# Traefik global configuration global: checkNewVersion: true sendAnonymousUsage: false # Enable traefik ui dashboard api: dashboard: true insecure: true # Log level INFO|DEBUG|ERROR log: level: INFO # Configuring Multiple Filters accessLog: filePath: "/logs/traefik.log" format: json filters: statusCodes: # - "200" # log successful http requests - "400-599" # log failed http requests #retryAttempts: true #minDuration: "10ms" # collect logs as in-memory buffer before writing into log file bufferingSize: 0 fields: headers: defaultMode: drop # drop all headers per default names: User-Agent: keep # log user agent strings # The setting below is to allow insecure backend connections. serverTransport: insecureSkipVerify: true # Traefik entrypoints (network ports) configuration entryPoints: # Not used in apps, but redirect everything from HTTP to HTTPS http: address: :80 forwardedHeaders: trustedIPs: &trustedIps # Start of Clouflare public IP list for HTTP requests, remove this if you don't use it; https://www.cloudflare.com/de-de/ips/ - 103.21.244.0/22 - 103.22.200.0/22 - 103.31.4.0/22 - 104.16.0.0/13 - 104.24.0.0/14 - 108.162.192.0/18 - 131.0.72.0/22 - 141.101.64.0/18 - 162.158.0.0/15 - 172.64.0.0/13 - 173.245.48.0/20 - 188.114.96.0/20 - 190.93.240.0/20 - 197.234.240.0/22 - 198.41.128.0/17 - 2400:cb00::/32 - 2606:4700::/32 - 2803:f800::/32 - 2405:b500::/32 - 2405:8100::/32 - 2a06:98c0::/29 - 2c0f:f248::/32 # End of Cloudlare public IP list http: redirections: entryPoint: to: https scheme: https # HTTPS endpoint, with domain wildcard https: address: :443 forwardedHeaders: # Reuse list of Cloudflare Trusted IP's above for HTTPS requests trustedIPs: *trustedIps # enable HTTP3 QUIC via UDP/443 #http3: # advertisedPort: '443' http: tls: # Generate a wildcard domain certificate certResolver: myresolver domains: - main: example.com # change this to your proxy domain sans: - '*.example.com' # change this to your proxy domain middlewares: - security-headers@file # reference to a dynamic middleware for setting http security headers per default - rate-limit@file # reference to a dynamic middleware for enabling rate limiting per default providers: providersThrottleDuration: 2s # File provider for connecting things that are outside of docker / defining middleware file: filename: /etc/traefik/fileConfig.yml watch: true # Docker provider for connecting all apps that are inside of the docker network docker: watch: true network: proxy # Add Your Docker Network Name Here # Default host rule to containername.domain.example defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)" # change 'example.com' to your proxy domain exposedByDefault: false # Use letsencrypt to generate ssl certificates certificatesResolvers: myresolver: acme: email: example@example.com # the email address used for ssl certificate registration storage: /etc/traefik/acme.json #httpChallenge: # acme http challenge; requires port 80 and proper dns entries # entryPoint: http # specify the entry point for the HTTP challenge (adjust if needed) dnsChallenge: # acme dns challenge; requires api token of dns provider provider: cloudflare # Used to make sure the dns challenge is propagated to the right dns servers resolvers: - "1.1.1.1:53" - "1.0.0.1:53"