Jake Howard
33fcf1a9e5
Apparently this has been broken since like March... It seems communication over port 8448 is required for server-to-server comms, even if the client doesn't use it.
77 lines
1.4 KiB
YAML
77 lines
1.4 KiB
YAML
entryPoints:
|
|
web:
|
|
address: :80
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: web-secure
|
|
scheme: https
|
|
proxyProtocol:
|
|
trustedIPs:
|
|
- "{{ wireguard.cidr }}"
|
|
- "{{ pve_hosts.internal_cidr }}"
|
|
- "{{ nebula.cidr }}"
|
|
web-secure:
|
|
address: :443
|
|
http:
|
|
middlewares:
|
|
- floc-block@file
|
|
proxyProtocol:
|
|
trustedIPs:
|
|
- "{{ wireguard.cidr }}"
|
|
- "{{ pve_hosts.internal_cidr }}"
|
|
- "{{ nebula.cidr }}"
|
|
traefik:
|
|
address: "{{ private_ip }}:8080"
|
|
|
|
ping: {}
|
|
|
|
providers:
|
|
docker:
|
|
endpoint: unix:///var/run/docker.sock
|
|
watch: true
|
|
exposedByDefault: false
|
|
file:
|
|
directory: /etc/traefik/conf
|
|
{% if with_traefik_pages %}
|
|
http:
|
|
endpoint:
|
|
- "http://{{ traefik_pages_password }}@127.0.0.1:5000/.traefik-pages/provider"
|
|
{% endif %}
|
|
|
|
api:
|
|
dashboard: true
|
|
insecure: true
|
|
|
|
certificatesResolvers:
|
|
le:
|
|
acme:
|
|
email: "{{ letsencrypt_email }}"
|
|
storage: /etc/traefik/acme.json
|
|
dnsChallenge:
|
|
provider: cloudflare
|
|
delayBeforeCheck: 0
|
|
resolvers:
|
|
- 1.1.1.1:53
|
|
- 1.0.0.1:53
|
|
|
|
serversTransport:
|
|
insecureSkipVerify: true
|
|
|
|
metrics:
|
|
prometheus:
|
|
entryPoint: traefik
|
|
|
|
tls:
|
|
options:
|
|
default:
|
|
minVersion: VersionTLS12
|
|
|
|
pilot:
|
|
dashboard: false
|
|
|
|
accessLog:
|
|
filePath: "/var/log/traefik/access.log"
|
|
filters:
|
|
statusCodes:
|
|
- "400-600"
|