infrastructure/ansible/roles/traefik/files/traefik.yml
Jake Howard 6973fb536f
Add fail2ban for traefik
Remote action coming soon
2021-03-28 13:05:38 +01:00

85 lines
1.6 KiB
YAML

entryPoints:
web:
address: :80
http:
middlewares:
- tls-redirect@file
proxyProtocol:
trustedIPs:
- "{{ wireguard.cidr }}"
- "{{ pve_hosts.internal_cidr }}"
- "{{ nebula.cidr }}"
web-secure:
address: :443
http:
middlewares:
- tls-redirect@file
proxyProtocol:
trustedIPs:
- "{{ wireguard.cidr }}"
- "{{ pve_hosts.internal_cidr }}"
- "{{ nebula.cidr }}"
matrix:
address: :8448
http:
middlewares:
- tls-redirect@file
proxyProtocol:
trustedIPs:
- "{{ wireguard.cidr }}"
- "{{ pve_hosts.internal_cidr }}"
- "{{ nebula.cidr }}"
traefik:
address: "{{ private_ip }}:8080"
ping: {}
providers:
docker:
endpoint: unix:///var/run/docker.sock
watch: true
exposedByDefault: false
file:
directory: /etc/traefik/conf
{% if with_traefik_pages %}
http:
endpoint:
- "http://{{ traefik_pages_password }}@127.0.0.1:5000/.traefik-pages/provider"
{% endif %}
api:
dashboard: true
insecure: true
certificatesResolvers:
le:
acme:
email: "{{ letsencrypt_email }}"
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 0
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
serversTransport:
insecureSkipVerify: true
metrics:
prometheus:
entryPoint: traefik
tls:
options:
default:
minVersion: VersionTLS12
pilot:
dashboard: false
accessLog:
filePath: "/var/log/traefik/access.log"
filters:
statusCodes:
- "400-600"