Source Code for the Home Server setup. This includes the git server hosting this repository as well. #terraform #docker https://git.captnemo.in/nemo/nebula/

traefik.toml 2.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100
  1. defaultEntryPoints = ["http", "https"]
  2. # Have to enable this because of heimdall
  3. InsecureSkipVerify = true
  4. sendAnonymousUsage = true
  5. checkNewVersion = false
  6. [traefikLog]
  7. [accessLog]
  8. [entryPoints]
  9. [entryPoints.http]
  10. address = ":80"
  11. [entryPoints.http.redirect]
  12. entryPoint = "https"
  13. [entryPoints.https]
  14. address = ":443"
  15. # This is required for ACME support
  16. [entryPoints.https.tls]
  17. [[entryPoints.https.tls.certificates]]
  18. certFile = "/etc/traefik/git.captnemo.in.crt"
  19. keyFile = "/etc/traefik/git.captnemo.in.key"
  20. [[entryPoints.https.tls.certificates]]
  21. certFile = "/etc/traefik/rss.captnemo.in.crt"
  22. keyFile = "/etc/traefik/rss.captnemo.in.key"
  23. # This contains 2 domains: {emby|airsonic}.bb8.fun
  24. [[entryPoints.https.tls.certificates]]
  25. certFile = "/etc/traefik/emby.in.bb8.fun.crt"
  26. keyFile = "/etc/traefik/emby.in.bb8.fun.key"
  27. [docker]
  28. # Make sure you mount this as readonly
  29. endpoint = "unix:///var/run/docker.sock"
  30. domain = "bb8.fun"
  31. watch = true
  32. exposedbydefault = false
  33. [file]
  34. [backends]
  35. # This is currently not exposed
  36. # Since I can't apply a authentication
  37. # on this yet
  38. [backends.elibsrv]
  39. [backends.elibsrv.servers.default]
  40. url = "http://elibsrv.captnemo.in:90"
  41. [backends.scan]
  42. [backends.scan.servers.default]
  43. url = "http://scan.in.bb8.fun:90"
  44. [frontends]
  45. [frontends.scan]
  46. backend = "scan"
  47. [frontends.scan.headers]
  48. SSLRedirect = true
  49. SSLTemporaryRedirect = true
  50. STSSeconds = 2592000
  51. FrameDeny = true
  52. ContentTypeNosniff = true
  53. BrowserXssFilter = true
  54. ReferrerPolicy = "no-referrer"
  55. [frontends.scan.headers.customresponseheaders]
  56. X-Powered-By = "Allomancy"
  57. Server = "BlackBox"
  58. X-Clacks-Overhead = "GNU Terry Pratchett"
  59. [frontends.scan.routes.domain]
  60. rule = "Host:scan.bb8.fun"
  61. [web]
  62. address = ":1111"
  63. readOnly = true
  64. # To enable Traefik to export internal metrics to Prometheus
  65. [web.metrics.prometheus]
  66. [acme]
  67. email = "acme@captnemo.in"
  68. storage = "/acme/acme.json"
  69. entryPoint = "https"
  70. onHostRule = false
  71. onDemand = false
  72. acmelogging = true
  73. [acme.httpChallenge]
  74. entryPoint = "http"
  75. [acme.dnsChallenge]
  76. provider = "cloudflare"
  77. delayBeforeCheck = 30
  78. # Primary 2 wildcard certs
  79. [[acme.domains]]
  80. main = "*.bb8.fun"
  81. # Internal services are also protected!
  82. [[acme.domains]]
  83. main = "*.in.bb8.fun"