🏡 index : github.com/captn3m0/nebula.git

defaultEntryPoints = ["http", "https"]
# logLevel = "DEBUG"
# Have to enable this because of heimdall
InsecureSkipVerify = true
sendAnonymousUsage = true
checkNewVersion = false

[traefikLog]
[accessLog]

[entryPoints]
[entryPoints.http]
  address = ":80"
  [entryPoints.http.redirect]
    entryPoint = "https"
[entryPoints.https]
  address = ":443"
  # This is required for ACME support
  [entryPoints.https.tls]
  [[entryPoints.https.tls.certificates]]
    certFile = "/etc/traefik/git.captnemo.in.crt"
    keyFile  = "/etc/traefik/git.captnemo.in.key"
  [[entryPoints.https.tls.certificates]]
    certFile = "/etc/traefik/rss.captnemo.in.crt"
    keyFile  = "/etc/traefik/rss.captnemo.in.key"

[docker]
  # Make sure you mount this as readonly
  endpoint = "unix:///var/run/docker.sock"
  domain = "bb8.fun"
  watch = true
  exposedbydefault = false

[file]
[backends]

# This is currently not exposed
# Since I can't apply a authentication
# on this yet

[backends.elibsrv]
[backends.elibsrv.servers.default]
  url = "http://elibsrv.captnemo.in:90"

[backends.scan]
[backends.scan.servers.default]
  url = "http://scan.in.bb8.fun:90"

[frontends]

[frontends.scan]
  backend = "scan"
  [frontends.scan.headers]
    SSLRedirect = true
    SSLTemporaryRedirect = true
    STSSeconds = 2592000
    FrameDeny = true
    ContentTypeNosniff = true
    BrowserXssFilter = true
    ReferrerPolicy = "no-referrer"
  [frontends.scan.headers.customresponseheaders]
    X-Powered-By = "Allomancy"
    Server = "BlackBox"
    X-Clacks-Overhead = "GNU Terry Pratchett"
[frontends.scan.routes.domain]
  rule = "Host:scan.bb8.fun"

[web]
  address = ":1111"
  readOnly = true

# To enable Traefik to export internal metrics to Prometheus
[web.metrics.prometheus]

[acme]
email = "acme@captnemo.in"
storage = "/acme/acme.json"
entryPoint = "https"
onHostRule = false
onDemand   = false
acmelogging = true

[acme.httpChallenge]
  entryPoint = "http"

[acme.dnsChallenge]
  provider = "cloudflare"
  delayBeforeCheck = 30

# Primary 2 wildcard certs
[[acme.domains]]
  main = "*.bb8.fun"
# Internal services are also protected!
[[acme.domains]]
  main = "*.in.bb8.fun"