231 lines
5.1 KiB
Plaintext
231 lines
5.1 KiB
Plaintext
################################################################
|
|
#
|
|
# Configuration sample for Traefik v2.
|
|
#
|
|
# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
|
|
#
|
|
################################################################
|
|
|
|
################################################################
|
|
# Global configuration
|
|
################################################################
|
|
global:
|
|
checkNewVersion: true
|
|
sendAnonymousUsage: true
|
|
|
|
################################################################
|
|
# EntryPoints configuration
|
|
################################################################
|
|
|
|
# EntryPoints definition
|
|
#
|
|
# Optional
|
|
#
|
|
entryPoints:
|
|
web:
|
|
address: :80
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: websecure
|
|
scheme: https
|
|
websecure:
|
|
address: :443
|
|
http:
|
|
tls:
|
|
certResolver: letsencrypt
|
|
domains:
|
|
- main: domain.tld
|
|
sans:
|
|
- "*.domain.tld"
|
|
middlewares:
|
|
- "authelia@docker"
|
|
|
|
################################################################
|
|
# Traefik logs configuration
|
|
################################################################
|
|
|
|
# Traefik logs
|
|
# Enabled by default and log to stdout
|
|
#
|
|
# Optional
|
|
#
|
|
log:
|
|
# Log level
|
|
#
|
|
# Optional
|
|
# Default: "ERROR"
|
|
#
|
|
level: DEBUG
|
|
|
|
# Sets the filepath for the traefik log. If not specified, stdout will be used.
|
|
# Intermediate directories are created if necessary.
|
|
#
|
|
# Optional
|
|
# Default: os.Stdout
|
|
#
|
|
# filePath: log/traefik.log
|
|
|
|
# Format is either "json" or "common".
|
|
#
|
|
# Optional
|
|
# Default: "common"
|
|
#
|
|
# format: json
|
|
|
|
################################################################
|
|
# Access logs configuration
|
|
################################################################
|
|
|
|
# Enable access logs
|
|
# By default it will write to stdout and produce logs in the textual
|
|
# Common Log Format (CLF), extended with additional fields.
|
|
#
|
|
# Optional
|
|
#
|
|
accessLog:
|
|
# Sets the file path for the access log. If not specified, stdout will be used.
|
|
# Intermediate directories are created if necessary.
|
|
#
|
|
# Optional
|
|
# Default: os.Stdout
|
|
#
|
|
# filePath: /path/to/log/log.txt
|
|
filePath: "/etc/traefik/access.log"
|
|
format: common
|
|
|
|
# Format is either "json" or "common".
|
|
#
|
|
# Optional
|
|
# Default: "common"
|
|
#
|
|
# format: json
|
|
|
|
################################################################
|
|
# API and dashboard configuration
|
|
################################################################
|
|
|
|
# Enable API and dashboard
|
|
#
|
|
# Optional
|
|
#
|
|
api:
|
|
# Enable the API in insecure mode
|
|
#
|
|
# Optional
|
|
# Default: false
|
|
#
|
|
insecure: true
|
|
|
|
# Enabled Dashboard
|
|
#
|
|
# Optional
|
|
# Default: true
|
|
#
|
|
dashboard: true
|
|
|
|
################################################################
|
|
# Ping configuration
|
|
################################################################
|
|
|
|
# Enable ping
|
|
ping:
|
|
# Name of the related entry point
|
|
#
|
|
# Optional
|
|
# Default: "traefik"
|
|
#
|
|
entryPoint: traefik
|
|
|
|
################################################################
|
|
# Docker configuration backend
|
|
################################################################
|
|
|
|
providers:
|
|
# Enable Docker configuration backend
|
|
docker:
|
|
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
|
|
#
|
|
# Required
|
|
# Default: "unix:///var/run/docker.sock"
|
|
#
|
|
endpoint: unix:///tmp/docker.sock
|
|
|
|
# Default host rule.
|
|
#
|
|
# Optional
|
|
# Default: "Host(`{{ normalize .Name }}`)"
|
|
#
|
|
defaultRule: Host(`{{ normalize .Name }}.domain.tld`)
|
|
|
|
# Expose containers by default in traefik
|
|
#
|
|
# Optional
|
|
# Default: true
|
|
#
|
|
exposedByDefault: true
|
|
|
|
network: home-proxy
|
|
|
|
file:
|
|
directory: /etc/traefik/custom
|
|
watch: true
|
|
|
|
#tls:
|
|
# stores:
|
|
# default:
|
|
# defaultCertificate:
|
|
# certFile: /certs/star.domain.tld.crt
|
|
# keyFile: /certs/star.domain.tld..key
|
|
# certificates:
|
|
# - certFile: /certs/star.domain.tld..crt
|
|
# keyFile: /certs/star.domain.tld..key
|
|
# stores:
|
|
# - default
|
|
#
|
|
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
acme:
|
|
email: email@address.com
|
|
storage: /letsencrypt/acme.json
|
|
dnsChallenge:
|
|
provider: cloudflare
|
|
# Used to make sure the dns challenge is propagated to the rights dns servers
|
|
# resolvers:
|
|
# - "1.1.1.1:53"
|
|
# - "1.0.0.1:53"
|
|
#
|
|
experimental:
|
|
plugins:
|
|
traefik-real-ip:
|
|
moduleName: "github.com/soulbalz/traefik-real-ip"
|
|
version: "v1.0.3"
|
|
|
|
http:
|
|
middlewares:
|
|
my-traefik-real-ip:
|
|
plugin:
|
|
traefik-real-ip:
|
|
excludednets:
|
|
- 1.1.1.1/24
|
|
authelia:
|
|
forwardAuth:
|
|
address: https://authelia:9091/api/verify?rd=https%3A%2F%2Flogin.dudenhoeffer.casa%2F
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- "Remote-User"
|
|
- "Remote-Groups"
|
|
- "Remote-Email"
|
|
- "Remote-Name"
|
|
authelia-basic:
|
|
forwardAuth:
|
|
address: https://authelia:9091/api/verify?auth=basic
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- "Remote-User"
|
|
- "Remote-Groups"
|
|
- "Remote-Email"
|
|
- "Remote-Name"
|
|
|