Compose-Examples/examples/traefik/traefik.yml
2024-10-22 02:32:57 +02:00

144 lines
4.3 KiB
YAML

# Traefik global configuration
global:
checkNewVersion: true
sendAnonymousUsage: false
# Enable traefik ui dashboard
api:
dashboard: true
insecure: true
# Log level INFO|DEBUG|ERROR
log:
level: INFO
# crowdsec bouncer
#experimental:
# plugins:
# bouncer:
# moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
# version: v1.2.1
#metrics:
# influxDB2:
# address: http://influxdb2:8086
# token: my-secure-token-secret
# org: influx-org
# bucket: influx-bucket
# addEntryPointsLabels: true
# addRoutersLabels: true
# addServicesLabels: true
# pushInterval: 60s
# Configuring Multiple Filters
accessLog:
filePath: "/logs/traefik.log"
format: json
filters:
statusCodes:
# - "200" # log successful http requests
- "400-599" # log failed http requests
#retryAttempts: true
#minDuration: "10ms"
# collect logs as in-memory buffer before writing into log file
bufferingSize: 0
fields:
headers:
defaultMode: drop # drop all headers per default
names:
User-Agent: keep # log user agent strings
# The setting below is to allow insecure backend connections.
serverTransport:
insecureSkipVerify: true
# Traefik entrypoints (network ports) configuration
entryPoints:
# Not used in apps, but redirect everything from HTTP to HTTPS
http:
address: :80
forwardedHeaders:
trustedIPs: &trustedIps
# Start of Clouflare public IP list for HTTP requests, remove this if you don't use it; https://www.cloudflare.com/de-de/ips/
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 104.16.0.0/13
- 104.24.0.0/14
- 108.162.192.0/18
- 131.0.72.0/22
- 141.101.64.0/18
- 162.158.0.0/15
- 172.64.0.0/13
- 173.245.48.0/20
- 188.114.96.0/20
- 190.93.240.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 2400:cb00::/32
- 2606:4700::/32
- 2803:f800::/32
- 2405:b500::/32
- 2405:8100::/32
- 2a06:98c0::/29
- 2c0f:f248::/32
# End of Cloudlare public IP list
http:
redirections:
entryPoint:
to: https
scheme: https
# HTTPS endpoint, with domain wildcard
https:
address: :443
forwardedHeaders:
# Reuse list of Cloudflare Trusted IP's above for HTTPS requests
trustedIPs: *trustedIps
# enable HTTP3 QUIC via UDP/443
#http3:
# advertisedPort: '443'
http:
tls:
# Generate a wildcard domain certificate
certResolver: myresolver
domains:
- main: example.com # change this to your proxy domain
sans:
- '*.example.com' # change this to your proxy domain
middlewares:
- security-headers@file # reference to a dynamic middleware for setting http security headers per default
- rate-limit@file # reference to a dynamic middleware for enabling rate limiting per default
#- crowdsec@file # reference to a dynamic middleware for enabling crowdsec bouncer
providers:
providersThrottleDuration: 2s
# File provider for connecting things that are outside of docker / defining middleware
file:
filename: /etc/traefik/fileConfig.yml
watch: true
# Docker provider for connecting all apps that are inside of the docker network
docker:
watch: true
network: proxy # Add Your Docker Network Name Here
# Default host rule to containername.domain.example
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)" # change 'example.com' to your proxy domain
exposedByDefault: false
# Use letsencrypt to generate ssl certificates
certificatesResolvers:
myresolver:
acme:
email: example@example.com # the email address used for ssl certificate registration
storage: /etc/traefik/acme.json
#httpChallenge: # acme http challenge; requires port 80 and proper dns entries
# entryPoint: http # specify the entry point for the HTTP challenge (adjust if needed)
dnsChallenge: # acme dns challenge; requires api token of dns provider
provider: cloudflare
# Used to make sure the dns challenge is propagated to the right dns servers
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"