Add traefik configuration under version control
This commit is contained in:
parent
e3e6552b93
commit
c2b1c91163
3 changed files with 124 additions and 4 deletions
|
@ -5,7 +5,7 @@ restart = "unless-stopped"
|
||||||
ports = ["80:80", "443:443/tcp", "443:443/udp"]
|
ports = ["80:80", "443:443/tcp", "443:443/udp"]
|
||||||
environment = [
|
environment = [
|
||||||
"TZ=Europe/Helsinki",
|
"TZ=Europe/Helsinki",
|
||||||
"CF_API_EMAIL",
|
"CF_API_EMAIL=${ADMIN_EMAIL}",
|
||||||
"CF_API_KEY",
|
"CF_API_KEY",
|
||||||
"CF_ZONE_API_TOKEN",
|
"CF_ZONE_API_TOKEN",
|
||||||
"CF_DNS_API_TOKEN",
|
"CF_DNS_API_TOKEN",
|
||||||
|
@ -15,9 +15,8 @@ networks = ["proxy"]
|
||||||
volumes = [
|
volumes = [
|
||||||
"/etc/localtime:/etc/localtime:ro",
|
"/etc/localtime:/etc/localtime:ro",
|
||||||
"/var/run/docker.sock:/var/run/docker.sock:ro",
|
"/var/run/docker.sock:/var/run/docker.sock:ro",
|
||||||
"/docker/traefik/traefik/traefik.toml:/traefik.toml:ro",
|
"./traefik.toml:/traefik.toml:ro",
|
||||||
"/docker/traefik/traefik/dynamic.toml:/dynamic.toml:ro",
|
"./dynamic.toml:/dynamic.toml:ro",
|
||||||
"/docker/traefik/traefik/dashboard-users:/dashboard-users:ro",
|
|
||||||
"/docker/traefik/traefik/acme.json:/acme.json",
|
"/docker/traefik/traefik/acme.json:/acme.json",
|
||||||
"/docker/traefik/traefik/log:/var/log",
|
"/docker/traefik/traefik/log:/var/log",
|
||||||
]
|
]
|
||||||
|
|
80
docker/traefik/dynamic.toml
Normal file
80
docker/traefik/dynamic.toml
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
[http.middlewares.authentik.forwardAuth]
|
||||||
|
address = "http://authentik:9000/outpost.goauthentik.io/auth/traefik"
|
||||||
|
trustForwardHeader = true
|
||||||
|
authResponseHeaders = [
|
||||||
|
"X-authentik-username",
|
||||||
|
"X-authentik-groups",
|
||||||
|
"X-authentik-email",
|
||||||
|
"X-authentik-name",
|
||||||
|
"X-authentik-uid",
|
||||||
|
"X-authentik-jwt",
|
||||||
|
"X-authentik-meta-jwks",
|
||||||
|
"X-authentik-meta-outpost",
|
||||||
|
"X-authentik-meta-provider",
|
||||||
|
"X-authentik-meta-app",
|
||||||
|
"X-authentik-meta-version",
|
||||||
|
]
|
||||||
|
|
||||||
|
[http.middlewares.compress.compress]
|
||||||
|
|
||||||
|
[http.middlewares.http2https.redirectScheme]
|
||||||
|
scheme = "https"
|
||||||
|
permanent = true
|
||||||
|
|
||||||
|
[http.middlewares.secHeaders.headers]
|
||||||
|
browserXssFilter = true
|
||||||
|
contentTypeNosniff = true
|
||||||
|
frameDeny = true
|
||||||
|
sslRedirect = true
|
||||||
|
stsIncludeSubdomains = true
|
||||||
|
stsPreload = true
|
||||||
|
stsSeconds = 31_536_000
|
||||||
|
customFrameOptionsValue = "SAMEORIGIN"
|
||||||
|
referrerPolicy = "strict-origin-when-cross-origin"
|
||||||
|
accesscontrolAllowMethods = ["GET", "OPTIONS", "POST"]
|
||||||
|
accesscontrolAllowOriginList = ["https://korhonen.cc"]
|
||||||
|
accessControlAllowHeaders = [
|
||||||
|
"Accept",
|
||||||
|
"Accept-Encoding",
|
||||||
|
"Accept-Language",
|
||||||
|
"Access-Control-Request-Headers",
|
||||||
|
"Access-Control-Request-Method",
|
||||||
|
"Connection",
|
||||||
|
"Content-Type",
|
||||||
|
"DNT",
|
||||||
|
"Host",
|
||||||
|
"Origin",
|
||||||
|
"Referer",
|
||||||
|
"Sec-Fetch-Dest",
|
||||||
|
"Sec-Fetch-Mode",
|
||||||
|
"Sec-Fetch-Site",
|
||||||
|
"User-Agent",
|
||||||
|
]
|
||||||
|
accesscontrolMaxAge = 100
|
||||||
|
addVaryHeader = true
|
||||||
|
|
||||||
|
[http.middlewares.nextcloud-redirect-dav.redirectRegex]
|
||||||
|
permanent = true
|
||||||
|
regex = "https://(.*)/.well-known/(card|cal)dav"
|
||||||
|
replacement = "https://${1}/remote.php/dav/"
|
||||||
|
|
||||||
|
[http.middlewares.nextcloud-redirect-extra.redirectRegex]
|
||||||
|
permanent = true
|
||||||
|
regex = "https://(.*)/.well-known/(webfinger|nodeinfo)"
|
||||||
|
replacement = "https://${1}/index.php/.well-known/${2}"
|
||||||
|
|
||||||
|
[http.middlewares.www2non-www.redirectregex]
|
||||||
|
permanent = true
|
||||||
|
regex = "^https?://www\\.(.+)"
|
||||||
|
replacement = "https://${1}"
|
||||||
|
|
||||||
|
[tls.options.default]
|
||||||
|
minVersion = "VersionTLS12"
|
||||||
|
cipherSuites = [
|
||||||
|
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||||
|
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||||
|
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
|
||||||
|
]
|
||||||
|
|
||||||
|
[tls.options.mintls13]
|
||||||
|
minVersion = "VersionTLS13"
|
41
docker/traefik/traefik.toml
Normal file
41
docker/traefik/traefik.toml
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
[experimental]
|
||||||
|
http3 = true
|
||||||
|
|
||||||
|
[api]
|
||||||
|
dashboard = true
|
||||||
|
|
||||||
|
[entryPoints.http]
|
||||||
|
address = ":80"
|
||||||
|
|
||||||
|
[entryPoints.https]
|
||||||
|
address = ":443"
|
||||||
|
|
||||||
|
[entryPoints.https.http3]
|
||||||
|
|
||||||
|
[entryPoints.https.http.tls]
|
||||||
|
options = "default"
|
||||||
|
certResolver = "letsEncrypt"
|
||||||
|
|
||||||
|
[[entryPoints.https.http.tls.domains]]
|
||||||
|
main = "korhonen.cc"
|
||||||
|
sans = ["*.korhonen.cc"]
|
||||||
|
|
||||||
|
[providers.docker]
|
||||||
|
endpoint = "unix:///var/run/docker.sock"
|
||||||
|
exposedByDefault = false
|
||||||
|
|
||||||
|
[providers.file]
|
||||||
|
filename = "/dynamic.toml"
|
||||||
|
|
||||||
|
[certificatesResolvers.letsEncrypt.acme]
|
||||||
|
email = "{{env 'ADMIN_EMAIL'}}"
|
||||||
|
storage = "acme.json"
|
||||||
|
|
||||||
|
[certificatesResolvers.letsEncrypt.acme.dnsChallenge]
|
||||||
|
provider = "cloudflare"
|
||||||
|
|
||||||
|
[accessLog]
|
||||||
|
filePath = "/var/log/access.log"
|
||||||
|
|
||||||
|
[accessLog.filters]
|
||||||
|
statusCodes = ["400-499"]
|
Loading…
Reference in a new issue