chriswin/vps-server
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

crowdsec and traefik init

Browse Source
This commit is contained in:
chriswin
2026-01-13 23:18:01 +01:00
parent f0a7571682
commit 1e641f9225
8 changed files with 1029 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

164
services/traefik/config/config.yml Normal file
View File

@@ -0,0 +1,164 @@
http:
middlewares:
# Crowdsec
crowdsec-bouncer:
plugin:
crowdsec-bouncer-plugin:
enabled: true
logLevel: INFO
updateIntervalSeconds: 60
crowdsecMode: stream
crowdsecAppsecEnabled: true
crowdsecAppsecHost: crowdsec:7422
crowdsecLapiScheme: http
crowdsecLapiHost: crowdsec:8080
# generated using "docker exec crowdsec cscli bouncers add crowdsecBouncer"
crowdseclapikey: {{ env "TRAEFIK_CROWDSEC_API_KEY" }}
forwardedHeadersTrustedIPs:
- 10.0.6.0/24
clientTrustedIPs:
- 192.168.178.0/24
captchaProvider: hcaptcha
captchaSiteKey: b2d20610-8dda-4f40-8688-7ca8e1e628f8 # found in hcaptcha account
captchaSecretKey: ES_9511d34bbec34dada169afad0a36991a
captchaGracePeriodSeconds: 1800
captchaHTMLFilePath: /captcha.html
banHTMLFilePath: /ban.html
routers:
authelia:
rule: "Host(`auth.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
audiobookshelf:
rule: "Host(`audiobookshelf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
gitea:
rule: "Host(`gitea.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
headscale:
rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
immich:
rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
lldap:
rule: "Host(`lldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
linkwarden:
rule: "Host(`linkwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
mealie:
rule: "Host(`mealie.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
navidrome:
rule: "Host(`navidrome.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
ntfy:
rule: "Host(`ntfy.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
paperless:
rule: "Host(`paperless.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
pdf:
rule: "Host(`pdf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
radicale:
rule: "Host(`radicale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
rss:
rule: "Host(`rss.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
superset:
rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
vaultwarden:
rule: "Host(`vaultwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
vikunja:
rule: "Host(`vikunja.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node
entryPoints: https
tls: {}
middlewares: crowdsec-bouncer@file
services:
node:
loadBalancer:
servers:
- url: {{ env TRAEFIK_MAIN_SERVER_NODE_IP }}
tls:
stores:
default:
defaultCertificate:
certFile: /etc/certs/server.crt
keyFile: /etc/certs/server.key
certificates:
- certFile: /etc/certs/server.crt
keyFile: /etc/certs/server.key