furyhawk/cloudy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
cloudy/compose/traefik/traefik.yml
T

288 lines
7.1 KiB
YAML
Raw Permalink Blame History

log:
level: INFO
accessLog: {}
api:
# Dashboard
dashboard: true
# https://docs.traefik.io/master/operations/api/#insecure
# insecure: true
entryPoints:
web:
# http
address: ":80"
http:
# https://docs.traefik.io/routing/entrypoints/#entrypoint
redirections:
entryPoint:
to: web-secure
scheme: https
permanent: true
# mqtt:
# # mqtt
# address: ":1883"
web-secure:
# https
address: ":443"
web-socket:
address: ":8083"
web-socket-secure:
address: ":8084"
bolt-socket:
address: ":7687"
postgres-socket:
address: ":5432"
certificatesResolvers:
letsencrypt:
# https://docs.traefik.io/master/https/acme/#lets-encrypt
acme:
email: "furyx@hotmail.com"
storage: /etc/traefik/acme/acme.json
# https://docs.traefik.io/master/https/acme/#httpchallenge
tlsChallenge: {}
httpChallenge:
entryPoint: web
tcp:
routers:
# neo4j-bolt-router:
# entryPoints:
# - bolt-socket
# rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
# tls:
# certResolver: letsencrypt
# service: neo4j-bolt
emqx-web-socket-router:
entryPoints:
- web-socket
rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
tls:
certResolver: letsencrypt
service: emqx-web-socket-service
# emqx-web-socket-secure-router:
# entryPoints:
# - web-socket-secure
# rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
# service: emqx-web-socket-secure-service
# tls:
# passthrough: true
services:
# neo4j-bolt:
# loadBalancer:
# servers:
# - address: "neo4j_server:7687"
emqx-web-socket-service:
loadBalancer:
servers:
- address: "emqx1:8083"
# - address: "emqx2:8083"
emqx-web-socket-secure-service:
loadBalancer:
servers:
- address: "emqx1:8084"
# - address: "emqx2:8084"
http:
routers:
# forum-router:
# entryPoints:
# - web-secure
# rule: "Host(`forum.furyhawk.lol`)"
# middlewares:
# - csrf
# # - sslheader
# tls:
# certResolver: letsencrypt
# service: forum_server
# kestra-router:
# entryPoints:
# - web-secure
# rule: "Host(`kestra.furyhawk.lol`)"
# middlewares:
# - csrf
# tls:
# certResolver: letsencrypt
# service: kestra_app
# plane-router:
# entryPoints:
# - web-secure
# rule: "Host(`plan.furyhawk.lol`) || Host(`plane.furyhawk.lol`)"
# middlewares:
# - csrf
# tls:
# certResolver: letsencrypt
# service: plane_app
# graph-router:
# entryPoints:
# - web-secure
# rule: "Host(`neo4j.furyhawk.lol`)"
# middlewares:
# - csrf
# tls:
# certResolver: letsencrypt
# service: neo4j-bolt
# mqtt-http-router:
# entryPoints:
# - web-secure
# rule: "Host(`mqtt.furyhawk.lol`)"
# middlewares:
# - csrf
# tls:
# certResolver: letsencrypt
# service: emqx-dashboard
# mqtt-socket-router:
# rule: "Host(`mqtt.furyhawk.lol`)"
# entryPoints:
# - mqtt
# service: emqx-mqtt-socket
mqtt-ws-http-router:
entryPoints:
- web-socket
rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)"
middlewares:
- csrf
tls:
certResolver: letsencrypt
service: emqx-web-socket
mqtt-wss-https-router:
entryPoints:
- web-socket-secure
rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)"
middlewares:
- csrf
service: emqx-web-socket-secure
middlewares:
auth:
basicAuth:
usersFile: "/etc/traefik/usersfile"
csrf:
# https://doc.traefik.io/traefik/middlewares/http/headers/#hostsproxyheaders
# https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
headers:
hostsProxyHeaders: ["X-CSRF-Token"]
sslheader:
# https://docs.traefik.io/master/middlewares/headers/
headers:
sslProxyHeaders:
X-Forwarded-Proto: "https,wss"
sslRedirect: true
no-www:
redirectRegex:
regex: "^https?://www\\.(.+)"
replacement: https://${1}
permanent: true
rate-limit:
rateLimit:
average: 384
burst: 128
period: 10s
# redirect to resume
redirect-resume:
redirectRegex:
regex: "^https://resume.furyhawk.lol/(.*)"
replacement: "https://info.furyhawk.lol/resume/${1}"
permanent: true
redirect-blog:
# https://docs.traefik.io/master/middlewares/redirectscheme/
redirectregex:
regex: "^https://blog.furyhawk.lol/(.*)"
replacement: "https://furyhawk.github.io/124c41/${1}"
permanent: true
neo4j_strip:
# https://docs.traefik.io/master/middlewares/stripprefix/
stripprefix:
prefixes:
- "/neo4j"
secure-headers:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlMaxAge: 100
hostsProxyHeaders:
- "X-Forwarded-Host"
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
# forceSTSHeader: true # This is a good thing but it can be tricky. Enable after everything works.
customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: "same-origin"
permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex," # disable search engines from indexing home server
server: "" # hide server info from visitors
services:
# forum_server:
# loadBalancer:
# servers:
# - url: http://flarum-web:80
# kestra_app:
# loadBalancer:
# servers:
# - url: http://kestra:8080
# neo4j-bolt:
# loadBalancer:
# servers:
# - url: http://neo4j_server:7687
# plane_app:
# loadBalancer:
# servers:
# - url: http://node01:80
# emqx-mqtt-socket:
# loadBalancer:
# servers:
# - url: http://emqx1:1883
emqx-web-socket:
loadBalancer:
servers:
- url: http://emqx1:8083
# - url: http://emqx2:8083
emqx-web-socket-secure:
loadBalancer:
servers:
- url: http://emqx1:8084
# - url: http://emqx2:8084
providers:
# https://docs.traefik.io/master/providers/file/
file:
filename: /etc/traefik/traefik.yml
watch: true
docker:
network: web
exposedByDefault: false
endpoint: "unix:///var/run/docker.sock"
swarm:
# network: overwatch
exposedByDefault: false
endpoint: "unix:///var/run/docker.sock"
Reference in New Issue View Git Blame Copy Permalink