log: level: DEBUG accessLog: {} api: # Dashboard dashboard: true # https://docs.traefik.io/master/operations/api/#insecure # insecure: true entryPoints: web: # http address: ":80" http: # https://docs.traefik.io/routing/entrypoints/#entrypoint redirections: entryPoint: to: web-secure scheme: https permanent: true # mqtt: # # mqtt # address: ":1883" web-secure: # https address: ":443" web-socket: address: ":8083" web-socket-secure: address: ":8084" bolt-socket: address: ":7687" # osrm: # address: ":5000" certificatesResolvers: letsencrypt: # https://docs.traefik.io/master/https/acme/#lets-encrypt acme: email: "furyx@hotmail.com" storage: /etc/traefik/acme/acme.json # https://docs.traefik.io/master/https/acme/#httpchallenge httpChallenge: entryPoint: web tcp: routers: neo4j-bolt-router: entryPoints: - bolt-socket rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)" tls: certResolver: letsencrypt service: neo4j-bolt # emqx-web-socket-router: # entryPoints: # - web-socket # rule: "HostSNI(`*.furyhawk.lol`)" # service: emqx-web-socket-service # emqx-web-socket-secure-router: # entryPoints: # - web-socket-secure # rule: "HostSNI(`*.furyhawk.lol`)" # service: emqx-web-socket-secure-service # tls: # passthrough: true services: neo4j-bolt: loadBalancer: servers: - address: "neo4j_server:7687" emqx-web-socket-service: loadBalancer: servers: - address: "emqx1:8083" # - address: "emqx2:8083" emqx-web-socket-secure-service: loadBalancer: servers: - address: "emqx1:8084" # - address: "emqx2:8084" http: routers: dashboard: entryPoints: - web-secure rule: "Host(`dashboard.furyhawk.lol`)" middlewares: - auth tls: # https://docs.traefik.io/master/routing/routers/#certresolver certResolver: letsencrypt service: api@internal portainer-router: entryPoints: - web-secure rule: "Host(`portainer.furyhawk.lol`) || Host(`port.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: portainer_service edge-router: entryPoints: - web-secure rule: "Host(`edge.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: edge_service adminer-router: entryPoints: - web-secure rule: "Host(`adminer.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: adminer_app api-router: entryPoints: - web-secure rule: "Host(`api.furyhawk.lol`)" middlewares: - auth - csrf tls: certResolver: letsencrypt service: api_server chat-router: entryPoints: - web-secure rule: "Host(`bot.furyhawk.lol`) || Host(`chat.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: librechat_app cheatsheets-router: entryPoints: - web-secure rule: "Host(`cheat.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: cheatsheets_app dozzle-router: entryPoints: - web-secure rule: "Host(`log.furyhawk.lol`)" middlewares: - auth - csrf tls: certResolver: letsencrypt service: dozzle_app # forum-router: # entryPoints: # - web-secure # rule: "Host(`forum.furyhawk.lol`)" # middlewares: # - csrf # # - sslheader # tls: # certResolver: letsencrypt # service: forum_server ghost-router: entryPoints: - web-secure rule: "Host(`ghost.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: ghost_app heynote-router: entryPoints: - web-secure rule: "HostRegexp(`note[0-9]{0,2}.furyhawk.lol`) || Host(`pad.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: heynote_app jellyfin-router: entryPoints: - web-secure rule: "Host(`media.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: jellyfin_app # kestra-router: # entryPoints: # - web-secure # rule: "Host(`kestra.furyhawk.lol`)" # middlewares: # - csrf # tls: # certResolver: letsencrypt # service: kestra_app meshtastic-router: entryPoints: - web-secure rule: "Host(`mesh.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: meshtastic_app plane-router: entryPoints: - web-secure rule: "Host(`plan.furyhawk.lol`) || Host(`plane.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: plane_app privatebin-router: entryPoints: - web-secure rule: "Host(`bin.furyhawk.lol`) || Host(`paste.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: bin_app redlib-router: entryPoints: - web-secure rule: "Host(`redlib.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: redlib_app thelounge-router: entryPoints: - web-secure rule: "Host(`irc.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: thelounge_app minio-router: entryPoints: - web-secure rule: "Host(`drive.furyhawk.lol`) || Host(`storage.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: minio_server minio-api-router: entryPoints: - web-secure rule: "Host(`minio.furyhawk.lol`) || Host(`s3.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: minio_service neo4j-router: entryPoints: - web-secure rule: "Host(`neo4j.furyhawk.lol`) && PathPrefix(`/neo4j`)||PathPrefix(`/browser`)" middlewares: - csrf - neo4j_strip tls: certResolver: letsencrypt service: neo4j-browser graph-router: entryPoints: - web-secure rule: "Host(`neo4j.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: neo4j-bolt mqtt-http-router: entryPoints: - web-secure rule: "Host(`mqtt.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: emqx-dashboard # mqtt-socket-router: # rule: "Host(`mqtt.furyhawk.lol`)" # entryPoints: # - mqtt # service: emqx-mqtt-socket mqtt-ws-http-router: entryPoints: - web-socket rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: emqx-web-socket mqtt-wss-https-router: entryPoints: - web-socket-secure rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)" middlewares: - csrf service: emqx-web-socket-secure mqttx-router: entryPoints: - web-secure rule: "Host(`mqttx.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: mqttx-web osrm-router: entryPoints: - "web-secure" rule: "Host(`osrm.furyhawk.lol`)" # - "osrm" middlewares: - csrf tls: certResolver: letsencrypt service: osrm_service syncthing-router: entryPoints: - web-secure rule: "Host(`sync.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: syncthing_app bai-router: entryPoints: - web-secure rule: "Host(`bai.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: streamlit_bai_app fin-router: entryPoints: - web-secure rule: "Host(`fin.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: streamlit_fin_app info-router: entryPoints: - web-secure rule: "Host(`furyhawk.lol`) || Host(`www.furyhawk.lol`) || Host(`info.furyhawk.lol`) || Host(`124c41.furyhawk.lol`)" middlewares: - csrf - no-www tls: certResolver: letsencrypt service: site_server resume-router: entryPoints: - web-secure rule: "Host(`resume.furyhawk.lol`)" # redirect to resume middlewares: - csrf - redirect-resume tls: certResolver: letsencrypt service: resume_server blog-router: entryPoints: - web-secure rule: "Host(`blog.furyhawk.lol`)" # redirect to external blog middlewares: - redirect-blog tls: certResolver: letsencrypt service: blog middlewares: auth: basicAuth: usersFile: "/etc/traefik/usersfile" csrf: # https://doc.traefik.io/traefik/middlewares/http/headers/#hostsproxyheaders # https://docs.djangoproject.com/en/dev/ref/csrf/#ajax headers: hostsProxyHeaders: ["X-CSRFToken"] sslheader: # https://docs.traefik.io/master/middlewares/headers/ headers: sslProxyHeaders: X-Forwarded-Proto: "https,wss" sslRedirect: true no-www: redirectRegex: regex: "^https?://www\\.(.+)" replacement: https://${1} permanent: true rate-limit: rateLimit: average: 384 burst: 64 period: 10s # redirect to resume redirect-resume: redirectRegex: regex: "^https://resume.furyhawk.lol/(.*)" replacement: "https://info.furyhawk.lol/resume/${1}" permanent: true redirect-blog: # https://docs.traefik.io/master/middlewares/redirectscheme/ redirectregex: regex: "^https://blog.furyhawk.lol/(.*)" replacement: "https://furyhawk.github.io/124c41/${1}" permanent: true neo4j_strip: # https://docs.traefik.io/master/middlewares/stripprefix/ stripprefix: prefixes: - "/neo4j" secure-headers: headers: accessControlAllowMethods: - GET - OPTIONS - PUT accessControlMaxAge: 100 hostsProxyHeaders: - "X-Forwarded-Host" stsSeconds: 63072000 stsIncludeSubdomains: true stsPreload: true # forceSTSHeader: true # This is a good thing but it can be tricky. Enable after everything works. customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options contentTypeNosniff: true browserXssFilter: true referrerPolicy: "same-origin" permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()" customResponseHeaders: X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex," # disable search engines from indexing home server server: "" # hide server info from visitors services: portainer_service: loadBalancer: servers: - url: http://portainer:9000 edge_service: loadBalancer: servers: - url: http://portainer:8000 osrm_service: loadBalancer: servers: - url: http://osrm_backend:5000 adminer_app: loadBalancer: servers: - url: http://adminer:8080 api_server: loadBalancer: servers: - url: http://api_server:8000 bin_app: loadBalancer: servers: - url: http://privatebin:8080 cheatsheets_app: loadBalancer: servers: - url: http://cheatsheets_app:80 dozzle_app: loadBalancer: servers: - url: http://dozzle:8080 # forum_server: # loadBalancer: # servers: # - url: http://flarum-web:80 ghost_app: loadBalancer: servers: - url: http://ghost-server:2368 heynote_app: loadBalancer: servers: - url: http://heynote_app:5173 jellyfin_app: loadBalancer: servers: - url: http://jellyfin:8096 # kestra_app: # loadBalancer: # servers: # - url: http://kestra:8080 librechat_app: loadBalancer: servers: - url: http://LibreChat:3080 redlib_app: loadBalancer: servers: - url: http://redlib:3080 thelounge_app: loadBalancer: servers: - url: http://thelounge:9000 meshtastic_app: loadBalancer: servers: - url: http://meshtastic_web:8080 minio_server: loadBalancer: servers: - url: http://minio_server:9001 minio_service: loadBalancer: servers: - url: http://minio_server:9000 neo4j-browser: loadBalancer: servers: - url: http://neo4j_server:7474 neo4j-bolt: loadBalancer: servers: - url: http://neo4j_server:7687 plane_app: loadBalancer: servers: - url: http://node01:80 streamlit_bai_app: loadBalancer: servers: - url: http://streamlit-bai:8502 streamlit_fin_app: loadBalancer: servers: - url: http://streamlit-fin:8501 emqx-mqtt-socket: loadBalancer: servers: - url: http://emqx1:1883 emqx-web-socket: loadBalancer: servers: - url: http://emqx1:8083 # - url: http://emqx2:8083 emqx-web-socket-secure: loadBalancer: servers: - url: http://emqx1:8084 # - url: http://emqx2:8084 emqx-dashboard: loadBalancer: servers: - url: http://emqx1:18083 mqttx-web: loadBalancer: servers: - url: http://mqttx_web:80 syncthing_app: loadBalancer: servers: - url: http://syncthing:8384 site_server: loadBalancer: servers: - url: http://site_server:80 resume_server: loadBalancer: servers: - url: http://site_server:80 blog: loadBalancer: servers: - url: https://furyhawk.github.io/124c41/ providers: # https://docs.traefik.io/master/providers/file/ file: filename: /etc/traefik/traefik.yml watch: true docker: network: web exposedByDefault: false endpoint: "unix:///var/run/docker.sock"