log: level: INFO accessLog: {} api: # Dashboard dashboard: true # https://docs.traefik.io/master/operations/api/#insecure # insecure: true entryPoints: web: # http address: ":80" http: # https://docs.traefik.io/routing/entrypoints/#entrypoint redirections: entryPoint: to: web-secure scheme: https permanent: true # mqtt: # # mqtt # address: ":1883" web-secure: # https address: ":443" web-socket: address: ":8083" web-socket-secure: address: ":8084" bolt-socket: address: ":7687" postgres-socket: address: ":5432" certificatesResolvers: letsencrypt: # https://docs.traefik.io/master/https/acme/#lets-encrypt acme: email: "furyx@hotmail.com" storage: /etc/traefik/acme/acme.json # https://docs.traefik.io/master/https/acme/#httpchallenge httpChallenge: entryPoint: web tcp: routers: # neo4j-bolt-router: # entryPoints: # - bolt-socket # rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)" # tls: # certResolver: letsencrypt # service: neo4j-bolt emqx-web-socket-router: entryPoints: - web-socket rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)" tls: certResolver: letsencrypt service: emqx-web-socket-service # emqx-web-socket-secure-router: # entryPoints: # - web-socket-secure # rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)" # service: emqx-web-socket-secure-service # tls: # passthrough: true services: # neo4j-bolt: # loadBalancer: # servers: # - address: "neo4j_server:7687" emqx-web-socket-service: loadBalancer: servers: - address: "emqx1:8083" # - address: "emqx2:8083" emqx-web-socket-secure-service: loadBalancer: servers: - address: "emqx1:8084" # - address: "emqx2:8084" http: routers: chat-router: entryPoints: - web-secure rule: "Host(`bot.furyhawk.lol`) || Host(`chat.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: librechat_app # forum-router: # entryPoints: # - web-secure # rule: "Host(`forum.furyhawk.lol`)" # middlewares: # - csrf # # - sslheader # tls: # certResolver: letsencrypt # service: forum_server # kestra-router: # entryPoints: # - web-secure # rule: "Host(`kestra.furyhawk.lol`)" # middlewares: # - csrf # tls: # certResolver: letsencrypt # service: kestra_app # plane-router: # entryPoints: # - web-secure # rule: "Host(`plan.furyhawk.lol`) || Host(`plane.furyhawk.lol`)" # middlewares: # - csrf # tls: # certResolver: letsencrypt # service: plane_app # graph-router: # entryPoints: # - web-secure # rule: "Host(`neo4j.furyhawk.lol`)" # middlewares: # - csrf # tls: # certResolver: letsencrypt # service: neo4j-bolt # mqtt-http-router: # entryPoints: # - web-secure # rule: "Host(`mqtt.furyhawk.lol`)" # middlewares: # - csrf # tls: # certResolver: letsencrypt # service: emqx-dashboard # mqtt-socket-router: # rule: "Host(`mqtt.furyhawk.lol`)" # entryPoints: # - mqtt # service: emqx-mqtt-socket mqtt-ws-http-router: entryPoints: - web-socket rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)" middlewares: - csrf tls: certResolver: letsencrypt service: emqx-web-socket mqtt-wss-https-router: entryPoints: - web-socket-secure rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)" middlewares: - csrf service: emqx-web-socket-secure middlewares: auth: basicAuth: usersFile: "/etc/traefik/usersfile" csrf: # https://doc.traefik.io/traefik/middlewares/http/headers/#hostsproxyheaders # https://docs.djangoproject.com/en/dev/ref/csrf/#ajax headers: hostsProxyHeaders: ["X-CSRFToken"] sslheader: # https://docs.traefik.io/master/middlewares/headers/ headers: sslProxyHeaders: X-Forwarded-Proto: "https,wss" sslRedirect: true no-www: redirectRegex: regex: "^https?://www\\.(.+)" replacement: https://${1} permanent: true rate-limit: rateLimit: average: 384 burst: 128 period: 10s # redirect to resume redirect-resume: redirectRegex: regex: "^https://resume.furyhawk.lol/(.*)" replacement: "https://info.furyhawk.lol/resume/${1}" permanent: true redirect-blog: # https://docs.traefik.io/master/middlewares/redirectscheme/ redirectregex: regex: "^https://blog.furyhawk.lol/(.*)" replacement: "https://furyhawk.github.io/124c41/${1}" permanent: true neo4j_strip: # https://docs.traefik.io/master/middlewares/stripprefix/ stripprefix: prefixes: - "/neo4j" secure-headers: headers: accessControlAllowMethods: - GET - OPTIONS - PUT accessControlMaxAge: 100 hostsProxyHeaders: - "X-Forwarded-Host" stsSeconds: 63072000 stsIncludeSubdomains: true stsPreload: true # forceSTSHeader: true # This is a good thing but it can be tricky. Enable after everything works. customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options contentTypeNosniff: true browserXssFilter: true referrerPolicy: "same-origin" permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()" customResponseHeaders: X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex," # disable search engines from indexing home server server: "" # hide server info from visitors services: # forum_server: # loadBalancer: # servers: # - url: http://flarum-web:80 # kestra_app: # loadBalancer: # servers: # - url: http://kestra:8080 librechat_app: loadBalancer: servers: - url: http://LibreChat:3080 # neo4j-bolt: # loadBalancer: # servers: # - url: http://neo4j_server:7687 # plane_app: # loadBalancer: # servers: # - url: http://node01:80 # emqx-mqtt-socket: # loadBalancer: # servers: # - url: http://emqx1:1883 emqx-web-socket: loadBalancer: servers: - url: http://emqx1:8083 # - url: http://emqx2:8083 emqx-web-socket-secure: loadBalancer: servers: - url: http://emqx1:8084 # - url: http://emqx2:8084 # emqx-dashboard: # loadBalancer: # servers: # - url: http://emqx1:18083 providers: # https://docs.traefik.io/master/providers/file/ file: filename: /etc/traefik/traefik.yml watch: true docker: network: web exposedByDefault: false endpoint: "unix:///var/run/docker.sock" swarm: # network: overwatch exposedByDefault: false endpoint: "unix:///var/run/docker.sock"