567 lines
13 KiB
YAML
567 lines
13 KiB
YAML
log:
|
|
level: DEBUG
|
|
accessLog: {}
|
|
api:
|
|
# Dashboard
|
|
dashboard: true
|
|
# https://docs.traefik.io/master/operations/api/#insecure
|
|
# insecure: true
|
|
|
|
entryPoints:
|
|
web:
|
|
# http
|
|
address: ":80"
|
|
http:
|
|
# https://docs.traefik.io/routing/entrypoints/#entrypoint
|
|
redirections:
|
|
entryPoint:
|
|
to: web-secure
|
|
scheme: https
|
|
permanent: true
|
|
|
|
# mqtt:
|
|
# # mqtt
|
|
# address: ":1883"
|
|
|
|
web-secure:
|
|
# https
|
|
address: ":443"
|
|
|
|
web-socket:
|
|
address: ":8083"
|
|
|
|
web-socket-secure:
|
|
address: ":8084"
|
|
|
|
bolt-socket:
|
|
address: ":7687"
|
|
|
|
# osrm:
|
|
# address: ":5000"
|
|
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
# https://docs.traefik.io/master/https/acme/#lets-encrypt
|
|
acme:
|
|
email: "furyx@hotmail.com"
|
|
storage: /etc/traefik/acme/acme.json
|
|
# https://docs.traefik.io/master/https/acme/#httpchallenge
|
|
httpChallenge:
|
|
entryPoint: web
|
|
|
|
tcp:
|
|
routers:
|
|
neo4j-bolt-router:
|
|
entryPoints:
|
|
- bolt-socket
|
|
rule: "HostSNI(`*`)"
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: neo4j-bolt
|
|
|
|
# emqx-web-socket-router:
|
|
# entryPoints:
|
|
# - web-socket
|
|
# rule: "HostSNI(`*`)"
|
|
# service: emqx-web-socket-service
|
|
|
|
# emqx-web-socket-secure-router:
|
|
# entryPoints:
|
|
# - web-socket-secure
|
|
# rule: "HostSNI(`*`)"
|
|
# service: emqx-web-socket-secure-service
|
|
# tls:
|
|
# passthrough: true
|
|
|
|
services:
|
|
neo4j-bolt:
|
|
loadBalancer:
|
|
servers:
|
|
- address: "neo4j_server:7687"
|
|
emqx-web-socket-service:
|
|
loadBalancer:
|
|
servers:
|
|
- address: "emqx1:8083"
|
|
- address: "emqx2:8083"
|
|
emqx-web-socket-secure-service:
|
|
loadBalancer:
|
|
servers:
|
|
- address: "emqx1:8084"
|
|
- address: "emqx2:8084"
|
|
|
|
http:
|
|
routers:
|
|
dashboard:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`dashboard.furyhawk.lol`) && PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
|
|
middlewares:
|
|
- auth
|
|
tls:
|
|
# https://docs.traefik.io/master/routing/routers/#certresolver
|
|
certResolver: letsencrypt
|
|
service: api@internal
|
|
|
|
portainer-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`portainer.furyhawk.lol`) || Host(`port.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: portainer_service
|
|
|
|
edge-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`edge.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: edge_service
|
|
|
|
adminer-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`adminer.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: adminer_app
|
|
|
|
api-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`api.furyhawk.lol`)"
|
|
middlewares:
|
|
- auth
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: api_server
|
|
|
|
chat-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`bot.furyhawk.lol`) || Host(`chat.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: librechat_app
|
|
|
|
cheatsheets-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`cheat.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: cheatsheets_app
|
|
|
|
forum-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`forum.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
# - sslheader
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: forum_server
|
|
|
|
heynote-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`note.furyhawk.lol`) || Host(`pad.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: heynote_app
|
|
|
|
jellyfin-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`media.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: jellyfin_app
|
|
|
|
kestra-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`kestra.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: kestra_app
|
|
|
|
plane-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`plan.furyhawk.lol`) || Host(`plane.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: plane_app
|
|
|
|
privatebin-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`bin.furyhawk.lol`) || Host(`paste.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: bin_app
|
|
|
|
thelounge-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`irc.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: thelounge_app
|
|
|
|
minio-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`drive.furyhawk.lol`) || Host(`storage.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: minio_server
|
|
|
|
minio-api-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`minio.furyhawk.lol`) || Host(`s3.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: minio_service
|
|
|
|
neo4j-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`neo4j.furyhawk.lol`) && PathPrefix(`/neo4j`)||PathPrefix(`/browser`)"
|
|
middlewares:
|
|
- csrf
|
|
- neo4j_strip
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: neo4j-browser
|
|
|
|
graph-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`neo4j.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: neo4j-bolt
|
|
|
|
mqtt-http-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`mqtt.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: emqx-dashboard
|
|
|
|
# mqtt-socket-router:
|
|
# rule: "Host(`mqtt.furyhawk.lol`)"
|
|
# entryPoints:
|
|
# - mqtt
|
|
# service: emqx-mqtt-socket
|
|
|
|
mqtt-ws-http-router:
|
|
entryPoints:
|
|
- web-socket
|
|
rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: emqx-web-socket
|
|
|
|
mqtt-wss-https-router:
|
|
entryPoints:
|
|
- web-socket-secure
|
|
rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
service: emqx-web-socket-secure
|
|
|
|
mqttx-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`mqttx.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: mqttx-web
|
|
|
|
osrm-router:
|
|
entryPoints:
|
|
- "web-secure"
|
|
rule: "Host(`osrm.furyhawk.lol`)"
|
|
# - "osrm"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: osrm_service
|
|
|
|
syncthing-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`sync.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: syncthing_app
|
|
|
|
bai-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`bai.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: streamlit_bai_app
|
|
|
|
fin-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`fin.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: streamlit_fin_app
|
|
|
|
info-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`furyhawk.lol`) || Host(`www.furyhawk.lol`) || Host(`info.furyhawk.lol`) || Host(`124c41.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
- no-www
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: site_server
|
|
|
|
resume-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`resume.furyhawk.lol`)"
|
|
# redirect to resume
|
|
middlewares:
|
|
- csrf
|
|
- redirect-resume
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: resume_server
|
|
|
|
blog-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`blog.furyhawk.lol`)"
|
|
# redirect to external blog
|
|
middlewares:
|
|
- redirect-blog
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: blog
|
|
|
|
middlewares:
|
|
auth:
|
|
basicAuth:
|
|
usersFile: "/etc/traefik/usersfile"
|
|
csrf:
|
|
# https://doc.traefik.io/traefik/middlewares/http/headers/#hostsproxyheaders
|
|
# https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
|
|
headers:
|
|
hostsProxyHeaders: ["X-CSRFToken"]
|
|
sslheader:
|
|
# https://docs.traefik.io/master/middlewares/headers/
|
|
headers:
|
|
sslProxyHeaders:
|
|
X-Forwarded-Proto: "https,wss"
|
|
sslRedirect: true
|
|
no-www:
|
|
redirectRegex:
|
|
regex: "^https?://www\\.(.+)"
|
|
replacement: https://${1}
|
|
permanent: true
|
|
|
|
# redirect to resume
|
|
redirect-resume:
|
|
redirectRegex:
|
|
regex: "^https://resume.furyhawk.lol/(.*)"
|
|
replacement: "https://info.furyhawk.lol/resume/${1}"
|
|
permanent: true
|
|
|
|
redirect-blog:
|
|
# https://docs.traefik.io/master/middlewares/redirectscheme/
|
|
redirectregex:
|
|
regex: "^https://blog.furyhawk.lol/(.*)"
|
|
replacement: "https://furyhawk.github.io/124c41/${1}"
|
|
permanent: true
|
|
|
|
neo4j_strip:
|
|
# https://docs.traefik.io/master/middlewares/stripprefix/
|
|
stripprefix:
|
|
prefixes:
|
|
- "/neo4j"
|
|
|
|
services:
|
|
portainer_service:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://portainer:9000
|
|
edge_service:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://portainer:8000
|
|
osrm_service:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://osrm_backend:5000
|
|
adminer_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://adminer:8080
|
|
api_server:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://api_server:8000
|
|
bin_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://privatebin:8080
|
|
cheatsheets_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://cheatsheets_app:80
|
|
forum_server:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://flarum-web:80
|
|
heynote_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://heynote_app:5173
|
|
jellyfin_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://jellyfin:8096
|
|
kestra_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://kestra:8080
|
|
librechat_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://LibreChat:3080
|
|
thelounge_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://thelounge:9000
|
|
minio_server:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://minio_server:9001
|
|
minio_service:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://minio_server:9000
|
|
neo4j-browser:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://neo4j_server:7474
|
|
neo4j-bolt:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://neo4j_server:7687
|
|
plane_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: node01:80
|
|
streamlit_bai_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://streamlit_bai_app:8502
|
|
streamlit_fin_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://streamlit_fin_app:8501
|
|
emqx-mqtt-socket:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://emqx1:1883
|
|
emqx-web-socket:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://emqx1:8083
|
|
- url: http://emqx2:8083
|
|
emqx-web-socket-secure:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://emqx1:8084
|
|
- url: http://emqx2:8084
|
|
emqx-dashboard:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://emqx1:18083
|
|
mqttx-web:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://mqttx_web:80
|
|
syncthing_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://syncthing:8384
|
|
site_server:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://site_server:80
|
|
resume_server:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://site_server:80
|
|
blog:
|
|
loadBalancer:
|
|
servers:
|
|
- url: https://furyhawk.github.io/124c41/
|
|
|
|
providers:
|
|
# https://docs.traefik.io/master/providers/file/
|
|
file:
|
|
filename: /etc/traefik/traefik.yml
|
|
watch: true
|
|
docker:
|
|
network: web
|
|
exposedByDefault: false
|
|
endpoint: "unix:///var/run/docker.sock"
|