Added traefik config
This commit is contained in:
parent
e00c04b131
commit
19595bfc78
|
@ -1 +1,2 @@
|
|||
.env.local
|
||||
_copy_to_traefik/tls
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
http:
|
||||
serversTransports:
|
||||
insecuretransport:
|
||||
insecureSkipVerify: true
|
||||
middlewares:
|
||||
secureHeaders:
|
||||
headers:
|
||||
sslRedirect: true
|
||||
forceSTSHeader: true
|
||||
stsIncludeSubdomains: true
|
||||
stsPreload: true
|
||||
stsSeconds: 31536000
|
||||
customFrameOptionsValue: "SAMEORIGIN"
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
referrerPolicy: "strict-origin-when-cross-origin"
|
||||
permissionsPolicy: "camera=(), microphone=(), geolocation=()"
|
||||
customResponseHeaders:
|
||||
X-Robots-Tag: "noindex,nofollow,nosnippet,noarchive,notranslate,noimageindex"
|
||||
|
||||
tls:
|
||||
stores:
|
||||
default:
|
||||
defaultCertificate:
|
||||
certFile: /etc/traefik/tls/cert.pem
|
||||
keyFile: /etc/traefik/tls/key.pem
|
||||
certificates:
|
||||
- certFile: /etc/traefik/tls/cert.pem
|
||||
keyFile: /etc/traefik/tls/key.pem
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
http:
|
||||
middlewares:
|
||||
authentik_sysmgr:
|
||||
forwardAuth:
|
||||
address: https://auth.szk.li/outpost.goauthentik.io/auth/traefik
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-authentik-username
|
||||
- X-authentik-groups
|
||||
- X-authentik-email
|
||||
- X-authentik-name
|
||||
- X-authentik-uid
|
||||
- X-authentik-jwt
|
||||
- X-authentik-meta-jwks
|
||||
- X-authentik-meta-outpost
|
||||
- X-authentik-meta-provider
|
||||
- X-authentik-meta-app
|
||||
- X-authentik-meta-version
|
|
@ -0,0 +1,23 @@
|
|||
# http routing section
|
||||
http:
|
||||
routers:
|
||||
# Define a connection between requests and services
|
||||
"to-ha":
|
||||
rule: "Host(`ha.lksz.me`)"
|
||||
entrypoints:
|
||||
- websecure
|
||||
# # If the rule matches, applies the middleware
|
||||
# middlewares:
|
||||
# - test-user
|
||||
# If the rule matches, forward to the whoami service (declared below)
|
||||
service: home-assistant
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
|
||||
services:
|
||||
# Define how to reach an existing service on our infrastructure
|
||||
home-assistant:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://ha.lan:8123"
|
||||
#- address: "ha.lan:8123"
|
|
@ -0,0 +1,42 @@
|
|||
# http routing section
|
||||
http:
|
||||
routers:
|
||||
# Define a connection between requests and services
|
||||
"to-kasm-main":
|
||||
rule: "Host(`k.szk.li`)"
|
||||
entrypoints:
|
||||
- websecure
|
||||
# # If the rule matches, applies the middleware
|
||||
middlewares:
|
||||
- authentik_sysmgr
|
||||
# - test-user
|
||||
# If the rule matches, forward to the whoami service (declared below)
|
||||
service: kasm-main
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
|
||||
# Define a connection between requests and services
|
||||
"to-kasm-setup":
|
||||
rule: "Host(`ksetup.szk.li`)"
|
||||
entrypoints:
|
||||
- websecure
|
||||
# # If the rule matches, applies the middleware
|
||||
middlewares:
|
||||
- authentik_sysmgr
|
||||
# - test-user
|
||||
# If the rule matches, forward to the whoami service (declared below)
|
||||
service: kasm-setup
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
|
||||
|
||||
services:
|
||||
# Define how to reach an existing service on our infrastructure
|
||||
kasm-main:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://kasm-workspaces:8744"
|
||||
kasm-setup:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "https://kasm-workspaces:8743"
|
|
@ -0,0 +1,40 @@
|
|||
# http routing section
|
||||
http:
|
||||
routers:
|
||||
to-auth:
|
||||
rule: "Host(`auth.lksz.me`)"
|
||||
entrypoints:
|
||||
- websecure
|
||||
service: kateryna-traefik
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
to-syncthing:
|
||||
rule: "Host(`sync.lksz.me`)"
|
||||
entrypoints:
|
||||
- websecure
|
||||
service: kateryna-traefik
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
to-kateryna:
|
||||
rule: "Host(`kateryna.szk.li`)
|
||||
|| Host(`kateryna.lksz.me`)
|
||||
|| Host(`radarr.lksz.me`)
|
||||
|| Host(`sonarr.lksz.me`)
|
||||
|| Host(`prowlarr.lksz.me`)
|
||||
|| Host(`req.lksz.me`)
|
||||
|| Host(`jd.lksz.me`)
|
||||
|| Host(`nzb.lksz.me`)
|
||||
|| Host(`stats.player.lksz.me`)
|
||||
"
|
||||
entrypoints:
|
||||
- websecure
|
||||
service: kateryna-traefik
|
||||
tls:
|
||||
certresolver: myresolver
|
||||
|
||||
services:
|
||||
# Define how to reach an existing service on our infrastructure
|
||||
kateryna-traefik:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: https://kateryna.lksz.me
|
|
@ -0,0 +1,34 @@
|
|||
api:
|
||||
dashboard: true
|
||||
insecure: true
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: 'unix:///var/run/docker.sock'
|
||||
watch: true
|
||||
exposedByDefault: false
|
||||
file:
|
||||
directory: /etc/traefik/dynamic
|
||||
watch: true
|
||||
|
||||
entryPoints:
|
||||
web:
|
||||
address: ':80'
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: 'websecure'
|
||||
scheme: 'https'
|
||||
websecure:
|
||||
address: ':443'
|
||||
|
||||
certificatesResolvers:
|
||||
httpresolver:
|
||||
acme:
|
||||
# email: acme@thisprops.com
|
||||
storage: /shared/acme.json
|
||||
httpChallenge:
|
||||
entryPoint: web
|
||||
|
||||
log:
|
||||
level: ERROR
|
Loading…
Reference in New Issue