Added traefik config

This commit is contained in:
Lockszmith (@kateryna) 2024-11-24 23:05:29 -05:00
parent e00c04b131
commit 19595bfc78
7 changed files with 188 additions and 0 deletions

1
.gitignore vendored
View File

@ -1 +1,2 @@
.env.local
_copy_to_traefik/tls

View File

@ -0,0 +1,30 @@
http:
serversTransports:
insecuretransport:
insecureSkipVerify: true
middlewares:
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: "strict-origin-when-cross-origin"
permissionsPolicy: "camera=(), microphone=(), geolocation=()"
customResponseHeaders:
X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
tls:
stores:
default:
defaultCertificate:
certFile: /etc/traefik/tls/cert.pem
keyFile: /etc/traefik/tls/key.pem
certificates:
- certFile: /etc/traefik/tls/cert.pem
keyFile: /etc/traefik/tls/key.pem

View File

@ -0,0 +1,18 @@
http:
middlewares:
authentik_sysmgr:
forwardAuth:
address: https://auth.szk.li/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version

View File

@ -0,0 +1,23 @@
# http routing section
http:
routers:
# Define a connection between requests and services
"to-ha":
rule: "Host(`ha.lksz.me`)"
entrypoints:
- websecure
# # If the rule matches, applies the middleware
# middlewares:
# - test-user
# If the rule matches, forward to the whoami service (declared below)
service: home-assistant
tls:
certresolver: myresolver
services:
# Define how to reach an existing service on our infrastructure
home-assistant:
loadBalancer:
servers:
- url: "http://ha.lan:8123"
#- address: "ha.lan:8123"

View File

@ -0,0 +1,42 @@
# http routing section
http:
routers:
# Define a connection between requests and services
"to-kasm-main":
rule: "Host(`k.szk.li`)"
entrypoints:
- websecure
# # If the rule matches, applies the middleware
middlewares:
- authentik_sysmgr
# - test-user
# If the rule matches, forward to the whoami service (declared below)
service: kasm-main
tls:
certresolver: myresolver
# Define a connection between requests and services
"to-kasm-setup":
rule: "Host(`ksetup.szk.li`)"
entrypoints:
- websecure
# # If the rule matches, applies the middleware
middlewares:
- authentik_sysmgr
# - test-user
# If the rule matches, forward to the whoami service (declared below)
service: kasm-setup
tls:
certresolver: myresolver
services:
# Define how to reach an existing service on our infrastructure
kasm-main:
loadBalancer:
servers:
- url: "https://kasm-workspaces:8744"
kasm-setup:
loadBalancer:
servers:
- url: "https://kasm-workspaces:8743"

View File

@ -0,0 +1,40 @@
# http routing section
http:
routers:
to-auth:
rule: "Host(`auth.lksz.me`)"
entrypoints:
- websecure
service: kateryna-traefik
tls:
certresolver: myresolver
to-syncthing:
rule: "Host(`sync.lksz.me`)"
entrypoints:
- websecure
service: kateryna-traefik
tls:
certresolver: myresolver
to-kateryna:
rule: "Host(`kateryna.szk.li`)
|| Host(`kateryna.lksz.me`)
|| Host(`radarr.lksz.me`)
|| Host(`sonarr.lksz.me`)
|| Host(`prowlarr.lksz.me`)
|| Host(`req.lksz.me`)
|| Host(`jd.lksz.me`)
|| Host(`nzb.lksz.me`)
|| Host(`stats.player.lksz.me`)
"
entrypoints:
- websecure
service: kateryna-traefik
tls:
certresolver: myresolver
services:
# Define how to reach an existing service on our infrastructure
kateryna-traefik:
loadBalancer:
servers:
- url: https://kateryna.lksz.me

View File

@ -0,0 +1,34 @@
api:
dashboard: true
insecure: true
providers:
docker:
endpoint: 'unix:///var/run/docker.sock'
watch: true
exposedByDefault: false
file:
directory: /etc/traefik/dynamic
watch: true
entryPoints:
web:
address: ':80'
http:
redirections:
entryPoint:
to: 'websecure'
scheme: 'https'
websecure:
address: ':443'
certificatesResolvers:
httpresolver:
acme:
# email: acme@thisprops.com
storage: /shared/acme.json
httpChallenge:
entryPoint: web
log:
level: ERROR