cloudy/compose/traefik/traefik.yml

log:
  level: DEBUG
api:
  # Dashboard
  dashboard: true
  # https://docs.traefik.io/master/operations/api/#insecure
  # insecure: true

entryPoints:
  web:
    # http
    address: ":80"
    http:
      # https://docs.traefik.io/routing/entrypoints/#entrypoint
      redirections:
        entryPoint:
          to: web-secure

  web-secure:
    # https
    address: ":443"

  # osrm:
  #   address: ":5000"

certificatesResolvers:
  letsencrypt:
    # https://docs.traefik.io/master/https/acme/#lets-encrypt
    acme:
      email: "furyx@hotmail.com"
      storage: /etc/traefik/acme/acme.json
      # https://docs.traefik.io/master/https/acme/#httpchallenge
      httpChallenge:
        entryPoint: web

http:
  routers:
    dashboard:
      rule: "Host(`dashboard.furyhawk.lol`) && PathPrefix(`/api`, `/dashboard`)"
      entryPoints:
        - web-secure
      middlewares:
        - auth
      service: api@internal
      tls:
        # https://docs.traefik.io/master/routing/routers/#certresolver
        certResolver: letsencrypt

    forum-router:
      rule: "Host(`forum.furyhawk.lol`)"
      entryPoints:
        - web-secure
      middlewares:
        - csrf
        # - sslheader
      service: forum_server
      tls:
        # https://docs.traefik.io/master/routing/routers/#certresolver
        certResolver: letsencrypt

    web-secure-router:
      rule: "Host(`bai.furyhawk.lol`)"
      entryPoints:
        - web-secure
      middlewares:
        - csrf
      service: streamlit_bai_app
      tls:
        # https://docs.traefik.io/master/routing/routers/#certresolver
        certResolver: letsencrypt

    fin-router:
      rule: "Host(`fin.furyhawk.lol`)"
      entryPoints:
        - web-secure
      middlewares:
        - csrf
      service: streamlit_fin_app
      tls:
        # https://docs.traefik.io/master/routing/routers/#certresolver
        certResolver: letsencrypt

    info-router:
      rule: "Host(`furyhawk.lol`, `www.furyhawk.lol`, `info.furyhawk.lol`, `124c41.furyhawk.lol`)"
      entryPoints:
        - web-secure
      middlewares:
        - csrf
        - no-www
      service: site_server
      tls:
        # https://docs.traefik.io/master/routing/routers/#certresolver
        certResolver: letsencrypt

    resume-router:
      rule: "Host(`resume.furyhawk.lol`)"
      entryPoints:
        - web-secure
      # redirect to resume
      middlewares:
        - csrf
        - redirect-resume
      service: resume_server
      tls:
        # https://docs.traefik.io/master/routing/routers/#certresolver
        certResolver: letsencrypt

    blog-router:
      rule: "Host(`blog.furyhawk.lol`)"
      entryPoints:
        - web-secure
      # redirect to external blog
      middlewares:
        - redirect-blog
      service: blog
      tls:
        # https://docs.traefik.io/master/routing/routers/#certresolver
        certResolver: letsencrypt

    osrm-router:
      rule: "Host(`osrm.furyhawk.lol`)"
      entryPoints:
        - "web-secure"
        # - "osrm"
      middlewares:
        - csrf
      service: osrm_service
      tls:
        # https://docs.traefik.io/master/routing/routers/#certresolver
        certResolver: letsencrypt
        # domains:
        #   - main: "furyhawk.lol"
        #     sans:
        #       - "*.furyhawk.lol"

  middlewares:
    auth:
      basicAuth:
        usersFile: "/etc/traefik/usersfile"
    csrf:
      # https://doc.traefik.io/traefik/middlewares/http/headers/#hostsproxyheaders
      # https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
      headers:
        hostsProxyHeaders: ["X-CSRFToken"]
    sslheader:
      # https://docs.traefik.io/master/middlewares/headers/
      headers:
        sslProxyHeaders:
          X-Forwarded-Proto: "https"
        sslRedirect: true
    no-www:
      redirectRegex:
        regex: "^https?://www\\.(.+)"
        replacement: https://${1}
        permanent: true

    # redirect to resume
    redirect-resume:
      redirectRegex:
        regex: "^https://resume.furyhawk.lol/(.*)"
        replacement: "https://info.furyhawk.lol/resume/${1}"
        permanent: true

    redirect-blog:
      # https://docs.traefik.io/master/middlewares/redirectscheme/
      redirectregex:
        regex: "^https://blog.furyhawk.lol/(.*)"
        replacement: "https://furyhawk.github.io/124c41/${1}"
        permanent: true

  services:
    osrm_service:
      loadBalancer:
        servers:
          - url: http://osrm_backend:5000
    forum_server:
      loadBalancer:
        servers:
          - url: http://flarum-web:80
    streamlit_bai_app:
      loadBalancer:
        servers:
          - url: http://streamlit_bai_app:8502
    streamlit_fin_app:
      loadBalancer:
        servers:
          - url: http://streamlit_fin_app:8501
    site_server:
      loadBalancer:
        servers:
          - url: http://site_server:80
    resume_server:
      loadBalancer:
        servers:
          - url: http://site_server:80
    blog:
      loadBalancer:
        servers:
          - url: https://furyhawk.github.io/124c41/

providers:
  # https://docs.traefik.io/master/providers/file/
  file:
    filename: /etc/traefik/traefik.yml
    watch: true
  docker:
    network: web
    exposedByDefault: false
    endpoint: "unix:///var/run/docker.sock"