96 lines
2.1 KiB
TOML
96 lines
2.1 KiB
TOML
defaultEntryPoints = ["http", "https"]
|
|
# logLevel = "DEBUG"
|
|
# Have to enable this because of heimdall
|
|
InsecureSkipVerify = true
|
|
sendAnonymousUsage = true
|
|
checkNewVersion = false
|
|
|
|
[traefikLog]
|
|
[accessLog]
|
|
|
|
[entryPoints]
|
|
[entryPoints.http]
|
|
address = ":80"
|
|
[entryPoints.http.redirect]
|
|
entryPoint = "https"
|
|
[entryPoints.https]
|
|
address = ":443"
|
|
# This is required for ACME support
|
|
[entryPoints.https.tls]
|
|
[[entryPoints.https.tls.certificates]]
|
|
certFile = "/etc/traefik/git.captnemo.in.crt"
|
|
keyFile = "/etc/traefik/git.captnemo.in.key"
|
|
[[entryPoints.https.tls.certificates]]
|
|
certFile = "/etc/traefik/rss.captnemo.in.crt"
|
|
keyFile = "/etc/traefik/rss.captnemo.in.key"
|
|
|
|
[docker]
|
|
# Make sure you mount this as readonly
|
|
endpoint = "unix:///var/run/docker.sock"
|
|
domain = "bb8.fun"
|
|
watch = true
|
|
exposedbydefault = false
|
|
|
|
[file]
|
|
[backends]
|
|
|
|
# This is currently not exposed
|
|
# Since I can't apply a authentication
|
|
# on this yet
|
|
|
|
[backends.elibsrv]
|
|
[backends.elibsrv.servers.default]
|
|
url = "http://elibsrv.captnemo.in:90"
|
|
|
|
[backends.scan]
|
|
[backends.scan.servers.default]
|
|
url = "http://scan.in.bb8.fun:90"
|
|
|
|
[frontends]
|
|
|
|
[frontends.scan]
|
|
backend = "scan"
|
|
[frontends.scan.headers]
|
|
SSLRedirect = true
|
|
SSLTemporaryRedirect = true
|
|
STSSeconds = 2592000
|
|
FrameDeny = true
|
|
ContentTypeNosniff = true
|
|
BrowserXssFilter = true
|
|
ReferrerPolicy = "no-referrer"
|
|
[frontends.scan.headers.customresponseheaders]
|
|
X-Powered-By = "Allomancy"
|
|
Server = "BlackBox"
|
|
X-Clacks-Overhead = "GNU Terry Pratchett"
|
|
[frontends.scan.routes.domain]
|
|
rule = "Host:scan.bb8.fun"
|
|
|
|
[web]
|
|
address = ":1111"
|
|
readOnly = true
|
|
|
|
# To enable Traefik to export internal metrics to Prometheus
|
|
[web.metrics.prometheus]
|
|
|
|
[acme]
|
|
email = "acme@captnemo.in"
|
|
storage = "/acme/acme.json"
|
|
entryPoint = "https"
|
|
onHostRule = false
|
|
onDemand = false
|
|
acmelogging = true
|
|
|
|
[acme.httpChallenge]
|
|
entryPoint = "http"
|
|
|
|
[acme.dnsChallenge]
|
|
provider = "cloudflare"
|
|
delayBeforeCheck = 30
|
|
|
|
# Primary 2 wildcard certs
|
|
[[acme.domains]]
|
|
main = "*.bb8.fun"
|
|
# Internal services are also protected!
|
|
[[acme.domains]]
|
|
main = "*.in.bb8.fun"
|