ -x '/usr/bin/deb-systemd-invoke' ]; then
       /usr/bin/systemctl --system daemon-reload > '/dev/null' || true
       if [ -n "${2}" ]; then
diff --git a/traefik/etc/traefik/acme/00-export b/traefik/etc/traefik/acme/00-export
index 48215fb..dde14fd 100644
--- a/traefik/etc/traefik/acme/00-export
+++ b/traefik/etc/traefik/acme/00-export
@@ -51,7 +51,6 @@ for RESOLVER in $(/usr/bin/jq --raw-output --exit-status 'keys[]' "${ACME_DATABA
   /usr/bin/echo -e "-----BEGIN RSA PRIVATE KEY-----\n${ACCOUNT}\n-----END RSA PRIVATE KEY-----" | \
     /usr/bin/openssl 'rsa' -inform 'pem' -out "${ACME_STORAGE}/.${RESOLVER}/account.key" &> '/dev/null'
   /usr/bin/chmod '0400' "${ACME_STORAGE}/.${RESOLVER}/account.key"
-  /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/.${RESOLVER}/account.key"
   for DOMAIN in $(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --exit-status '.[$resolver].Certificates[].domain.main' "${ACME_DATABASE}"); do
     CERTIFICATE=$(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --arg domain "${DOMAIN}" --exit-status '.[$resolver].Certificates[] | select (.domain.main == $domain ) | .certificate' "${ACME_DATABASE}")
     KEY=$(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --arg domain "${DOMAIN}" --exit-status '.[$resolver].Certificates[] | select (.domain.main == $domain ) | .key' "${ACME_DATABASE}")
@@ -62,22 +61,18 @@ for RESOLVER in $(/usr/bin/jq --raw-output --exit-status 'keys[]' "${ACME_DATABA
 	      /usr/bin/echo "${CERTIFICATE}" | \
           /usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
         /usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
-        /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
 	      /usr/bin/echo "${KEY}" | \
           /usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
         /usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
-        /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
       ;;
       *ecdsa*)
         /usr/bin/install --directory --group='traefik' --mode='0700' --owner='traefik' "${ACME_STORAGE}/${DOMAIN}/ecc"
 	      /usr/bin/echo "${CERTIFICATE}" | \
           /usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
         /usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
-        /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
 	      /usr/bin/echo "${KEY}" | \
           /usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
         /usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
-        /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
       ;;
     esac
   done
diff --git a/traefik/etc/traefik/acme/01-changelog b/traefik/etc/traefik/acme/01-changelog
index 75dabea..068aa78 100644
--- a/traefik/etc/traefik/acme/01-changelog
+++ b/traefik/etc/traefik/acme/01-changelog
@@ -46,11 +46,11 @@ trap "/usr/bin/rm --force --recursive ${TMP_DIRECTORY}" EXIT
 if [[ ! -f "${ACME_STORAGE_HASH}" ]]; then
   /usr/bin/find "${ACME_STORAGE}" -type f -exec /usr/bin/md5sum {} + > "${ACME_STORAGE_HASH}"
   /usr/bin/chmod 0600 "${ACME_STORAGE_HASH}"
-  /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_HASH}"
+#  /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_HASH}"
   /usr/bin/diff '/dev/null' "${ACME_STORAGE_HASH}" | /usr/bin/grep '^>' | /usr/bin/awk '{print $3}' > "${ACME_STORAGE_CHANGELOG}" || \
     /usr/bin/true
   /usr/bin/chmod 0600 "${ACME_STORAGE_CHANGELOG}"
-  /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_CHANGELOG}"
+#  /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_CHANGELOG}"
   exit 0
 fi
 
diff --git a/traefik/etc/traefik/traefik.yml b/traefik/etc/traefik/traefik.yml
index ea7d34e..35da302 100644
--- a/traefik/etc/traefik/traefik.yml
+++ b/traefik/etc/traefik/traefik.yml
@@ -5,8 +5,7 @@ accessLog:
 
 # - - - - - API - - - - - #
 
-api:
-  disableDashboardAd: true
+api: {}
 
 # - - - - - Certificates Resolver - - - - - #
 
diff --git a/traefik/lib/systemd/system/traefik-acme.service b/traefik/lib/systemd/system/traefik-acme.service
index 580fd03..7599eaa 100644
--- a/traefik/lib/systemd/system/traefik-acme.service
+++ b/traefik/lib/systemd/system/traefik-acme.service
@@ -8,8 +8,6 @@ Type=simple
 EnvironmentFile=/etc/traefik/acme/acme.env
 ExecStartPre=/usr/bin/sleep 3s
 ExecStart=/usr/bin/run-parts --exit-on-error --new-session /etc/traefik/acme
-User=traefik
-Group=traefik
 PrivateDevices=true
 PrivateTmp=true
 ProtectSystem=strict