updated traefik config
This commit is contained in:
1
.env
1
.env
@@ -18,6 +18,7 @@ PGID=1000
|
||||
SECOND_LEVEL_DOMAIN=crescentec
|
||||
TOP_LEVEL_DOMAIN=ch
|
||||
LOCAL_DOMAIN=crescentec.lan
|
||||
LOCAL_VPS_DOMAIN=crescentec-vps.lan
|
||||
PUBLIC_DOMAIN=crescentec.ch
|
||||
|
||||
# Personal info
|
||||
|
||||
@@ -9,7 +9,7 @@ include:
|
||||
- ${SERVICE_PATH}/caddy/caddy.yml
|
||||
- ${SERVICE_PATH}/crowdsec/crowdsec.yml
|
||||
- ${SERVICE_PATH}/headscale/headscale.yml
|
||||
# - ${SERVICE_PATH}/traefik/traefik.yml
|
||||
- ${SERVICE_PATH}/traefik/traefik.yml
|
||||
env_file: ${SERVICE_PATH}/.env
|
||||
|
||||
networks:
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
CROWDSEC_API_KEY=8lbUZjrGQp9JZln2pa5G1SCj0Fc8f9SaZUwqLm+6ZJQ
|
||||
|
||||
@@ -29,8 +29,8 @@ http:
|
||||
routers:
|
||||
authelia:
|
||||
rule: "Host(`auth.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
service: node
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -38,7 +38,7 @@ http:
|
||||
audiobookshelf:
|
||||
rule: "Host(`audiobookshelf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -46,7 +46,7 @@ http:
|
||||
gitea:
|
||||
rule: "Host(`gitea.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -54,7 +54,7 @@ http:
|
||||
headscale:
|
||||
rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -62,15 +62,15 @@ http:
|
||||
immich:
|
||||
rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
|
||||
lldap:
|
||||
rule: "Host(`lldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
rule: "Host(`ldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -78,7 +78,7 @@ http:
|
||||
linkwarden:
|
||||
rule: "Host(`linkwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -86,7 +86,7 @@ http:
|
||||
mealie:
|
||||
rule: "Host(`mealie.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -94,7 +94,7 @@ http:
|
||||
navidrome:
|
||||
rule: "Host(`navidrome.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -102,7 +102,7 @@ http:
|
||||
ntfy:
|
||||
rule: "Host(`ntfy.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -110,7 +110,7 @@ http:
|
||||
paperless:
|
||||
rule: "Host(`paperless.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -118,7 +118,7 @@ http:
|
||||
pdf:
|
||||
rule: "Host(`pdf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -126,7 +126,7 @@ http:
|
||||
radicale:
|
||||
rule: "Host(`radicale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -134,23 +134,23 @@ http:
|
||||
rss:
|
||||
rule: "Host(`rss.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
|
||||
superset:
|
||||
rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
# superset:
|
||||
# rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
# service: node
|
||||
# entryPoints: http,https
|
||||
# tls:
|
||||
# certresolver: myresolver
|
||||
# middlewares: crowdsec-bouncer@file
|
||||
|
||||
vaultwarden:
|
||||
rule: "Host(`vaultwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
@@ -158,7 +158,7 @@ http:
|
||||
vikunja:
|
||||
rule: "Host(`vikunja.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
|
||||
service: node
|
||||
entryPoints: https
|
||||
entryPoints: http,https
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
middlewares: crowdsec-bouncer@file
|
||||
|
||||
@@ -32,12 +32,6 @@ entryPoints:
|
||||
- "10.0.0.0/8"
|
||||
- "192.168.178.0/16"
|
||||
- "2a07:600:200:1::/64"
|
||||
http:
|
||||
redirections: # HTTPS redirection (80 to 443)
|
||||
entryPoint:
|
||||
to: "https" # The target element
|
||||
scheme: "https" # The redirection target scheme
|
||||
permanent: true # The target element
|
||||
|
||||
https:
|
||||
address: "[::]:443" # Create the HTTPS entrypoint on port 443
|
||||
@@ -57,11 +51,12 @@ entryPoints:
|
||||
certificatesResolvers:
|
||||
myresolver:
|
||||
acme:
|
||||
email: chris.windler@crescentec.ch
|
||||
storage: acme.json
|
||||
email: chris.windler@crescentec.ch
|
||||
storage: letsencrypt/acme.json
|
||||
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||
httpChallenge:
|
||||
# used during the challenge
|
||||
entryPoint: http
|
||||
entryPoint: http
|
||||
|
||||
providers:
|
||||
docker:
|
||||
|
||||
@@ -16,7 +16,7 @@ services:
|
||||
TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
|
||||
TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP}
|
||||
TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
|
||||
INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN}
|
||||
# INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN}
|
||||
volumes:
|
||||
- "/var/log/traefik/:/var/log/traefik/"
|
||||
- "/var/run/docker.sock:/var/run/docker.sock:ro"
|
||||
@@ -29,7 +29,7 @@ services:
|
||||
# Traefik
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_DOMAIN}`)"
|
||||
- "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_VPS_DOMAIN}`)"
|
||||
- "traefik.http.routers.traefik.entrypoints=https"
|
||||
- "traefik.http.routers.traefik.tls=true"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user