69 lines
1.6 KiB
TOML
69 lines
1.6 KiB
TOML
defaultEntryPoints = ["http", "https"]
|
|
sendAnonymousUsage = true
|
|
checkNewVersion = false
|
|
|
|
[traefikLog]
|
|
[accessLog]
|
|
|
|
[entryPoints]
|
|
[entryPoints.https]
|
|
address = ":443"
|
|
# This is required for ACME support
|
|
[entryPoints.https.tls]
|
|
[[entryPoints.https.tls.certificates]]
|
|
certFile = "/etc/traefik/git.captnemo.in.crt"
|
|
keyFile = "/etc/traefik/git.captnemo.in.key"
|
|
[[entryPoints.https.tls.certificates]]
|
|
certFile = "/etc/traefik/rss.captnemo.in.crt"
|
|
keyFile = "/etc/traefik/rss.captnemo.in.key"
|
|
[[entryPoints.https.tls.certificates]]
|
|
certFile = "/etc/traefik/tatooine.club.crt"
|
|
keyFile = "/etc/traefik/tatooine.club.key"
|
|
|
|
[docker]
|
|
# Make sure you mount this as readonly
|
|
# NOTE: readonly doesn't reduce the risk because
|
|
# it is a unix socket - it doesn't automatically translate
|
|
# read|write perms to GET/POST requests.
|
|
endpoint = "unix:///var/run/docker.sock"
|
|
domain = "bb8.fun"
|
|
watch = true
|
|
exposedbydefault = false
|
|
|
|
[file]
|
|
[backends]
|
|
|
|
# This is currently not exposed
|
|
# Since I can't apply a authentication
|
|
# on this yet
|
|
|
|
[web]
|
|
address = ":1111"
|
|
readOnly = true
|
|
|
|
# To enable Traefik to export internal metrics to Prometheus
|
|
[web.metrics.prometheus]
|
|
|
|
[acme]
|
|
email = "acme@captnemo.in"
|
|
storage = "/acme/acme.json"
|
|
entryPoint = "https"
|
|
onHostRule = false
|
|
onDemand = false
|
|
acmelogging = true
|
|
|
|
[acme.httpChallenge]
|
|
entryPoint = "http"
|
|
|
|
[acme.dnsChallenge]
|
|
provider = "cloudflare"
|
|
delayBeforeCheck = 120
|
|
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
|
|
|
|
# Primary 2 wildcard certs
|
|
[[acme.domains]]
|
|
main = "*.bb8.fun"
|
|
# Internal services are also protected!
|
|
[[acme.domains]]
|
|
main = "*.in.bb8.fun"
|