nebula/docker/conf/traefik.toml

69 lines
1.6 KiB
TOML

defaultEntryPoints = ["http", "https"]
sendAnonymousUsage = true
checkNewVersion = false
[traefikLog]
[accessLog]
[entryPoints]
[entryPoints.https]
address = ":443"
# This is required for ACME support
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/git.captnemo.in.crt"
keyFile = "/etc/traefik/git.captnemo.in.key"
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/rss.captnemo.in.crt"
keyFile = "/etc/traefik/rss.captnemo.in.key"
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/tatooine.club.crt"
keyFile = "/etc/traefik/tatooine.club.key"
[docker]
# Make sure you mount this as readonly
# NOTE: readonly doesn't reduce the risk because
# it is a unix socket - it doesn't automatically translate
# read|write perms to GET/POST requests.
endpoint = "unix:///var/run/docker.sock"
domain = "bb8.fun"
watch = true
exposedbydefault = false
[file]
[backends]
# This is currently not exposed
# Since I can't apply a authentication
# on this yet
[web]
address = ":1111"
readOnly = true
# To enable Traefik to export internal metrics to Prometheus
[web.metrics.prometheus]
[acme]
email = "acme@captnemo.in"
storage = "/acme/acme.json"
entryPoint = "https"
onHostRule = false
onDemand = false
acmelogging = true
[acme.httpChallenge]
entryPoint = "http"
[acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 120
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
# Primary 2 wildcard certs
[[acme.domains]]
main = "*.bb8.fun"
# Internal services are also protected!
[[acme.domains]]
main = "*.in.bb8.fun"