chriswin/vps-server
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

updated traefik config

Browse Source
This commit is contained in:
chris
2026-01-18 13:59:32 +00:00
parent a205b280ff
commit 3863c9f8ef
6 changed files with 34 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.env
View File

@@ -18,6 +18,7 @@ PGID=1000
SECOND_LEVEL_DOMAIN=crescentec SECOND_LEVEL_DOMAIN=crescentec
TOP_LEVEL_DOMAIN=ch TOP_LEVEL_DOMAIN=ch
LOCAL_DOMAIN=crescentec.lan LOCAL_DOMAIN=crescentec.lan
LOCAL_VPS_DOMAIN=crescentec-vps.lan
PUBLIC_DOMAIN=crescentec.ch PUBLIC_DOMAIN=crescentec.ch
# Personal info # Personal info

2
docker-compose.yml
View File

@@ -9,7 +9,7 @@ include:
- ${SERVICE_PATH}/caddy/caddy.yml - ${SERVICE_PATH}/caddy/caddy.yml
- ${SERVICE_PATH}/crowdsec/crowdsec.yml - ${SERVICE_PATH}/crowdsec/crowdsec.yml
- ${SERVICE_PATH}/headscale/headscale.yml - ${SERVICE_PATH}/headscale/headscale.yml
# - ${SERVICE_PATH}/traefik/traefik.yml - ${SERVICE_PATH}/traefik/traefik.yml
env_file: ${SERVICE_PATH}/.env env_file: ${SERVICE_PATH}/.env
networks: networks:

1
services/.env
View File

@@ -0,0 +1 @@
CROWDSEC_API_KEY=8lbUZjrGQp9JZln2pa5G1SCj0Fc8f9SaZUwqLm+6ZJQ

48
services/traefik/config/config.yml
View File

@@ -30,7 +30,7 @@ http:
authelia: authelia:
rule: "Host(`auth.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`auth.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -38,7 +38,7 @@ http:
audiobookshelf: audiobookshelf:
rule: "Host(`audiobookshelf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`audiobookshelf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -46,7 +46,7 @@ http:
gitea: gitea:
rule: "Host(`gitea.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`gitea.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -54,7 +54,7 @@ http:
headscale: headscale:
rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`headscale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -62,15 +62,15 @@ http:
immich: immich:
rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`immich.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
lldap: lldap:
rule: "Host(`lldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`ldap.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -78,7 +78,7 @@ http:
linkwarden: linkwarden:
rule: "Host(`linkwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`linkwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -86,7 +86,7 @@ http:
mealie: mealie:
rule: "Host(`mealie.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`mealie.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -94,7 +94,7 @@ http:
navidrome: navidrome:
rule: "Host(`navidrome.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`navidrome.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -102,7 +102,7 @@ http:
ntfy: ntfy:
rule: "Host(`ntfy.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`ntfy.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -110,7 +110,7 @@ http:
paperless: paperless:
rule: "Host(`paperless.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`paperless.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -118,7 +118,7 @@ http:
pdf: pdf:
rule: "Host(`pdf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`pdf.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -126,7 +126,7 @@ http:
radicale: radicale:
rule: "Host(`radicale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`radicale.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -134,23 +134,23 @@ http:
rss: rss:
rule: "Host(`rss.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`rss.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
superset: # superset:
rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" # rule: "Host(`superset.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node # service: node
entryPoints: https # entryPoints: http,https
tls: # tls:
certresolver: myresolver # certresolver: myresolver
middlewares: crowdsec-bouncer@file # middlewares: crowdsec-bouncer@file
vaultwarden: vaultwarden:
rule: "Host(`vaultwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`vaultwarden.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file
@@ -158,7 +158,7 @@ http:
vikunja: vikunja:
rule: "Host(`vikunja.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)" rule: "Host(`vikunja.{{ env "TRAEFIK_PUBLIC_DOMAIN" }}`)"
service: node service: node
entryPoints: https entryPoints: http,https
tls: tls:
certresolver: myresolver certresolver: myresolver
middlewares: crowdsec-bouncer@file middlewares: crowdsec-bouncer@file

9
services/traefik/config/traefik.yml
View File

@@ -32,12 +32,6 @@ entryPoints:
- "10.0.0.0/8" - "10.0.0.0/8"
- "192.168.178.0/16" - "192.168.178.0/16"
- "2a07:600:200:1::/64" - "2a07:600:200:1::/64"
http:
redirections: # HTTPS redirection (80 to 443)
entryPoint:
to: "https" # The target element
scheme: "https" # The redirection target scheme
permanent: true # The target element
https: https:
address: "[::]:443" # Create the HTTPS entrypoint on port 443 address: "[::]:443" # Create the HTTPS entrypoint on port 443
@@ -58,7 +52,8 @@ certificatesResolvers:
myresolver: myresolver:
acme: acme:
email: chris.windler@crescentec.ch email: chris.windler@crescentec.ch
storage: acme.json storage: letsencrypt/acme.json
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
httpChallenge: httpChallenge:
# used during the challenge # used during the challenge
entryPoint: http entryPoint: http

4
services/traefik/traefik.yml
View File

@@ -16,7 +16,7 @@ services:
TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN} TRAEFIK_PUBLIC_DOMAIN: ${PUBLIC_DOMAIN}
TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP} TRAEFIK_MAIN_SERVER_NODE_IP: ${MAIN_SERVER_NODE_IP}
TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY} TRAEFIK_CROWDSEC_API_KEY: ${CROWDSEC_API_KEY}
INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN} # INFOMANIAK_ACCESS_TOKEN: ${INFOMANIAK_CERTIFICATE_ACCESS_TOKEN}
volumes: volumes:
- "/var/log/traefik/:/var/log/traefik/" - "/var/log/traefik/:/var/log/traefik/"
- "/var/run/docker.sock:/var/run/docker.sock:ro" - "/var/run/docker.sock:/var/run/docker.sock:ro"
@@ -29,7 +29,7 @@ services:
# Traefik # Traefik
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.traefik.service=api@internal" - "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_DOMAIN}`)" - "traefik.http.routers.traefik.rule=Host(`traefik.${LOCAL_VPS_DOMAIN}`)"
- "traefik.http.routers.traefik.entrypoints=https" - "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.tls=true" - "traefik.http.routers.traefik.tls=true"