infrastructure/ansible/roles/traefik/files/traefik.yml

95 lines
1.8 KiB
YAML
Raw Normal View History

2020-02-02 21:10:29 +00:00
entryPoints:
web:
2020-06-18 20:49:12 +01:00
address: :80
http:
redirections:
entryPoint:
to: web-secure
scheme: https
2020-02-02 21:10:29 +00:00
proxyProtocol:
trustedIPs:
- "{{ wireguard.cidr }}"
- "{{ pve_hosts.internal_cidr }}"
- "{{ nebula.cidr }}"
2024-02-07 18:21:16 +00:00
- "{{ tailscale_cidr }}"
2020-02-02 21:10:29 +00:00
web-secure:
2020-06-18 20:49:12 +01:00
address: :443
http:
middlewares:
- floc-block@file
- compress@file
2021-10-18 21:59:10 +01:00
tls:
certresolver: le
domains:
- main: theorangeone.net
sans: "*.theorangeone.net"
- main: jakehoward.tech
sans: "*.jakehoward.tech"
2020-02-02 21:10:29 +00:00
proxyProtocol:
trustedIPs:
2024-02-21 21:42:16 +00:00
- "{{ pve_hosts.ingress.ip }}/32"
forwardedHeaders:
trustedIPs:
- "{{ wireguard.server.ip }}/32" # This is obtained from the connecting `proxy_protocol`
traefik:
address: :8080
2020-02-02 21:10:29 +00:00
2020-04-25 12:15:28 +01:00
ping: {}
2020-02-02 21:10:29 +00:00
providers:
docker:
endpoint: tcp://docker_proxy:2375
2020-02-02 21:10:29 +00:00
watch: true
exposedByDefault: false
network: traefik
2020-02-02 21:10:29 +00:00
file:
directory: /etc/traefik/conf
2020-02-02 21:10:29 +00:00
api:
dashboard: true
2020-04-25 12:15:28 +01:00
insecure: true
2020-02-02 21:10:29 +00:00
certificatesResolvers:
le:
acme:
email: "{{ vault_letsencrypt_email }}"
2020-03-25 21:27:15 +00:00
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
2020-09-05 20:33:57 +01:00
delayBeforeCheck: 0
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
gandi:
acme:
email: "{{ vault_letsencrypt_email }}"
storage: /etc/traefik/acme.json
dnsChallenge:
2023-07-17 14:58:26 +01:00
provider: gandiv5
delayBeforeCheck: 0
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
serversTransport:
insecureSkipVerify: true
2020-08-30 15:58:03 +01:00
metrics:
prometheus:
entryPoint: traefik
2020-09-27 12:36:49 +01:00
tls:
options:
default:
minVersion: VersionTLS12
2021-03-24 23:14:01 +00:00
pilot:
dashboard: false
accessLog:
filePath: "/var/log/traefik/access.log"
filters:
statusCodes:
- "400-600"