mirror of
https://github.com/Haxxnet/Compose-Examples
synced 2024-11-24 12:31:13 +00:00
82e4ee6d93
log failed http requests only in the default conf. Reduces log size for beginners that have not yet configured logrotation.
121 lines
3.6 KiB
YAML
121 lines
3.6 KiB
YAML
# Traefik global configuration
|
|
global:
|
|
checkNewVersion: true
|
|
sendAnonymousUsage: false
|
|
|
|
# Enable traefik ui dashboard
|
|
api:
|
|
dashboard: true
|
|
insecure: true
|
|
|
|
# Log level INFO|DEBUG|ERROR
|
|
log:
|
|
level: INFO
|
|
|
|
# Configuring Multiple Filters
|
|
accessLog:
|
|
filePath: "/logs/traefik.log"
|
|
format: json
|
|
filters:
|
|
statusCodes:
|
|
# - "200" # log successful http requests
|
|
- "400-599" # log failed http requests
|
|
#retryAttempts: true
|
|
#minDuration: "10ms"
|
|
# collect logs as in-memory buffer before writing into log file
|
|
bufferingSize: 0
|
|
fields:
|
|
headers:
|
|
defaultMode: drop # drop all headers per default
|
|
names:
|
|
User-Agent: keep # log user agent strings
|
|
|
|
# The setting below is to allow insecure backend connections.
|
|
serverTransport:
|
|
insecureSkipVerify: true
|
|
|
|
# Traefik entrypoints (network ports) configuration
|
|
entryPoints:
|
|
# Not used in apps, but redirect everything from HTTP to HTTPS
|
|
http:
|
|
address: :80
|
|
forwardedHeaders:
|
|
trustedIPs: &trustedIps
|
|
# Start of Clouflare public IP list for HTTP requests, remove this if you don't use it; https://www.cloudflare.com/de-de/ips/
|
|
- 103.21.244.0/22
|
|
- 103.22.200.0/22
|
|
- 103.31.4.0/22
|
|
- 104.16.0.0/13
|
|
- 104.24.0.0/14
|
|
- 108.162.192.0/18
|
|
- 131.0.72.0/22
|
|
- 141.101.64.0/18
|
|
- 162.158.0.0/15
|
|
- 172.64.0.0/13
|
|
- 173.245.48.0/20
|
|
- 188.114.96.0/20
|
|
- 190.93.240.0/20
|
|
- 197.234.240.0/22
|
|
- 198.41.128.0/17
|
|
- 2400:cb00::/32
|
|
- 2606:4700::/32
|
|
- 2803:f800::/32
|
|
- 2405:b500::/32
|
|
- 2405:8100::/32
|
|
- 2a06:98c0::/29
|
|
- 2c0f:f248::/32
|
|
# End of Cloudlare public IP list
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: https
|
|
scheme: https
|
|
|
|
# HTTPS endpoint, with domain wildcard
|
|
https:
|
|
address: :443
|
|
forwardedHeaders:
|
|
# Reuse list of Cloudflare Trusted IP's above for HTTPS requests
|
|
trustedIPs: *trustedIps
|
|
http:
|
|
tls:
|
|
# Generate a wildcard domain certificate
|
|
certResolver: letsencrypt
|
|
domains:
|
|
- main: example.com # change this to your proxy domain
|
|
sans:
|
|
- '*.example.com' # change this to your proxy domain
|
|
middlewares:
|
|
- security-headers@file # reference to a dynamic middleware for setting http security headers per default
|
|
- rate-limit@file # reference to a dynamic middleware for enabling rate limiting per default
|
|
|
|
providers:
|
|
providersThrottleDuration: 2s
|
|
|
|
# File provider for connecting things that are outside of docker / defining middleware
|
|
file:
|
|
filename: /etc/traefik/fileConfig.yml
|
|
watch: true
|
|
|
|
# Docker provider for connecting all apps that are inside of the docker network
|
|
docker:
|
|
watch: true
|
|
network: proxy # Add Your Docker Network Name Here
|
|
# Default host rule to containername.domain.example
|
|
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)" # change 'example.com' to your proxy domain
|
|
swarmModeRefreshSeconds: 15s
|
|
exposedByDefault: false
|
|
|
|
# Use letsencrypt to generate ssl certificates
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
acme:
|
|
email: <CF-EMAIL-ADDRESS> # change to your provider account email address. The API token is defined in the docker-compose.yml as environment variable
|
|
storage: /etc/traefik/acme.json
|
|
dnsChallenge:
|
|
provider: cloudflare
|
|
# Used to make sure the dns challenge is propagated to the rights dns servers
|
|
resolvers:
|
|
- "1.1.1.1:53"
|
|
- "1.0.0.1:53"
|