mirror of
https://github.com/Haxxnet/Compose-Examples
synced 2025-01-18 15:27:08 +00:00
144 lines
4.3 KiB
YAML
144 lines
4.3 KiB
YAML
# Traefik global configuration
|
|
global:
|
|
checkNewVersion: true
|
|
sendAnonymousUsage: false
|
|
|
|
# Enable traefik ui dashboard
|
|
api:
|
|
dashboard: true
|
|
insecure: true
|
|
|
|
# Log level INFO|DEBUG|ERROR
|
|
log:
|
|
level: INFO
|
|
|
|
# crowdsec bouncer
|
|
#experimental:
|
|
# plugins:
|
|
# bouncer:
|
|
# moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
|
|
# version: v1.3.5
|
|
|
|
#metrics:
|
|
# influxDB2:
|
|
# address: http://influxdb2:8086
|
|
# token: my-secure-token-secret
|
|
# org: influx-org
|
|
# bucket: influx-bucket
|
|
# addEntryPointsLabels: true
|
|
# addRoutersLabels: true
|
|
# addServicesLabels: true
|
|
# pushInterval: 60s
|
|
|
|
# Configuring Multiple Filters
|
|
accessLog:
|
|
filePath: "/logs/traefik.log"
|
|
format: json
|
|
filters:
|
|
statusCodes:
|
|
- "200-299" # log successful http requests
|
|
- "400-599" # log failed http requests
|
|
#retryAttempts: true
|
|
#minDuration: "10ms"
|
|
# collect logs as in-memory buffer before writing into log file
|
|
bufferingSize: 0
|
|
fields:
|
|
headers:
|
|
defaultMode: drop # drop all headers per default
|
|
names:
|
|
User-Agent: keep # log user agent strings
|
|
|
|
# The setting below is to allow insecure backend connections.
|
|
serverTransport:
|
|
insecureSkipVerify: true
|
|
|
|
# Traefik entrypoints (network ports) configuration
|
|
entryPoints:
|
|
# Not used in apps, but redirect everything from HTTP to HTTPS
|
|
http:
|
|
address: :80
|
|
forwardedHeaders:
|
|
trustedIPs: &trustedIps
|
|
# Start of Clouflare public IP list for HTTP requests, remove this if you don't use it; https://www.cloudflare.com/de-de/ips/
|
|
- 103.21.244.0/22
|
|
- 103.22.200.0/22
|
|
- 103.31.4.0/22
|
|
- 104.16.0.0/13
|
|
- 104.24.0.0/14
|
|
- 108.162.192.0/18
|
|
- 131.0.72.0/22
|
|
- 141.101.64.0/18
|
|
- 162.158.0.0/15
|
|
- 172.64.0.0/13
|
|
- 173.245.48.0/20
|
|
- 188.114.96.0/20
|
|
- 190.93.240.0/20
|
|
- 197.234.240.0/22
|
|
- 198.41.128.0/17
|
|
- 2400:cb00::/32
|
|
- 2606:4700::/32
|
|
- 2803:f800::/32
|
|
- 2405:b500::/32
|
|
- 2405:8100::/32
|
|
- 2a06:98c0::/29
|
|
- 2c0f:f248::/32
|
|
# End of Cloudlare public IP list
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: https
|
|
scheme: https
|
|
|
|
# HTTPS endpoint, with domain wildcard
|
|
https:
|
|
address: :443
|
|
forwardedHeaders:
|
|
# Reuse list of Cloudflare Trusted IP's above for HTTPS requests
|
|
trustedIPs: *trustedIps
|
|
# enable HTTP3 QUIC via UDP/443
|
|
#http3:
|
|
# advertisedPort: '443'
|
|
http:
|
|
tls:
|
|
# Generate a wildcard domain certificate
|
|
certResolver: myresolver
|
|
domains:
|
|
- main: example.com # change this to your proxy domain
|
|
sans:
|
|
- '*.example.com' # change this to your proxy domain
|
|
middlewares:
|
|
- security-headers@file # reference to a dynamic middleware for setting http security headers per default
|
|
- rate-limit@file # reference to a dynamic middleware for enabling rate limiting per default
|
|
#- crowdsec@file # reference to a dynamic middleware for enabling crowdsec bouncer
|
|
|
|
providers:
|
|
providersThrottleDuration: 2s
|
|
|
|
# File provider for connecting things that are outside of docker / defining middleware
|
|
file:
|
|
filename: /etc/traefik/fileConfig.yml
|
|
watch: true
|
|
|
|
# Docker provider for connecting all apps that are inside of the docker network
|
|
docker:
|
|
watch: true
|
|
network: proxy # Add Your Docker Network Name Here
|
|
# Default host rule to containername.domain.example
|
|
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)" # change 'example.com' to your proxy domain
|
|
exposedByDefault: false
|
|
|
|
# Use letsencrypt to generate ssl certificates
|
|
certificatesResolvers:
|
|
myresolver:
|
|
acme:
|
|
email: example@example.com # the email address used for ssl certificate registration
|
|
storage: /etc/traefik/acme.json
|
|
#httpChallenge: # acme http challenge; requires port 80 and proper dns entries
|
|
# entryPoint: http # specify the entry point for the HTTP challenge (adjust if needed)
|
|
dnsChallenge: # acme dns challenge; requires api token of dns provider
|
|
provider: cloudflare
|
|
# Used to make sure the dns challenge is propagated to the right dns servers
|
|
resolvers:
|
|
- "1.1.1.1:53"
|
|
- "1.0.0.1:53"
|