defaultEntryPoints = ["http", "https"] sendAnonymousUsage = true checkNewVersion = false [traefikLog] [accessLog] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" # This is required for ACME support [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "/etc/traefik/git.captnemo.in.crt" keyFile = "/etc/traefik/git.captnemo.in.key" [[entryPoints.https.tls.certificates]] certFile = "/etc/traefik/rss.captnemo.in.crt" keyFile = "/etc/traefik/rss.captnemo.in.key" [docker] # Make sure you mount this as readonly # NOTE: readonly doesn't reduce the risk because # it is a unix socket - it doesn't automatically translate # read|write perms to GET/POST requests. endpoint = "unix:///var/run/docker.sock" domain = "bb8.fun" watch = true exposedbydefault = false [file] [backends] # This is currently not exposed # Since I can't apply a authentication # on this yet [web] address = ":1111" readOnly = true # To enable Traefik to export internal metrics to Prometheus [web.metrics.prometheus] [acme] email = "acme@captnemo.in" storage = "/acme/acme.json" entryPoint = "https" onHostRule = false onDemand = false acmelogging = true [acme.httpChallenge] entryPoint = "http" [acme.dnsChallenge] provider = "cloudflare" delayBeforeCheck = 30 # Primary 2 wildcard certs [[acme.domains]] main = "*.bb8.fun" # Internal services are also protected! [[acme.domains]] main = "*.in.bb8.fun"