From 0b92926a4139d7e782b63d9eb9eb37cd27ac0f3b Mon Sep 17 00:00:00 2001 From: chris Date: Wed, 14 Jan 2026 00:38:17 +0000 Subject: [PATCH] traefik config --- services/traefik/config/config.yml | 19 ++++--------------- services/traefik/config/traefik.yml | 15 +++++++++++++++ 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/services/traefik/config/config.yml b/services/traefik/config/config.yml index 6859554..3f46044 100644 --- a/services/traefik/config/config.yml +++ b/services/traefik/config/config.yml @@ -4,7 +4,7 @@ http: # Crowdsec crowdsec-bouncer: plugin: - crowdsec-bouncer-plugin: + crowdsec-bouncer-traefik-plugin: enabled: true logLevel: INFO updateIntervalSeconds: 60 @@ -16,12 +16,12 @@ http: # generated using "docker exec crowdsec cscli bouncers add crowdsecBouncer" crowdseclapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }} forwardedHeadersTrustedIPs: - - 10.0.6.0/24 + - 10.0.0.0/8 clientTrustedIPs: - 192.168.178.0/24 captchaProvider: hcaptcha captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account - captchaSecretKey: ES_9511d34bbec34dada169afad0a36991a + captchaSecretKey: {{ env "TRAEFIK_CAPTCHA_KEY" }} captchaGracePeriodSeconds: 1800 captchaHTMLFilePath: /captcha.html banHTMLFilePath: /ban.html @@ -150,15 +150,4 @@ http: node: loadBalancer: servers: - - url: {{ env TRAEFIK_MAIN_SERVER_NODE_IP }} - -tls: - stores: - default: - defaultCertificate: - certFile: /etc/certs/server.crt - keyFile: /etc/certs/server.key - certificates: - - certFile: /etc/certs/server.crt - keyFile: /etc/certs/server.key - + - url: http://{{ env "TRAEFIK_MAIN_SERVER_NODE_IP" }} diff --git a/services/traefik/config/traefik.yml b/services/traefik/config/traefik.yml index 35c4d1d..7bddb8c 100644 --- a/services/traefik/config/traefik.yml +++ b/services/traefik/config/traefik.yml @@ -54,6 +54,15 @@ entryPoints: - "192.168.178.0/16" - "2a07:600:200:1::/64" +certificatesResolvers: + myresolver: + acme: + email: chris.windler@crescentec.ch + storage: acme.json + httpChallenge: + # used during the challenge + entryPoint: http + providers: docker: endpoint: "unix:///var/run/docker.sock" # Listen to the UNIX Docker socket @@ -65,3 +74,9 @@ providers: metrics: prometheus: {} + +experimental: + plugins: + crowdsec-bouncer-traefik-plugin: + moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin" + version: "v1.5.0-beta1"