defaultEntryPoints = ["http", "https"] sendAnonymousUsage = true checkNewVersion = false [traefikLog] [accessLog] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" # This is required for ACME support [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "/etc/traefik/git.captnemo.in.crt" keyFile = "/etc/traefik/git.captnemo.in.key" [[entryPoints.https.tls.certificates]] certFile = "/etc/traefik/rss.captnemo.in.crt" keyFile = "/etc/traefik/rss.captnemo.in.key" [docker] # Make sure you mount this as readonly endpoint = "unix:///var/run/docker.sock" domain = "bb8.fun" watch = true exposedbydefault = false [file] [backends] # This is currently not exposed # Since I can't apply a authentication # on this yet [backends.elibsrv] [backends.elibsrv.servers.default] url = "http://elibsrv.captnemo.in:90" [backends.scan] [backends.scan.servers.default] url = "http://scan.in.bb8.fun:90" [frontends] [frontends.scan] backend = "scan" [frontends.scan.headers] SSLRedirect = true SSLTemporaryRedirect = true STSSeconds = 2592000 FrameDeny = true ContentTypeNosniff = true BrowserXssFilter = true ReferrerPolicy = "no-referrer" [frontends.scan.headers.customresponseheaders] X-Powered-By = "Allomancy" Server = "BlackBox" X-Clacks-Overhead = "GNU Terry Pratchett" [frontends.scan.routes.domain] rule = "Host:scan.bb8.fun" [web] address = ":1111" readOnly = true # To enable Traefik to export internal metrics to Prometheus [web.metrics.prometheus] [acme] email = "acme@captnemo.in" storage = "/acme/acme.json" entryPoint = "https" onHostRule = false onDemand = false acmelogging = true [acme.httpChallenge] entryPoint = "http" [acme.dnsChallenge] provider = "cloudflare" delayBeforeCheck = 30 # Primary 2 wildcard certs [[acme.domains]] main = "*.bb8.fun" # Internal services are also protected! [[acme.domains]] main = "*.in.bb8.fun"