2020-02-02 21:10:29 +00:00
|
|
|
entryPoints:
|
|
|
|
|
web:
|
2020-06-18 20:49:12 +01:00
|
|
|
address: :80
|
2021-03-27 23:34:34 +00:00
|
|
|
http:
|
2021-04-06 11:56:05 +01:00
|
|
|
redirections:
|
|
|
|
|
entryPoint:
|
|
|
|
|
to: web-secure
|
|
|
|
|
scheme: https
|
2020-02-02 21:10:29 +00:00
|
|
|
proxyProtocol:
|
|
|
|
|
trustedIPs:
|
2021-01-31 12:46:43 +00:00
|
|
|
- "{{ wireguard.cidr }}"
|
|
|
|
|
- "{{ pve_hosts.internal_cidr }}"
|
|
|
|
|
- "{{ nebula.cidr }}"
|
2024-02-07 18:21:16 +00:00
|
|
|
- "{{ tailscale_cidr }}"
|
2020-02-02 21:10:29 +00:00
|
|
|
web-secure:
|
2020-06-18 20:49:12 +01:00
|
|
|
address: :443
|
2021-03-27 23:34:34 +00:00
|
|
|
http:
|
|
|
|
|
middlewares:
|
2021-04-18 22:19:24 +01:00
|
|
|
- floc-block@file
|
2021-09-19 22:48:48 +01:00
|
|
|
- compress@file
|
2021-10-18 21:59:10 +01:00
|
|
|
tls:
|
|
|
|
|
certresolver: le
|
|
|
|
|
domains:
|
|
|
|
|
- main: theorangeone.net
|
|
|
|
|
sans: "*.theorangeone.net"
|
|
|
|
|
- main: jakehoward.tech
|
|
|
|
|
sans: "*.jakehoward.tech"
|
2023-10-01 16:25:20 +01:00
|
|
|
{% if traefik_provider_dokku %}
|
|
|
|
|
- main: d.theorangeone.net
|
|
|
|
|
sans: "*.d.theorangeone.net"
|
|
|
|
|
{% endif %}
|
2020-02-02 21:10:29 +00:00
|
|
|
proxyProtocol:
|
|
|
|
|
trustedIPs:
|
2024-02-21 21:42:16 +00:00
|
|
|
- "{{ pve_hosts.ingress.ip }}/32"
|
|
|
|
|
forwardedHeaders:
|
|
|
|
|
trustedIPs:
|
|
|
|
|
- "{{ wireguard.server.ip }}/32" # This is obtained from the connecting `proxy_protocol`
|
2020-07-12 19:29:18 +01:00
|
|
|
traefik:
|
2022-01-15 23:44:06 +00:00
|
|
|
address: :8080
|
2020-02-02 21:10:29 +00:00
|
|
|
|
2020-04-25 12:15:28 +01:00
|
|
|
ping: {}
|
2020-02-02 21:10:29 +00:00
|
|
|
|
|
|
|
|
providers:
|
|
|
|
|
docker:
|
2022-01-15 23:44:06 +00:00
|
|
|
endpoint: tcp://docker_proxy:2375
|
2020-02-02 21:10:29 +00:00
|
|
|
watch: true
|
|
|
|
|
exposedByDefault: false
|
2022-01-15 23:44:06 +00:00
|
|
|
network: traefik
|
2020-02-02 21:10:29 +00:00
|
|
|
file:
|
2020-12-22 15:53:03 +00:00
|
|
|
directory: /etc/traefik/conf
|
2020-02-02 21:10:29 +00:00
|
|
|
|
|
|
|
|
api:
|
|
|
|
|
dashboard: true
|
2020-04-25 12:15:28 +01:00
|
|
|
insecure: true
|
2020-02-02 21:10:29 +00:00
|
|
|
|
|
|
|
|
certificatesResolvers:
|
|
|
|
|
le:
|
|
|
|
|
acme:
|
2023-12-14 22:03:23 +00:00
|
|
|
email: "{{ vault_letsencrypt_email }}"
|
2020-03-25 21:27:15 +00:00
|
|
|
storage: /etc/traefik/acme.json
|
2020-09-05 18:27:04 +01:00
|
|
|
dnsChallenge:
|
|
|
|
|
provider: cloudflare
|
2020-09-05 20:33:57 +01:00
|
|
|
delayBeforeCheck: 0
|
|
|
|
|
resolvers:
|
|
|
|
|
- 1.1.1.1:53
|
|
|
|
|
- 1.0.0.1:53
|
2020-05-24 19:21:17 +01:00
|
|
|
|
2023-04-23 20:26:37 +01:00
|
|
|
gandi:
|
|
|
|
|
acme:
|
2023-12-14 22:03:23 +00:00
|
|
|
email: "{{ vault_letsencrypt_email }}"
|
2023-04-23 20:26:37 +01:00
|
|
|
storage: /etc/traefik/acme.json
|
|
|
|
|
dnsChallenge:
|
2023-07-17 14:58:26 +01:00
|
|
|
provider: gandiv5
|
2023-04-23 20:26:37 +01:00
|
|
|
delayBeforeCheck: 0
|
|
|
|
|
resolvers:
|
|
|
|
|
- 1.1.1.1:53
|
|
|
|
|
- 1.0.0.1:53
|
|
|
|
|
|
2020-05-24 19:21:17 +01:00
|
|
|
serversTransport:
|
|
|
|
|
insecureSkipVerify: true
|
2020-08-30 15:58:03 +01:00
|
|
|
|
|
|
|
|
metrics:
|
2021-03-04 16:26:55 +00:00
|
|
|
prometheus:
|
|
|
|
|
entryPoint: traefik
|
2020-09-27 12:36:49 +01:00
|
|
|
|
|
|
|
|
tls:
|
|
|
|
|
options:
|
|
|
|
|
default:
|
|
|
|
|
minVersion: VersionTLS12
|
2021-03-24 23:14:01 +00:00
|
|
|
|
|
|
|
|
pilot:
|
|
|
|
|
dashboard: false
|
2021-03-28 13:05:31 +01:00
|
|
|
|
|
|
|
|
accessLog:
|
|
|
|
|
filePath: "/var/log/traefik/access.log"
|
|
|
|
|
filters:
|
|
|
|
|
statusCodes:
|
|
|
|
|
- "400-600"
|
