added custom traefik handlers

traefik/.env.example

@@ -8,7 +8,7 @@ USER_ID=1000
 GROUP_ID=1000
 
 # TIMEZONE is the timezone the server is in
-TIMZEONE=America/New_York
+TIMEZONE=America/New_York
 
 # CLOUDFLARE_EMAIL is the email for the cloudflare credentials
 CLOUDFLARE_EMAIL=email@address.com

traefik/custom/homeassistant.yml

@@ -0,0 +1,13 @@
+
+http:
+  routers:
+   homeassistant-router:
+      rule: "Host(`homeassistant.dudenhoeffer.casa`)"
+      service: homeassistant-service
+
+  services:
+    homeassistant-service:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.0.197:8123"
+        passHostHeader: true

traefik/custom/scrypted.yml

@@ -0,0 +1,20 @@
+http:
+  routers:
+    scrypted-router:
+      rule: "Host(`scrypted.dudenhoeffer.casa`)"
+      service: scrypted-service
+      # Optionally, you can add TLS configuration here if your router is serving HTTPS
+
+  services:
+    scrypted-service:
+      loadBalancer:
+        servers:
+          - url: "https://192.168.0.197:10443"
+        passHostHeader: true
+        # Skip TLS verification for the self-signed certificate
+        serversTransport: "scrypted-servers-transport"
+
+  # Define the serversTransport to skip TLS verification
+  serversTransports:
+    scrypted-servers-transport:
+      insecureSkipVerify: true

traefik/custom/unifi.yml

@@ -0,0 +1,20 @@
+http:
+  routers:
+    unifi-router:
+      rule: "Host(`unifi.dudenhoeffer.casa`)"
+      service: unifi-service
+      # Optionally, you can add TLS configuration here if your router is serving HTTPS
+
+  services:
+    unifi-service:
+      loadBalancer:
+        servers:
+          - url: "https://192.168.0.146"
+        passHostHeader: true
+        # Skip TLS verification for the self-signed certificate
+        serversTransport: "unifi-servers-transport"
+
+  # Define the serversTransport to skip TLS verification
+  serversTransports:
+    unifi-servers-transport:
+      insecureSkipVerify: true

traefik/docker-compose.yml

@@ -5,6 +5,7 @@ services:
     image: traefik:latest
     container_name: traefik
     hostname: traefik
+    command: --providers.file.filename=/etc/traefik/dynamic.yml --providers.docker
 
   
     environment:
@@ -24,6 +25,7 @@ services:
 
     volumes:
       - ./traefik.yml:/etc/traefik/traefik.yml:ro
+      - ./custom:/etc/traefik/custom:ro
       - /var/run/docker.sock:/tmp/docker.sock:ro
       - certs:/letsencrypt
 

traefik/traefik.yml.example

@@ -0,0 +1,230 @@
+################################################################
+#
+# Configuration sample for Traefik v2.
+#
+# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
+#
+################################################################
+
+################################################################
+# Global configuration
+################################################################
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: true
+
+################################################################
+# EntryPoints configuration
+################################################################
+
+# EntryPoints definition
+#
+# Optional
+#
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: :443
+    http:
+      tls:
+        certResolver: letsencrypt
+        domains:
+          - main: domain.tld
+            sans: 
+              - "*.domain.tld"
+      middlewares:
+        - "authelia@docker"
+  
+################################################################
+# Traefik logs configuration
+################################################################
+
+# Traefik logs
+# Enabled by default and log to stdout
+#
+# Optional
+#
+log:
+  # Log level
+  #
+  # Optional
+  # Default: "ERROR"
+  #
+  level: DEBUG
+
+  # Sets the filepath for the traefik log. If not specified, stdout will be used.
+  # Intermediate directories are created if necessary.
+  #
+  # Optional
+  # Default: os.Stdout
+  #
+#  filePath: log/traefik.log
+
+  # Format is either "json" or "common".
+  #
+  # Optional
+  # Default: "common"
+  #
+#  format: json
+
+################################################################
+# Access logs configuration
+################################################################
+
+# Enable access logs
+# By default it will write to stdout and produce logs in the textual
+# Common Log Format (CLF), extended with additional fields.
+#
+# Optional
+#
+accessLog: 
+  # Sets the file path for the access log. If not specified, stdout will be used.
+  # Intermediate directories are created if necessary.
+  #
+  # Optional
+  # Default: os.Stdout
+  #
+#  filePath: /path/to/log/log.txt
+  filePath: "/etc/traefik/access.log"
+  format: common
+
+  # Format is either "json" or "common".
+  #
+  # Optional
+  # Default: "common"
+  #
+#  format: json
+
+################################################################
+# API and dashboard configuration
+################################################################
+
+# Enable API and dashboard
+#
+# Optional
+#
+api:
+  # Enable the API in insecure mode
+  #
+  # Optional
+  # Default: false
+  #
+  insecure: true
+
+  # Enabled Dashboard
+  #
+  # Optional
+  # Default: true
+  #
+  dashboard: true
+
+################################################################
+# Ping configuration
+################################################################
+
+# Enable ping
+ping:
+  # Name of the related entry point
+  #
+  # Optional
+  # Default: "traefik"
+  #
+  entryPoint: traefik
+
+################################################################
+# Docker configuration backend
+################################################################
+
+providers:
+  # Enable Docker configuration backend
+  docker:
+    # Docker server endpoint. Can be a tcp or a unix socket endpoint.
+    #
+    # Required
+    # Default: "unix:///var/run/docker.sock"
+    #
+    endpoint: unix:///tmp/docker.sock
+
+    # Default host rule.
+    #
+    # Optional
+    # Default: "Host(`{{ normalize .Name }}`)"
+    #
+    defaultRule: Host(`{{ normalize .Name }}.domain.tld`)
+
+    # Expose containers by default in traefik
+    #
+    # Optional
+    # Default: true
+    #
+    exposedByDefault: true
+
+    network: home-proxy
+
+  file:
+    directory: /etc/traefik/custom
+    watch: true
+
+#tls:
+#  stores:
+#    default:
+#      defaultCertificate:
+#        certFile: /certs/star.domain.tld.crt
+#        keyFile: /certs/star.domain.tld..key
+#  certificates:
+#    - certFile: /certs/star.domain.tld..crt
+#      keyFile: /certs/star.domain.tld..key
+#      stores:
+#        - default
+#
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+     email: email@address.com
+     storage: /letsencrypt/acme.json
+     dnsChallenge:
+       provider: cloudflare
+        # Used to make sure the dns challenge is propagated to the rights dns servers
+        #       resolvers:
+        # - "1.1.1.1:53"
+        # - "1.0.0.1:53"
+        #
+experimental:
+  plugins:
+    traefik-real-ip:
+      moduleName: "github.com/soulbalz/traefik-real-ip"
+      version: "v1.0.3" 
+      
+http:
+  middlewares:
+    my-traefik-real-ip:
+      plugin:
+        traefik-real-ip:
+          excludednets:
+            - 1.1.1.1/24
+    authelia:
+      forwardAuth:
+        address: https://authelia:9091/api/verify?rd=https%3A%2F%2Flogin.dudenhoeffer.casa%2F
+        trustForwardHeader: true
+        authResponseHeaders:
+          - "Remote-User"
+          - "Remote-Groups"
+          - "Remote-Email"
+          - "Remote-Name"
+    authelia-basic:
+      forwardAuth:
+        address: https://authelia:9091/api/verify?auth=basic
+        trustForwardHeader: true
+        authResponseHeaders:
+          - "Remote-User"
+          - "Remote-Groups"
+          - "Remote-Email"
+          - "Remote-Name"
+