Add some configs

config/docker/old/traefik/config/app-bookstack.yml

@@ -0,0 +1,15 @@
+http:
+  routers:
+    wiki-rtr: # Bookstack
+      rule: "Host(`wiki.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-no-auth # - chain-authelia
+      tls: {}
+      service: wiki-svc
+  services:
+    wiki-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.5.30:53002"

config/docker/old/traefik/config/app-ha-pihole.yml

@@ -0,0 +1,46 @@
+http:
+  routers:
+    ha-pihole-rtr: # piHole
+      rule: "Host(`ha-pihole.local.gurulandia.eu`) "
+      entryPoints:
+        - https
+      middlewares:
+        - chain-no-auth
+        - pihole-add-admin
+      service: ha-pihole-svc
+      tls: {}
+    ha-pihole-01-rtr: # piHole
+      rule: "Host(`ha-pihole-01.local.gurulandia.eu`) "
+      entryPoints:
+        - https
+      middlewares:
+        - chain-no-auth
+        - pihole-add-admin
+      service: ha-pihole-01-svc
+      tls: {}
+    ha-pihole-02-rtr: # piHole
+      rule: "Host(`ha-pihole-02.local.gurulandia.eu`) "
+      entryPoints:
+        - https
+      middlewares:
+        - chain-no-auth
+        - pihole-add-admin
+      service: ha-pihole-02-svc
+      tls: {}
+  middlewares:
+    pihole-add-admin:
+      addPrefix:
+        prefix: "/admin"
+  services:
+    ha-pihole-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.99.250:80"
+    ha-pihole-01-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.99.245:80"
+    ha-pihole-02-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.99.246:80"

config/docker/old/traefik/config/app-pihole.yml

@@ -0,0 +1,46 @@
+http:
+  routers:
+    pihole-rtr: # piHole
+      rule: "Host(`pihole.local.gurulandia.eu`) "
+      entryPoints:
+        - https
+      middlewares:
+        - chain-authelia
+        - pihole-add-admin
+      service: pihole-svc
+      tls: {}
+    pihole-01-rtr: # piHole
+      rule: "Host(`pihole-01.local.gurulandia.eu`) "
+      entryPoints:
+        - https
+      middlewares:
+        - chain-authelia
+        - pihole-add-admin
+      service: pihole-01-svc
+      tls: {}
+    pihole-02-rtr: # piHole
+      rule: "Host(`pihole-02.local.gurulandia.eu`) "
+      entryPoints:
+        - https
+      middlewares:
+        - chain-authelia
+        - pihole-add-admin
+      service: pihole-02-svc
+      tls: {}
+  middlewares:
+    pihole-add-admin:
+      addPrefix:
+        prefix: "/admin"
+  services:
+    pihole-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.99.250:80"
+    pihole-01-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.99.245:80"
+    pihole-02-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.99.246:80"

config/docker/old/traefik/config/app-sophos-xg.yml

@@ -0,0 +1,15 @@
+http:
+  routers:
+    sophos-rtr: # Sophos XG
+      rule: "Host(`fw.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-no-auth # - chain-authelia
+      tls: {}
+      service: sophos-svc
+  services:
+    sophos-svc:
+      loadBalancer:
+        servers:
+          - url: "https://192.168.99.1:4444"

config/docker/old/traefik/config/app-wac.yml

@@ -0,0 +1,15 @@
+http:
+  routers:
+    wac-rtr: # Sophos XG
+      rule: "Host(`wac.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-no-auth # - chain-authelia
+      tls: {}
+      service: wac-svc
+  services:
+    wac-svc:
+      loadBalancer:
+        servers:
+          - url: "https://192.168.5.50"

config/docker/old/traefik/config/mw-authelia.yml

@@ -0,0 +1,9 @@
+http:
+  middlewares:
+    middlewares-authelia:
+      forwardAuth:
+        address: "http://authelia:9091/api/verify?rd=https://auth.local.gurulandia.eu"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - "Remote-User"
+          - "Remote-Groups"

config/docker/old/traefik/config/mw-basic-auth.yml

@@ -0,0 +1,8 @@
+http:
+  middlewares:
+    middlewares-basic-auth:
+      basicAuth:
+        # users:
+        #   - "user:$apsdfs.$EntPC0w3FtswWvC/6fTVJ7IUVtX1"
+        usersFile: "/users" #be sure to mount the volume through docker-compose.yml
+        realm: "Traefik 2 Basic Auth"

config/docker/old/traefik/config/mw-chain-authelia.yml

@@ -0,0 +1,8 @@
+http:
+  middlewares:        
+    chain-authelia:
+      chain:
+        middlewares:
+          - middlewares-rate-limit
+          - middlewares-secure-headers
+          - middlewares-authelia

config/docker/old/traefik/config/mw-chain-basic-auth.yml

@@ -0,0 +1,8 @@
+http:
+  middlewares:
+    chain-basic-auth:
+      chain:
+        middlewares:
+          - middlewares-rate-limit
+          - middlewares-secure-headers
+          - middlewares-basic-auth

config/docker/old/traefik/config/mw-chain-no-auth.yml

@@ -0,0 +1,9 @@
+http:
+  middlewares:
+    chain-no-auth:
+      chain:
+        middlewares:
+          - middlewares-crowdsec-bouncer
+          - middlewares-default-whitelist
+          - middlewares-rate-limit
+          - middlewares-secure-headers

config/docker/old/traefik/config/mw-chain-oauth.yml

@@ -0,0 +1,8 @@
+http:
+  middlewares:
+    chain-oauth:
+      chain:
+        middlewares:
+          - middlewares-rate-limit
+          - middlewares-secure-headers
+          - middlewares-oauth

config/docker/old/traefik/config/mw-crowdsec-bouncer.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:    
+    middlewares-crowdsec-bouncer:
+      forwardauth:
+        address: http://bouncer-traefik:8080/api/v1/forwardAuth
+        trustForwardHeader: true

config/docker/old/traefik/config/mw-default-whitelist.yml

@@ -0,0 +1,8 @@
+http:
+  middlewares:
+    middlewares-default-whitelist:
+      ipWhiteList:
+        sourceRange:
+        - "10.0.0.0/8"
+        - "192.168.0.0/16"
+        - "172.16.0.0/12"

config/docker/old/traefik/config/mw-rate-limit.yml

@@ -0,0 +1,6 @@
+http:
+  middlewares:
+    middlewares-rate-limit:
+      rateLimit:
+        average: 100
+        burst: 50

config/docker/old/traefik/config/mw-secure-headers.yml

@@ -0,0 +1,31 @@
+http:
+  middlewares:
+    middlewares-secure-headers:
+      headers:
+        accessControlAllowMethods:
+          - GET
+          - OPTIONS
+          - PUT
+        accessControlMaxAge: 100
+        hostsProxyHeaders:
+          - "X-Forwarded-Host"
+        sslRedirect: true
+        stsSeconds: 63072000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        forceSTSHeader: true
+        # frameDeny: true #overwritten by customFrameOptionsValue
+        customFrameOptionsValue: "allow-from https:gurulandia.eu" #CSP takes care of this but may be needed for organizr.
+        contentTypeNosniff: true
+        browserXssFilter: true
+        # sslForceHost: true # add sslHost to all of the services
+        # sslHost: "example.com"
+        referrerPolicy: "same-origin"
+        # Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
+        # the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
+        # contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
+        featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
+        customResponseHeaders:
+          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
+          server: ""
+          

config/docker/old/traefik/config/svc-asustor.yml

@@ -0,0 +1,15 @@
+http:
+  routers:
+    asustor-rtr: # Asustor Nas
+      rule: "Host(`nas-01.local.gurulandia.eu`) "
+      entryPoints:
+        - https
+      middlewares:
+        - chain-authelia 
+      service: asustor-svc
+      tls: {}    
+  services:
+    asustor-svc:
+      loadBalancer:
+        servers:
+          - url: "https://gl-p-nas-01.srv.gurulandia.lan:8001"

config/docker/old/traefik/config/svc-homeassistant.yml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    homeassistant-rtr: # Home Assistant
+      rule: "Host(`homeassistant.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      service: homeassistant-svc
+      tls:  {}
+  services:
+    homeassistant-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.42.242:50000"
+          

config/docker/old/traefik/config/svc-observium.yml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    observium-rtr: # Observium
+      rule: "Host(`observium.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      service: observium-svc
+      tls:  {}
+  services:
+    observium-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.99.81"
+          

config/docker/old/traefik/config/svc-pbs.yml

@@ -0,0 +1,15 @@
+http:
+  routers:
+    pbs-rtr: # Proxmox PBS
+      entryPoints:
+        - "https"
+      rule: "Host(`pbs-01.local.gurulandia.eu`)"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: pbs-svc
+  services:
+    pbs-svc:
+      loadBalancer:
+        servers:
+          - url: "https://gl-v-pbs-01.mgmt.gurulandia.lan:8007"

config/docker/old/traefik/config/svc-plex.yml

@@ -0,0 +1,15 @@
+http:
+  routers:
+    plex-rtr: # Asustor Nas
+      rule: "Host(`plex.local.gurulandia.eu`) "
+      entryPoints:
+        - https
+      middlewares:
+        - chain-authelia 
+      service: plex-svc
+      tls: {}    
+  services:
+    plex-svc:
+      loadBalancer:
+        servers:
+          - url: "https://gl-p-nas-01.srv.gurulandia.lan:32400"

config/docker/old/traefik/config/svc-pve.yml

@@ -0,0 +1,27 @@
+http:
+  routers:
+    pve-01-rtr: # Proxmox PVE 1
+      rule: "Host(`pve-01.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: pve-01-svc      
+    pve-02-rtr: # Proxmox PVE 2
+      rule: "Host(`pve-02.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: pve-02-svc
+  services:
+    pve-01-svc:
+      loadBalancer:
+        servers:
+          - url: "https://gl-p-pve-01.mgmt.gurulandia.lan:8006"
+    pve-02-svc:
+      loadBalancer:
+        servers:
+          - url: "https://gl-p-pve-02.mgmt.gurulandia.lan:8006"

config/docker/old/traefik/config/svc-routers.yml

@@ -0,0 +1,39 @@
+http:
+  routers:
+    gl-p-ap-01-rtr: # AsusWRT
+      rule: "Host(`ap-01.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-ap-01-svc
+    gl-p-ap-02-rtr: # OpenWRT
+      rule: "Host(`ap-02.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-ap-02-svc
+    gl-p-ap-03-rtr: # OpenWRT
+      rule: "Host(`ap-03.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-ap-03-svc
+  services:
+    gl-p-ap-01-svc:
+      loadBalancer:
+        servers:
+          - url: "http://gl-p-ap-01.wifi.gurulandia.lan"
+    gl-p-ap-02-svc:
+      loadBalancer:
+        servers:
+          - url: "https://gl-p-ap-02.mgmt.gurulandia.lan"
+    gl-p-ap-03-svc:
+      loadBalancer:
+        servers:
+          - url: "https://gl-p-ap-03.mgmt.gurulandia.lan"  

config/docker/old/traefik/config/svc-switchs.yml

@@ -0,0 +1,99 @@
+http:
+  routers:
+    gl-p-sw-01-rtr: 
+      rule: "Host(`sw-01.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-sw-01-svc
+    gl-p-sw-02-rtr: 
+      rule: "Host(`sw-02.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-sw-02-svc
+    gl-p-sw-03-rtr: 
+      rule: "Host(`sw-03.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-sw-03-svc
+    gl-p-sw-04-rtr: 
+      rule: "Host(`sw-04.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-sw-04-svc
+    gl-p-sw-05-rtr: 
+      rule: "Host(`sw-05.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-sw-05-svc
+    gl-p-sw-06-rtr: 
+      rule: "Host(`sw-06.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-sw-06-svc
+    gl-p-sw-07-rtr: 
+      rule: "Host(`sw-07.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-sw-07-svc
+    gl-p-sw-08-rtr: 
+      rule: "Host(`sw-08.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      tls: {}
+      service: gl-p-sw-08-svc
+  services:
+    gl-p-sw-01-svc:
+      loadBalancer:
+        servers:
+          - url: "http://gl-p-sw-01.mgmt.gurulandia.lan"
+    gl-p-sw-02-svc:
+      loadBalancer:
+        servers:
+          - url: "http://gl-p-sw-02.mgmt.gurulandia.lan"
+    gl-p-sw-03-svc:
+      loadBalancer:
+        servers:
+          - url: "http://gl-p-sw-03.mgmt.gurulandia.lan"
+    gl-p-sw-04-svc:
+      loadBalancer:
+        servers:
+          - url: "http://gl-p-sw-04.mgmt.gurulandia.lan"
+    gl-p-sw-05-svc:
+      loadBalancer:
+        servers:
+          - url: "http://gl-p-sw-05.mgmt.gurulandia.lan"
+    gl-p-sw-06-svc:
+      loadBalancer:
+        servers:
+          - url: "http://gl-p-sw-06.mgmt.gurulandia.lan"
+    gl-p-sw-07-svc:
+      loadBalancer:
+        servers:
+          - url: "http://gl-p-sw-07.mgmt.gurulandia.lan"
+    gl-p-sw-08-svc:
+      loadBalancer:
+        servers:
+          - url: "http://gl-p-sw-08.mgmt.gurulandia.lan"

config/docker/old/traefik/config/svc-tasmoadmin.yml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    tasmoadmin-rtr: # Tasmo Admin
+      rule: "Host(`tasmoadmin.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-no-auth #authelia
+      service: tasmoadmin-svc
+      tls:  {}
+  services:
+    tasmoadmin-svc:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.42.242:9541"
+          

config/docker/old/traefik/config/svc-truenas.yml

@@ -0,0 +1,16 @@
+http:
+  routers:
+    truenas-rtr: # TrueNAS Core
+      rule: "Host(`nas-02.local.gurulandia.eu`)"
+      entryPoints:
+        - "https"
+      middlewares:
+        - chain-authelia
+      service: truenas-svc
+      tls:  {}
+  services:
+    truenas-svc:
+      loadBalancer:
+        servers:
+          - url: "https://gl-p-nas-02.mgmt.gurulandia.lan"
+          

config/docker/old/traefik/config/tls-opts.yml

@@ -0,0 +1,19 @@
+tls:
+  options:
+    tls-opts:
+      minVersion: VersionTLS12
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
+        - TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
+      curvePreferences:
+        - CurveP521
+        - CurveP384
+      sniStrict: true