From 3863c9f8ef225e37c911016ac27dea0b0fada170 Mon Sep 17 00:00:00 2001 From: chris Date: Sun, 18 Jan 2026 13:59:32 +0000 Subject: [PATCH] updated traefik config --- .env | 1 + docker-compose.yml | 2 +- services/.env | 1 + services/traefik/config/config.yml | 50 ++++++++++++++--------------- services/traefik/config/traefik.yml | 13 +++----- services/traefik/traefik.yml | 4 +-- 6 files changed, 34 insertions(+), 37 deletions(-) diff --git a/.env b/.env index 731e2e6..80edbdd 100644 --- a/.env +++ b/.env @@ -18,6 +18,7 @@ PGID=1000 SECOND_LEVEL_DOMAIN=crescentec TOP_LEVEL_DOMAIN=ch LOCAL_DOMAIN=crescentec.lan +LOCAL_VPS_DOMAIN=crescentec-vps.lan PUBLIC_DOMAIN=crescentec.ch # Personal info diff --git a/docker-compose.yml b/docker-compose.yml index e4c4b9c..47886a8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ include: - ${SERVICE_PATH}/caddy/caddy.yml - ${SERVICE_PATH}/crowdsec/crowdsec.yml - ${SERVICE_PATH}/headscale/headscale.yml - # - ${SERVICE_PATH}/traefik/traefik.yml + - ${SERVICE_PATH}/traefik/traefik.yml env_file: ${SERVICE_PATH}/.env networks: diff --git a/services/.env b/services/.env index e69de29..7e7463d 100644 --- a/services/.env +++ b/services/.env @@ -0,0 +1 @@ +CROWDSEC_API_KEY=8lbUZjrGQp9JZln2pa5G1SCj0Fc8f9SaZUwqLm+6ZJQ diff --git a/services/traefik/config/config.yml b/services/traefik/config/config.yml index 9cba958..5d7503f 100644 --- a/services/traefik/config/config.yml +++ b/services/traefik/config/config.yml @@ -29,8 +29,8 @@ http: routers: authelia: rule: "Host(`auth.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" - service: node - entryPoints: https + service: node + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -38,7 +38,7 @@ http: audiobookshelf: rule: "Host(`audiobookshelf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -46,7 +46,7 @@ http: gitea: rule: "Host(`gitea.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -54,7 +54,7 @@ http: headscale: rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -62,15 +62,15 @@ http: immich: rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file lldap: - rule: "Host(`lldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" + rule: "Host(`ldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -78,7 +78,7 @@ http: linkwarden: rule: "Host(`linkwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -86,7 +86,7 @@ http: mealie: rule: "Host(`mealie.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -94,7 +94,7 @@ http: navidrome: rule: "Host(`navidrome.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -102,7 +102,7 @@ http: ntfy: rule: "Host(`ntfy.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -110,7 +110,7 @@ http: paperless: rule: "Host(`paperless.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -118,7 +118,7 @@ http: pdf: rule: "Host(`pdf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -126,7 +126,7 @@ http: radicale: rule: "Host(`radicale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -134,23 +134,23 @@ http: rss: rule: "Host(`rss.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file - superset: - rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" - service: node - entryPoints: https - tls: - certresolver: myresolver - middlewares: crowdsec-bouncer@file + # superset: + # rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" + # service: node + # entryPoints: http,https + # tls: + # certresolver: myresolver + # middlewares: crowdsec-bouncer@file vaultwarden: rule: "Host(`vaultwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file @@ -158,7 +158,7 @@ http: vikunja: rule: "Host(`vikunja.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" service: node - entryPoints: https + entryPoints: http,https tls: certresolver: myresolver middlewares: crowdsec-bouncer@file diff --git a/services/traefik/config/traefik.yml b/services/traefik/config/traefik.yml index 7bddb8c..fb79e2c 100644 --- a/services/traefik/config/traefik.yml +++ b/services/traefik/config/traefik.yml @@ -32,12 +32,6 @@ entryPoints: - "10.0.0.0/8" - "192.168.178.0/16" - "2a07:600:200:1::/64" - http: - redirections: # HTTPS redirection (80 to 443) - entryPoint: - to: "https" # The target element - scheme: "https" # The redirection target scheme - permanent: true # The target element https: address: "[::]:443" # Create the HTTPS entrypoint on port 443 @@ -57,11 +51,12 @@ entryPoints: certificatesResolvers: myresolver: acme: - email: chris.windler@crescentec.ch - storage: acme.json + email: chris.windler@crescentec.ch + storage: letsencrypt/acme.json + # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" httpChallenge: # used during the challenge - entryPoint: http + entryPoint: http providers: docker: diff --git a/services/traefik/traefik.yml b/services/traefik/traefik.yml index 9969069..cf08c7d 100644 --- a/services/traefik/traefik.yml +++ b/services/traefik/traefik.yml @@ -16,7 +16,7 @@ services: TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP} TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY} - INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN} + # INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN} volumes: - "/var/log/traefik/:/var/log/traefik/" - "/var/run/docker.sock:/var/run/docker.sock:ro" @@ -29,7 +29,7 @@ services: # Traefik - "traefik.enable=true" - "traefik.http.routers.traefik.service=api@internal" - - "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_DOMAIN}`)" + - "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_VPS_DOMAIN}`)" - "traefik.http.routers.traefik.entrypoints=https" - "traefik.http.routers.traefik.tls=true"