diff --git a/config/docker/2024/homelab/dc-traefik.yml b/config/docker/2024/homelab/dc-traefik.yml deleted file mode 100644 index 70bdb19..0000000 --- a/config/docker/2024/homelab/dc-traefik.yml +++ /dev/null @@ -1,110 +0,0 @@ -########################### SECRETS -secrets: - cloudflare_api_key: - file: $SECRETSDIR/cloudflare_api_key - cloudflare_dns_api_token: - file: ${SECRETSDIR}/cloudflare_dns_api_token - -services: - # Traefik 2 - Reverse Proxy - # Touch (create empty files) traefik.log and acme/acme.json. Set acme.json permissions to 600. - # touch $DOCKERDIR/traefik/acme.json - # chmod 600 $DOCKERDIR/traefik/acme.json - # touch $DOCKERDIR/traefik/logs/access.log - # touch $DOCKERDIR/traefik/logs/traefik.log - - traefik: - container_name: ${TRAEFIK_CONTAINER_NAME} - image: ${TRAEFIK_IMAGE}:${TRAEFIK_VERSION} - restart: ${TRAEFIK_RESTART_POLICY} - security_opt: - - no-new-privileges:true - networks: - proxy: - ipv4_address: ${TRAEFIK_IP0} # You can specify a static IP - socket_proxy: - ipv4_address: ${TRAEFIK_IP1} - ports: - - 80:80 - - 443:443 - environment: - - CF_API_KEY_FILE=/run/secrets/cloudflare_api_key - - CF_DNS_API_TOKEN_FILE=/run/secrets/cloudflare_dns_api_token - command: # CLI arguments - - --global.checkNewVersion=true - - --global.sendAnonymousUsage=false #true - - --entryPoints.http.address=:80 - - --entrypoints.http.http.redirections.entryPoint.to=https - - --entrypoints.http.http.middlewares=middlewares-crowdsec-bouncer@file - - --entryPoints.https.address=:443 - - --entrypoints.https.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS #,$LOCAL_IPS -# - --entryPoints.traefik.address=:8080 - #(- --entryPoints.ping.address=:8081) - - --api=true - #(- --api.insecure=true) - - --api.dashboard=true - #(- --ping=true) - #(- --pilot.token=$TRAEFIK_PILOT_TOKEN) - - --serversTransport.insecureSkipVerify=true - - --log=true - - --log.level=INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC - - --log.filePath= /var/log/traefik/traefik.log - - --accessLog=true - - --accessLog.filePath=/var/log/traefik/access.log - - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines - #- --accessLog.filters.statusCodes=400-499 - - --providers.docker=true - - --providers.docker.endpoint=${DOCKER_ENDPOINT} # Use Docker Socket Proxy instead for improved security - # Automatically set Host rule for services - #(- --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME0`)) - - --providers.docker.exposedByDefault=false - #- --providers.redis=true - #- --providers.redis.endpoints=redis:6379 - #- --entrypoints.https.http.middlewares=middlewares-crowdsec-bouncer@file - - --entrypoints.https.http.tls.options=tls-opts@file - # Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services - - --entrypoints.https.http.tls.certresolver=${CERTRESOLVER} - - --entrypoints.https.http.tls.domains[0].main=${DOMAINNAME0} - - --entrypoints.https.http.tls.domains[0].sans=*.${DOMAINNAME0} - - --entrypoints.https.http.tls.domains[1].main=$DOMAINNAME1 # Pulls main cert for second domain - - --entrypoints.https.http.tls.domains[1].sans=*.$DOMAINNAME1 # Pulls wildcard cert for second domain - - --entrypoints.https.http.tls.domains[2].main=$DOMAINNAME2 - - --entrypoints.https.http.tls.domains[2].sans=*.$DOMAINNAME2 - - --entrypoints.https.http.tls.domains[3].main=$DOMAINNAME3 # Pulls main cert for second domain - - --entrypoints.https.http.tls.domains[3].sans=*.$DOMAINNAME3 # Pulls wildcard cert for second domain - - --providers.docker.network=proxy - - --providers.file.directory=/config # Load dynamic configuration from one or more .toml or .yml files in a directory - #(- --providers.file.filename=/path/to/file # Load dynamic configuration from a file) - - --providers.file.watch=true # Only works on top level files in the rules folder - - --certificatesresolvers.$CERTRESOLVER.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing - - --certificatesresolvers.$CERTRESOLVER.acme.email=${CF_API_EMAIL} - - --certificatesresolvers.$CERTRESOLVER.acme.storage=/acme.json - - --certificatesresolvers.$CERTRESOLVER.acme.dnsChallenge.provider=${DNS_PROVIDER} - - --certificatesresolvers.$CERTRESOLVER.acme.dnsChallenge.resolvers=${RESOLVER1} - - --certificatesresolvers.$CERTRESOLVER.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate - #healthcheck: - # test: ["CMD", "traefik", "healthcheck", "--ping"] - # interval: 5s - # retries: 3 - volumes: - - /etc/localtime:/etc/localtime:ro - #- ${DOCKERDIR}/traefik/traefik.yml:/traefik.yml:ro - - ${DOCKERDIR}/traefik/config:/config:ro # file provider directory - - ${DOCKERDIR}/traefik/acme.json:/acme.json # cert location - you must touch this file and change permissions to 600 - - ${DOCKERDIR}/traefik/logs:/var/log/traefik # for crowdsec - make sure to touch file before starting container - secrets: - - cloudflare_api_key - - cloudflare_dns_api_token - labels: - - "traefik.enable=true" - - "traefik.http.routers.traefik.entrypoints=http" - - "traefik.http.routers.traefik.rule=Host(`test-proxy.${DOMAINNAME1}`)" - - "traefik.http.middlewares.traefik-auth.basicauth.users=${BASICAUTHUSER}" - - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https" - - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - - "traefik.http.routers.traefik-secure.entrypoints=https" - - "traefik.http.routers.traefik-secure.rule=Host(`test-proxy.${DOMAINNAME1}`)" - - "traefik.http.routers.traefik-secure.middlewares=chain-no-auth@file" - #- "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - - "traefik.http.routers.traefik-secure.service=api@internal"