Gurulandia/Homelab
1
0
Fork 0
Code Pull Requests Actions Wiki Activity

Add some configs

Browse Source
This commit is contained in:
Gurulandia
2025-02-03 10:16:10 +02:00
parent d5ba06fb78
commit 8d217a76c5
50 changed files with 1317 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/docker/current/crowdsec/acquis.d/sshd.yaml
+4
View File
@@ -0,0 +1,4 @@
Filenames:
- /var/log/auth.log
Labels:
type: syslog
config/docker/current/crowdsec/acquis.d/traefik.yaml
+4
View File
@@ -0,0 +1,4 @@
filenames:
- /var/log/traefik/*
labels:
type: traefik
config/docker/current/mailrise/mailrise.conf
+19
View File
@@ -0,0 +1,19 @@
configs:
discord:
urls:
- discord://1197077230531129365/Lg8HssUw5GhNIs4qYGyxp-52VFFtw17fMAlf-OYDSS3bOjJzGMpRsZ_KCZ5sxOHagK7R/
gotify:
urls:
- gotify://gotify.lab.gurulandia.eu/AP8JgsUIUm2M1B1
gurulandia@outlook.com:
urls:
- gotify://gotify.lab.gurulandia.eu/AkNhzQxlA9sOsVJ
tls:
mode: off
smtp:
auth:
basic:
gurulandia: gurulandia
hostname: mailrise.lab.gurulandia.eu
config/docker/current/traefik/acme.json
+58
View File
File diff suppressed because one or more lines are too long
config/docker/current/traefik/config/mw-authelia.yml
+9
View File
@@ -0,0 +1,9 @@
http:
middlewares:
middlewares-authelia:
forwardAuth:
address: "http://authelia:9091/api/verify?rd=https://auth.local.gurulandia.eu"
trustForwardHeader: true
authResponseHeaders:
- "Remote-User"
- "Remote-Groups"
config/docker/current/traefik/config/mw-basic-auth.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
middlewares-basic-auth:
basicAuth:
# users:
# - "user:$apsdfs.$EntPC0w3FtswWvC/6fTVJ7IUVtX1"
usersFile: "/users" #be sure to mount the volume through docker-compose.yml
realm: "Traefik 2 Basic Auth"
config/docker/current/traefik/config/mw-chain-authelia.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
chain-authelia:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-secure-headers
- middlewares-authelia
config/docker/current/traefik/config/mw-chain-basic-auth.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
chain-basic-auth:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-secure-headers
- middlewares-basic-auth
config/docker/current/traefik/config/mw-chain-no-auth.yml
+9
View File
@@ -0,0 +1,9 @@
http:
middlewares:
chain-no-auth:
chain:
middlewares:
- middlewares-crowdsec-bouncer
- middlewares-default-whitelist
- middlewares-rate-limit
- middlewares-secure-headers
config/docker/current/traefik/config/mw-chain-oauth.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
chain-oauth:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-secure-headers
- middlewares-oauth
config/docker/current/traefik/config/mw-crowdsec-bouncer.yml
+6
View File
@@ -0,0 +1,6 @@
http:
middlewares:
middlewares-crowdsec-bouncer:
forwardauth:
address: http://bouncer-traefik:8080/api/v1/forwardAuth
trustForwardHeader: true
config/docker/current/traefik/config/mw-default-whitelist.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
middlewares-default-whitelist:
ipWhiteList:
sourceRange:
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
config/docker/current/traefik/config/mw-rate-limit.yml
+6
View File
@@ -0,0 +1,6 @@
http:
middlewares:
middlewares-rate-limit:
rateLimit:
average: 100
burst: 50
config/docker/current/traefik/config/mw-secure-headers.yml
+31
View File
@@ -0,0 +1,31 @@
http:
middlewares:
middlewares-secure-headers:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlMaxAge: 100
hostsProxyHeaders:
- "X-Forwarded-Host"
sslRedirect: true
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
# frameDeny: true #overwritten by customFrameOptionsValue
customFrameOptionsValue: "allow-from https:gurulandia.eu" #CSP takes care of this but may be needed for organizr.
contentTypeNosniff: true
browserXssFilter: true
# sslForceHost: true # add sslHost to all of the services
# sslHost: "example.com"
referrerPolicy: "same-origin"
# Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
# the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
# contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
server: ""
config/docker/current/traefik/config/tls-opts.yml
+19
View File
@@ -0,0 +1,19 @@
tls:
options:
tls-opts:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
config/docker/current/traefik/logs/access.log
View File
config/docker/current/traefik/logs/traefik.log
View File
config/docker/old/traefik/acme.json
+120
View File
File diff suppressed because one or more lines are too long
config/docker/old/traefik/config/app-bookstack.yml
+15
View File
@@ -0,0 +1,15 @@
http:
routers:
wiki-rtr: # Bookstack
rule: "Host(`wiki.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-no-auth # - chain-authelia
tls: {}
service: wiki-svc
services:
wiki-svc:
loadBalancer:
servers:
- url: "http://192.168.5.30:53002"
config/docker/old/traefik/config/app-ha-pihole.yml
+46
View File
@@ -0,0 +1,46 @@
http:
routers:
ha-pihole-rtr: # piHole
rule: "Host(`ha-pihole.local.gurulandia.eu`) "
entryPoints:
- https
middlewares:
- chain-no-auth
- pihole-add-admin
service: ha-pihole-svc
tls: {}
ha-pihole-01-rtr: # piHole
rule: "Host(`ha-pihole-01.local.gurulandia.eu`) "
entryPoints:
- https
middlewares:
- chain-no-auth
- pihole-add-admin
service: ha-pihole-01-svc
tls: {}
ha-pihole-02-rtr: # piHole
rule: "Host(`ha-pihole-02.local.gurulandia.eu`) "
entryPoints:
- https
middlewares:
- chain-no-auth
- pihole-add-admin
service: ha-pihole-02-svc
tls: {}
middlewares:
pihole-add-admin:
addPrefix:
prefix: "/admin"
services:
ha-pihole-svc:
loadBalancer:
servers:
- url: "http://192.168.99.250:80"
ha-pihole-01-svc:
loadBalancer:
servers:
- url: "http://192.168.99.245:80"
ha-pihole-02-svc:
loadBalancer:
servers:
- url: "http://192.168.99.246:80"
config/docker/old/traefik/config/app-pihole.yml
+46
View File
@@ -0,0 +1,46 @@
http:
routers:
pihole-rtr: # piHole
rule: "Host(`pihole.local.gurulandia.eu`) "
entryPoints:
- https
middlewares:
- chain-authelia
- pihole-add-admin
service: pihole-svc
tls: {}
pihole-01-rtr: # piHole
rule: "Host(`pihole-01.local.gurulandia.eu`) "
entryPoints:
- https
middlewares:
- chain-authelia
- pihole-add-admin
service: pihole-01-svc
tls: {}
pihole-02-rtr: # piHole
rule: "Host(`pihole-02.local.gurulandia.eu`) "
entryPoints:
- https
middlewares:
- chain-authelia
- pihole-add-admin
service: pihole-02-svc
tls: {}
middlewares:
pihole-add-admin:
addPrefix:
prefix: "/admin"
services:
pihole-svc:
loadBalancer:
servers:
- url: "http://192.168.99.250:80"
pihole-01-svc:
loadBalancer:
servers:
- url: "http://192.168.99.245:80"
pihole-02-svc:
loadBalancer:
servers:
- url: "http://192.168.99.246:80"
config/docker/old/traefik/config/app-sophos-xg.yml
+15
View File
@@ -0,0 +1,15 @@
http:
routers:
sophos-rtr: # Sophos XG
rule: "Host(`fw.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-no-auth # - chain-authelia
tls: {}
service: sophos-svc
services:
sophos-svc:
loadBalancer:
servers:
- url: "https://192.168.99.1:4444"
config/docker/old/traefik/config/app-wac.yml
+15
View File
@@ -0,0 +1,15 @@
http:
routers:
wac-rtr: # Sophos XG
rule: "Host(`wac.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-no-auth # - chain-authelia
tls: {}
service: wac-svc
services:
wac-svc:
loadBalancer:
servers:
- url: "https://192.168.5.50"
config/docker/old/traefik/config/mw-authelia.yml
+9
View File
@@ -0,0 +1,9 @@
http:
middlewares:
middlewares-authelia:
forwardAuth:
address: "http://authelia:9091/api/verify?rd=https://auth.local.gurulandia.eu"
trustForwardHeader: true
authResponseHeaders:
- "Remote-User"
- "Remote-Groups"
config/docker/old/traefik/config/mw-basic-auth.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
middlewares-basic-auth:
basicAuth:
# users:
# - "user:$apsdfs.$EntPC0w3FtswWvC/6fTVJ7IUVtX1"
usersFile: "/users" #be sure to mount the volume through docker-compose.yml
realm: "Traefik 2 Basic Auth"
config/docker/old/traefik/config/mw-chain-authelia.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
chain-authelia:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-secure-headers
- middlewares-authelia
config/docker/old/traefik/config/mw-chain-basic-auth.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
chain-basic-auth:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-secure-headers
- middlewares-basic-auth
config/docker/old/traefik/config/mw-chain-no-auth.yml
+9
View File
@@ -0,0 +1,9 @@
http:
middlewares:
chain-no-auth:
chain:
middlewares:
- middlewares-crowdsec-bouncer
- middlewares-default-whitelist
- middlewares-rate-limit
- middlewares-secure-headers
config/docker/old/traefik/config/mw-chain-oauth.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
chain-oauth:
chain:
middlewares:
- middlewares-rate-limit
- middlewares-secure-headers
- middlewares-oauth
config/docker/old/traefik/config/mw-crowdsec-bouncer.yml
+6
View File
@@ -0,0 +1,6 @@
http:
middlewares:
middlewares-crowdsec-bouncer:
forwardauth:
address: http://bouncer-traefik:8080/api/v1/forwardAuth
trustForwardHeader: true
config/docker/old/traefik/config/mw-default-whitelist.yml
+8
View File
@@ -0,0 +1,8 @@
http:
middlewares:
middlewares-default-whitelist:
ipWhiteList:
sourceRange:
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
config/docker/old/traefik/config/mw-rate-limit.yml
+6
View File
@@ -0,0 +1,6 @@
http:
middlewares:
middlewares-rate-limit:
rateLimit:
average: 100
burst: 50
config/docker/old/traefik/config/mw-secure-headers.yml
+31
View File
@@ -0,0 +1,31 @@
http:
middlewares:
middlewares-secure-headers:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlMaxAge: 100
hostsProxyHeaders:
- "X-Forwarded-Host"
sslRedirect: true
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
# frameDeny: true #overwritten by customFrameOptionsValue
customFrameOptionsValue: "allow-from https:gurulandia.eu" #CSP takes care of this but may be needed for organizr.
contentTypeNosniff: true
browserXssFilter: true
# sslForceHost: true # add sslHost to all of the services
# sslHost: "example.com"
referrerPolicy: "same-origin"
# Setting contentSecurityPolicy is more secure but it can break things. Proper auth will reduce the risk.
# the below line also breaks some apps due to 'none' - sonarr, radarr, etc.
# contentSecurityPolicy: "frame-ancestors '*.example.com:*';object-src 'none';script-src 'none';"
featurePolicy: "camera 'none'; geolocation 'none'; microphone 'none'; payment 'none'; usb 'none'; vr 'none';"
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
server: ""
config/docker/old/traefik/config/svc-asustor.yml
+15
View File
@@ -0,0 +1,15 @@
http:
routers:
asustor-rtr: # Asustor Nas
rule: "Host(`nas-01.local.gurulandia.eu`) "
entryPoints:
- https
middlewares:
- chain-authelia
service: asustor-svc
tls: {}
services:
asustor-svc:
loadBalancer:
servers:
- url: "https://gl-p-nas-01.srv.gurulandia.lan:8001"
config/docker/old/traefik/config/svc-homeassistant.yml
+16
View File
@@ -0,0 +1,16 @@
http:
routers:
homeassistant-rtr: # Home Assistant
rule: "Host(`homeassistant.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
service: homeassistant-svc
tls: {}
services:
homeassistant-svc:
loadBalancer:
servers:
- url: "http://192.168.42.242:50000"
config/docker/old/traefik/config/svc-observium.yml
+16
View File
@@ -0,0 +1,16 @@
http:
routers:
observium-rtr: # Observium
rule: "Host(`observium.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
service: observium-svc
tls: {}
services:
observium-svc:
loadBalancer:
servers:
- url: "http://192.168.99.81"
config/docker/old/traefik/config/svc-pbs.yml
+15
View File
@@ -0,0 +1,15 @@
http:
routers:
pbs-rtr: # Proxmox PBS
entryPoints:
- "https"
rule: "Host(`pbs-01.local.gurulandia.eu`)"
middlewares:
- chain-authelia
tls: {}
service: pbs-svc
services:
pbs-svc:
loadBalancer:
servers:
- url: "https://gl-v-pbs-01.mgmt.gurulandia.lan:8007"
config/docker/old/traefik/config/svc-plex.yml
+15
View File
@@ -0,0 +1,15 @@
http:
routers:
plex-rtr: # Asustor Nas
rule: "Host(`plex.local.gurulandia.eu`) "
entryPoints:
- https
middlewares:
- chain-authelia
service: plex-svc
tls: {}
services:
plex-svc:
loadBalancer:
servers:
- url: "https://gl-p-nas-01.srv.gurulandia.lan:32400"
config/docker/old/traefik/config/svc-pve.yml
+27
View File
@@ -0,0 +1,27 @@
http:
routers:
pve-01-rtr: # Proxmox PVE 1
rule: "Host(`pve-01.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: pve-01-svc
pve-02-rtr: # Proxmox PVE 2
rule: "Host(`pve-02.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: pve-02-svc
services:
pve-01-svc:
loadBalancer:
servers:
- url: "https://gl-p-pve-01.mgmt.gurulandia.lan:8006"
pve-02-svc:
loadBalancer:
servers:
- url: "https://gl-p-pve-02.mgmt.gurulandia.lan:8006"
config/docker/old/traefik/config/svc-routers.yml
+39
View File
@@ -0,0 +1,39 @@
http:
routers:
gl-p-ap-01-rtr: # AsusWRT
rule: "Host(`ap-01.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-ap-01-svc
gl-p-ap-02-rtr: # OpenWRT
rule: "Host(`ap-02.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-ap-02-svc
gl-p-ap-03-rtr: # OpenWRT
rule: "Host(`ap-03.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-ap-03-svc
services:
gl-p-ap-01-svc:
loadBalancer:
servers:
- url: "http://gl-p-ap-01.wifi.gurulandia.lan"
gl-p-ap-02-svc:
loadBalancer:
servers:
- url: "https://gl-p-ap-02.mgmt.gurulandia.lan"
gl-p-ap-03-svc:
loadBalancer:
servers:
- url: "https://gl-p-ap-03.mgmt.gurulandia.lan"
config/docker/old/traefik/config/svc-switchs.yml
+99
View File
@@ -0,0 +1,99 @@
http:
routers:
gl-p-sw-01-rtr:
rule: "Host(`sw-01.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-sw-01-svc
gl-p-sw-02-rtr:
rule: "Host(`sw-02.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-sw-02-svc
gl-p-sw-03-rtr:
rule: "Host(`sw-03.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-sw-03-svc
gl-p-sw-04-rtr:
rule: "Host(`sw-04.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-sw-04-svc
gl-p-sw-05-rtr:
rule: "Host(`sw-05.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-sw-05-svc
gl-p-sw-06-rtr:
rule: "Host(`sw-06.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-sw-06-svc
gl-p-sw-07-rtr:
rule: "Host(`sw-07.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-sw-07-svc
gl-p-sw-08-rtr:
rule: "Host(`sw-08.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
tls: {}
service: gl-p-sw-08-svc
services:
gl-p-sw-01-svc:
loadBalancer:
servers:
- url: "http://gl-p-sw-01.mgmt.gurulandia.lan"
gl-p-sw-02-svc:
loadBalancer:
servers:
- url: "http://gl-p-sw-02.mgmt.gurulandia.lan"
gl-p-sw-03-svc:
loadBalancer:
servers:
- url: "http://gl-p-sw-03.mgmt.gurulandia.lan"
gl-p-sw-04-svc:
loadBalancer:
servers:
- url: "http://gl-p-sw-04.mgmt.gurulandia.lan"
gl-p-sw-05-svc:
loadBalancer:
servers:
- url: "http://gl-p-sw-05.mgmt.gurulandia.lan"
gl-p-sw-06-svc:
loadBalancer:
servers:
- url: "http://gl-p-sw-06.mgmt.gurulandia.lan"
gl-p-sw-07-svc:
loadBalancer:
servers:
- url: "http://gl-p-sw-07.mgmt.gurulandia.lan"
gl-p-sw-08-svc:
loadBalancer:
servers:
- url: "http://gl-p-sw-08.mgmt.gurulandia.lan"
config/docker/old/traefik/config/svc-tasmoadmin.yml
+16
View File
@@ -0,0 +1,16 @@
http:
routers:
tasmoadmin-rtr: # Tasmo Admin
rule: "Host(`tasmoadmin.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-no-auth #authelia
service: tasmoadmin-svc
tls: {}
services:
tasmoadmin-svc:
loadBalancer:
servers:
- url: "http://192.168.42.242:9541"
config/docker/old/traefik/config/svc-truenas.yml
+16
View File
@@ -0,0 +1,16 @@
http:
routers:
truenas-rtr: # TrueNAS Core
rule: "Host(`nas-02.local.gurulandia.eu`)"
entryPoints:
- "https"
middlewares:
- chain-authelia
service: truenas-svc
tls: {}
services:
truenas-svc:
loadBalancer:
servers:
- url: "https://gl-p-nas-02.mgmt.gurulandia.lan"
config/docker/old/traefik/config/tls-opts.yml
+19
View File
@@ -0,0 +1,19 @@
tls:
options:
tls-opts:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
config/docker/old/traefik/logs/access.log
View File
config/docker/old/traefik/logs/traefik.log
View File
config/docker/old/traefik/traefik.yml
+209
View File
@@ -0,0 +1,209 @@
################################################################
# Global configuration
################################################################
global:
checkNewVersion: true
sendAnonymousUsage: false
################################################################
# EntryPoints configuration
################################################################
# EntryPoints definition
#
# Optional
#
entryPoints:
http:
address: :80
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: :443
http:
tls:
options: tls-opts@file
certResolver: cloudflarels
domains:
- main: gurulandia.eu
sans:
- '*.gurulandia.eu'
- main: local.gurulandia.eu
sans:
- '*.local.gurulandia.eu'
- main: gurulandia.fi
sans:
- '*.gurulandia.fi'
- main: local.gurulandia.fi
sans:
- '*.local.gurulandia.fi'
forwardedHeaders:
trustedIPs: &trustedIps
- "127.0.0.1/32"
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
- "173.245.48.0/20"
- "103.21.244.0/22"
- "103.22.200.0/22"
- "103.31.4.0/22"
- "141.101.64.0/18"
- "108.162.192.0/18"
- "190.93.240.0/20"
- "188.114.96.0/20"
- "197.234.240.0/22"
- "198.41.128.0/17"
- "162.158.0.0/15"
- "172.64.0.0/13"
- "131.0.72.0/22"
- "104.16.0.0/13"
- "104.24.0.0/14"
serversTransport:
insecureSkipVerify: true
################################################################
# Traefik logs configuration
################################################################
# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
log:
# Log level
#
# Optional
# Default: "ERROR"
#
level: INFO
# Sets the filepath for the traefik log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
filePath: "/var/log/traefik/traefik.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format: json
################################################################
# Access logs configuration
################################################################
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
accessLog:
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
filePath: "/var/log/traefik/access.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format: json
################################################################
# API and dashboard configuration
################################################################
# Enable API and dashboard
#
# Optional
#
api:
# Enable the API in insecure mode
#
# Optional
# Default: false
#
#insecure: true
# Enabled Dashboard
#
# Optional
# Default: true
#
dashboard: true
################################################################
# Ping configuration
################################################################
# Enable ping
#ping:
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint: traefik
################################################################
# Providers configuration
################################################################
providers:
# Enable Docker configuration backend
docker:
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
endpoint: tcp://socket-proxy:2375
network: proxy
# Default host rule.
#
# Optional
# Default: "Host(`{{ normalize .Name }}`)"
#
# defaultRule: Host(`{{ normalize .Name }}.docker.localhost`)
# Expose containers by default in traefik
#
# Optional
# Default: true
#
exposedByDefault: false
# Enable File configuration backend
file:
directory: /config
watch: true
# Enable Redis configuration backend
#redis:
#endpoints:
# - "redis:6379"
################################################################
# Certificate Resolvers
################################################################
certificatesResolvers:
cloudflare:
acme:
email: ${CF_API_EMAIL}
storage: acme.json
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
config/docker/old/traefik/traefik.yml.old
+204
View File
@@ -0,0 +1,204 @@
################################################################
#
# Configuration sample for Traefik v2.
#
# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
#
################################################################
################################################################
# Global configuration
################################################################
global:
checkNewVersion: true
sendAnonymousUsage: false
################################################################
# EntryPoints configuration
################################################################
# EntryPoints definition
#
# Optional
#
entryPoints:
http:
address: :80
# http:
# redirections:
# entryPoint:
# to: https
# scheme: https
https:
address: :443
# http:
#tls:
#options: tls-opts@file
#certResolver: cloudflare
#domains:
#- main: gurulandia.eu
#- sans: *.gurulandia.eu
#- main: local.gurulandia.eu
#- sans: *.local.gurulandia.eu
#- main: gurulandia.fi
# sans:
# - *.gurulandia.fi
#forwardedHeaders:
# trustedIPs:
# - "173.245.48.0/20"
# - "103.21.244.0/22"
# - "103.22.200.0/22"
# - "103.31.4.0/22"
# - "141.101.64.0/18"
# - "108.162.192.0/18"
# - "190.93.240.0/20"
# - "188.114.96.0/20"
# - "197.234.240.0/22"
# - "198.41.128.0/17"
# - "162.158.0.0/15"
# - "172.64.0.0/13"
# - "131.0.72.0/22"
# - "104.16.0.0/13"
# - "104.24.0.0/14"
serversTransport:
insecureSkipVerify: true
################################################################
# Traefik logs configuration
################################################################
# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
log:
# Log level
#
# Optional
# Default: "ERROR"
#
level: INFO
# Sets the filepath for the traefik log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
filePath: "/var/log/traefik/traefik.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format: json
################################################################
# Access logs configuration
################################################################
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
accessLog:
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
filePath: "/var/log/traefik/access.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format: json
################################################################
# API and dashboard configuration
################################################################
# Enable API and dashboard
#
# Optional
#
api:
# Enable the API in insecure mode
#
# Optional
# Default: false
#
insecure: true
# Enabled Dashboard
#
# Optional
# Default: true
#
#dashboard: true
################################################################
# Ping configuration
################################################################
# Enable ping
#ping:
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint: traefik
providers:
# Enable Docker configuration backend
docker:
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
endpoint: tcp://socket-proxy:2375
# Default host rule.
#
# Optional
# Default: "Host(`{{ normalize .Name }}`)"
#
# defaultRule: Host(`{{ normalize .Name }}.docker.localhost`)
# Expose containers by default in traefik
#
# Optional
# Default: true
#
exposedByDefault: false
# Enable File configuration backend
file:
directory: /config
watch: true
# Enable Redis configuration backend
#redis:
#endpoints:
# - "redis:6379"
################################################################
# Certificate Resolvers
################################################################
certificatesResolvers:
cloudflare:
acme:
email: gurulandia@outlook.com
storage: acme.json
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
config/docker/old/traefik/traefik.yml.test
+47
View File
@@ -0,0 +1,47 @@
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: "https"
scheme: "https"
https:
address: ":443"
http:
middlewares:
- "crowdsec-bouncer@file"
openvpn:
address: ":1194/udp"
k3s:
address: ":6443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: tcp://socket-proxy:2375
exposedByDefault: false
file:
directory: /config
watch: true
certificatesResolvers:
cloudflare:
acme:
email: ${CLOUDFLARE_EMAIL}
storage: acme.json
dnsChallenge:
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
log:
level: INFO
filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"
config/docker/old/traefik/users
+1
View File
@@ -0,0 +1 @@
gurulandia:{SHA}pZz64lzpzvjBTCNPWBokXW/7qD0=