Source Code for the Home Server setup. This includes the git server hosting this repository as well. #terraform #docker https://git.captnemo.in/nemo/nebula/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

95 lines
2.2 KiB

defaultEntryPoints = ["http", "https"]
sendAnonymousUsage = true
checkNewVersion = false
[traefikLog]
[accessLog]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
# This is required for ACME support
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/git.captnemo.in.crt"
keyFile = "/etc/traefik/git.captnemo.in.key"
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/rss.captnemo.in.crt"
keyFile = "/etc/traefik/rss.captnemo.in.key"
[docker]
# Make sure you mount this as readonly
# NOTE: readonly doesn't reduce the risk because
# it is a unix socket - it doesn't automatically translate
# read|write perms to GET/POST requests.
endpoint = "unix:///var/run/docker.sock"
domain = "bb8.fun"
watch = true
exposedbydefault = false
[file]
[backends]
# This is currently not exposed
# Since I can't apply a authentication
# on this yet
[backends.elibsrv]
[backends.elibsrv.servers.default]
url = "http://elibsrv.captnemo.in:90"
[backends.scan]
[backends.scan.servers.default]
url = "http://scan.in.bb8.fun:90"
[frontends]
[frontends.scan]
backend = "scan"
[frontends.scan.headers]
SSLRedirect = true
SSLTemporaryRedirect = true
STSSeconds = 2592000
FrameDeny = true
ContentTypeNosniff = true
BrowserXssFilter = true
ReferrerPolicy = "no-referrer"
[frontends.scan.headers.customresponseheaders]
X-Powered-By = "Allomancy"
Server = "BlackBox"
X-Clacks-Overhead = "GNU Terry Pratchett"
[frontends.scan.routes.domain]
rule = "Host:scan.bb8.fun"
[web]
address = ":1111"
readOnly = true
# To enable Traefik to export internal metrics to Prometheus
[web.metrics.prometheus]
[acme]
email = "acme@captnemo.in"
storage = "/acme/acme.json"
entryPoint = "https"
onHostRule = false
onDemand = false
acmelogging = true
[acme.httpChallenge]
entryPoint = "http"
[acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 30
# Primary 2 wildcard certs
[[acme.domains]]
main = "*.bb8.fun"
# Internal services are also protected!
[[acme.domains]]
main = "*.in.bb8.fun"