entryPoints: web: address: :80 http: redirections: entryPoint: to: web-secure scheme: https proxyProtocol: trustedIPs: - "{{ wireguard.cidr }}" - "{{ pve_hosts.internal_cidr }}" - "{{ nebula.cidr }}" web-secure: address: :443 http: middlewares: - floc-block@file - compress@file tls: certresolver: le domains: - main: theorangeone.net sans: "*.theorangeone.net" - main: jakehoward.tech sans: "*.jakehoward.tech" - main: 0rng.one sans: "*.0rng.one" proxyProtocol: trustedIPs: - "{{ wireguard.cidr }}" - "{{ pve_hosts.internal_cidr }}" - "{{ nebula.cidr }}" traefik: address: "{{ private_ip }}:8080" ping: {} providers: docker: endpoint: unix:///var/run/docker.sock watch: true exposedByDefault: false file: directory: /etc/traefik/conf {% if with_traefik_pages %} http: endpoint: - "http://{{ traefik_pages_password }}@127.0.0.1:5000/.traefik-pages/provider" {% endif %} api: dashboard: true insecure: true certificatesResolvers: le: acme: email: "{{ letsencrypt_email }}" storage: /etc/traefik/acme.json dnsChallenge: provider: cloudflare delayBeforeCheck: 0 resolvers: - 1.1.1.1:53 - 1.0.0.1:53 serversTransport: insecureSkipVerify: true metrics: prometheus: entryPoint: traefik tls: options: default: minVersion: VersionTLS12 pilot: dashboard: false accessLog: filePath: "/var/log/traefik/access.log" filters: statusCodes: - "400-600"