From ca3e757080f859ab47506b9c7f2302613c75d2e1 Mon Sep 17 00:00:00 2001 From: Steve Dudenhoeffer Date: Mon, 25 Dec 2023 21:08:55 +0000 Subject: [PATCH] added custom traefik handlers --- traefik/.env.example | 2 +- traefik/custom/homeassistant.yml | 13 ++ traefik/custom/scrypted.yml | 20 +++ traefik/custom/unifi.yml | 20 +++ traefik/docker-compose.yml | 2 + traefik/traefik.yml.example | 230 +++++++++++++++++++++++++++++++ 6 files changed, 286 insertions(+), 1 deletion(-) create mode 100644 traefik/custom/homeassistant.yml create mode 100644 traefik/custom/scrypted.yml create mode 100644 traefik/custom/unifi.yml diff --git a/traefik/.env.example b/traefik/.env.example index 80f17e5..5e5e99f 100644 --- a/traefik/.env.example +++ b/traefik/.env.example @@ -8,7 +8,7 @@ USER_ID=1000 GROUP_ID=1000 # TIMEZONE is the timezone the server is in -TIMZEONE=America/New_York +TIMEZONE=America/New_York # CLOUDFLARE_EMAIL is the email for the cloudflare credentials CLOUDFLARE_EMAIL=email@address.com diff --git a/traefik/custom/homeassistant.yml b/traefik/custom/homeassistant.yml new file mode 100644 index 0000000..a45a7fa --- /dev/null +++ b/traefik/custom/homeassistant.yml @@ -0,0 +1,13 @@ + +http: + routers: + homeassistant-router: + rule: "Host(`homeassistant.dudenhoeffer.casa`)" + service: homeassistant-service + + services: + homeassistant-service: + loadBalancer: + servers: + - url: "http://192.168.0.197:8123" + passHostHeader: true \ No newline at end of file diff --git a/traefik/custom/scrypted.yml b/traefik/custom/scrypted.yml new file mode 100644 index 0000000..72a525b --- /dev/null +++ b/traefik/custom/scrypted.yml @@ -0,0 +1,20 @@ +http: + routers: + scrypted-router: + rule: "Host(`scrypted.dudenhoeffer.casa`)" + service: scrypted-service + # Optionally, you can add TLS configuration here if your router is serving HTTPS + + services: + scrypted-service: + loadBalancer: + servers: + - url: "https://192.168.0.197:10443" + passHostHeader: true + # Skip TLS verification for the self-signed certificate + serversTransport: "scrypted-servers-transport" + + # Define the serversTransport to skip TLS verification + serversTransports: + scrypted-servers-transport: + insecureSkipVerify: true diff --git a/traefik/custom/unifi.yml b/traefik/custom/unifi.yml new file mode 100644 index 0000000..a92e5c7 --- /dev/null +++ b/traefik/custom/unifi.yml @@ -0,0 +1,20 @@ +http: + routers: + unifi-router: + rule: "Host(`unifi.dudenhoeffer.casa`)" + service: unifi-service + # Optionally, you can add TLS configuration here if your router is serving HTTPS + + services: + unifi-service: + loadBalancer: + servers: + - url: "https://192.168.0.146" + passHostHeader: true + # Skip TLS verification for the self-signed certificate + serversTransport: "unifi-servers-transport" + + # Define the serversTransport to skip TLS verification + serversTransports: + unifi-servers-transport: + insecureSkipVerify: true diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml index 4df3662..075a4bf 100644 --- a/traefik/docker-compose.yml +++ b/traefik/docker-compose.yml @@ -5,6 +5,7 @@ services: image: traefik:latest container_name: traefik hostname: traefik + command: --providers.file.filename=/etc/traefik/dynamic.yml --providers.docker environment: @@ -24,6 +25,7 @@ services: volumes: - ./traefik.yml:/etc/traefik/traefik.yml:ro + - ./custom:/etc/traefik/custom:ro - /var/run/docker.sock:/tmp/docker.sock:ro - certs:/letsencrypt diff --git a/traefik/traefik.yml.example b/traefik/traefik.yml.example index e69de29..d1810f7 100644 --- a/traefik/traefik.yml.example +++ b/traefik/traefik.yml.example @@ -0,0 +1,230 @@ +################################################################ +# +# Configuration sample for Traefik v2. +# +# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml +# +################################################################ + +################################################################ +# Global configuration +################################################################ +global: + checkNewVersion: true + sendAnonymousUsage: true + +################################################################ +# EntryPoints configuration +################################################################ + +# EntryPoints definition +# +# Optional +# +entryPoints: + web: + address: :80 + http: + redirections: + entryPoint: + to: websecure + scheme: https + websecure: + address: :443 + http: + tls: + certResolver: letsencrypt + domains: + - main: domain.tld + sans: + - "*.domain.tld" + middlewares: + - "authelia@docker" + +################################################################ +# Traefik logs configuration +################################################################ + +# Traefik logs +# Enabled by default and log to stdout +# +# Optional +# +log: + # Log level + # + # Optional + # Default: "ERROR" + # + level: DEBUG + + # Sets the filepath for the traefik log. If not specified, stdout will be used. + # Intermediate directories are created if necessary. + # + # Optional + # Default: os.Stdout + # +# filePath: log/traefik.log + + # Format is either "json" or "common". + # + # Optional + # Default: "common" + # +# format: json + +################################################################ +# Access logs configuration +################################################################ + +# Enable access logs +# By default it will write to stdout and produce logs in the textual +# Common Log Format (CLF), extended with additional fields. +# +# Optional +# +accessLog: + # Sets the file path for the access log. If not specified, stdout will be used. + # Intermediate directories are created if necessary. + # + # Optional + # Default: os.Stdout + # +# filePath: /path/to/log/log.txt + filePath: "/etc/traefik/access.log" + format: common + + # Format is either "json" or "common". + # + # Optional + # Default: "common" + # +# format: json + +################################################################ +# API and dashboard configuration +################################################################ + +# Enable API and dashboard +# +# Optional +# +api: + # Enable the API in insecure mode + # + # Optional + # Default: false + # + insecure: true + + # Enabled Dashboard + # + # Optional + # Default: true + # + dashboard: true + +################################################################ +# Ping configuration +################################################################ + +# Enable ping +ping: + # Name of the related entry point + # + # Optional + # Default: "traefik" + # + entryPoint: traefik + +################################################################ +# Docker configuration backend +################################################################ + +providers: + # Enable Docker configuration backend + docker: + # Docker server endpoint. Can be a tcp or a unix socket endpoint. + # + # Required + # Default: "unix:///var/run/docker.sock" + # + endpoint: unix:///tmp/docker.sock + + # Default host rule. + # + # Optional + # Default: "Host(`{{ normalize .Name }}`)" + # + defaultRule: Host(`{{ normalize .Name }}.domain.tld`) + + # Expose containers by default in traefik + # + # Optional + # Default: true + # + exposedByDefault: true + + network: home-proxy + + file: + directory: /etc/traefik/custom + watch: true + +#tls: +# stores: +# default: +# defaultCertificate: +# certFile: /certs/star.domain.tld.crt +# keyFile: /certs/star.domain.tld..key +# certificates: +# - certFile: /certs/star.domain.tld..crt +# keyFile: /certs/star.domain.tld..key +# stores: +# - default +# + +certificatesResolvers: + letsencrypt: + acme: + email: email@address.com + storage: /letsencrypt/acme.json + dnsChallenge: + provider: cloudflare + # Used to make sure the dns challenge is propagated to the rights dns servers + # resolvers: + # - "1.1.1.1:53" + # - "1.0.0.1:53" + # +experimental: + plugins: + traefik-real-ip: + moduleName: "github.com/soulbalz/traefik-real-ip" + version: "v1.0.3" + +http: + middlewares: + my-traefik-real-ip: + plugin: + traefik-real-ip: + excludednets: + - 1.1.1.1/24 + authelia: + forwardAuth: + address: https://authelia:9091/api/verify?rd=https%3A%2F%2Flogin.dudenhoeffer.casa%2F + trustForwardHeader: true + authResponseHeaders: + - "Remote-User" + - "Remote-Groups" + - "Remote-Email" + - "Remote-Name" + authelia-basic: + forwardAuth: + address: https://authelia:9091/api/verify?auth=basic + trustForwardHeader: true + authResponseHeaders: + - "Remote-User" + - "Remote-Groups" + - "Remote-Email" + - "Remote-Name" +