mirror of
https://github.com/furyhawk/cloudy.git
synced 2026-05-20 15:11:10 +00:00
furyhawk
f865ba6f16
Refactor compose/apps.yml to update URL with dynamic domain name Refactor traefik.yml to update routing rules for neo4j-bolt-router Refactor traefik.yml to fix routing rules for resume and blog subdomains Refactor makefile to use 'always' flag when running docker compose Refactor docker-compose.yml to update second volume path for custom configuration file Refactor docker-compose.yml to update MINIO_SERVER_URL and NEO4J_dbms.default_advertised_address Refactor traefik.yml to enable routing for neo4j subdomains Refactor traefik.yml to fix routing rules for resume and blog subdomains
315 lines
7.6 KiB
YAML
315 lines
7.6 KiB
YAML
log:
|
|
level: INFO
|
|
accessLog: {}
|
|
api:
|
|
# Dashboard
|
|
dashboard: true
|
|
# https://docs.traefik.io/master/operations/api/#insecure
|
|
# insecure: true
|
|
|
|
entryPoints:
|
|
web:
|
|
# http
|
|
address: ":80"
|
|
http:
|
|
# https://docs.traefik.io/routing/entrypoints/#entrypoint
|
|
redirections:
|
|
entryPoint:
|
|
to: web-secure
|
|
scheme: https
|
|
permanent: true
|
|
|
|
# mqtt:
|
|
# # mqtt
|
|
# address: ":1883"
|
|
|
|
web-secure:
|
|
# https
|
|
address: ":443"
|
|
|
|
web-socket:
|
|
address: ":8083"
|
|
|
|
web-socket-secure:
|
|
address: ":8084"
|
|
|
|
bolt-socket:
|
|
address: ":7687"
|
|
|
|
postgres-socket:
|
|
address: ":5432"
|
|
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
# https://docs.traefik.io/master/https/acme/#lets-encrypt
|
|
acme:
|
|
email: "furyx@hotmail.com"
|
|
storage: /etc/traefik/acme/acme.json
|
|
# https://docs.traefik.io/master/https/acme/#httpchallenge
|
|
httpChallenge:
|
|
entryPoint: web
|
|
|
|
tcp:
|
|
routers:
|
|
# neo4j-bolt-router:
|
|
# entryPoints:
|
|
# - bolt-socket
|
|
# rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
|
|
# tls:
|
|
# certResolver: letsencrypt
|
|
# service: neo4j-bolt
|
|
|
|
emqx-web-socket-router:
|
|
entryPoints:
|
|
- web-socket
|
|
rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: emqx-web-socket-service
|
|
|
|
# emqx-web-socket-secure-router:
|
|
# entryPoints:
|
|
# - web-socket-secure
|
|
# rule: "HostSNIRegexp(`^.+\\.furyhawk\\.lol$`)"
|
|
# service: emqx-web-socket-secure-service
|
|
# tls:
|
|
# passthrough: true
|
|
|
|
services:
|
|
# neo4j-bolt:
|
|
# loadBalancer:
|
|
# servers:
|
|
# - address: "neo4j_server:7687"
|
|
emqx-web-socket-service:
|
|
loadBalancer:
|
|
servers:
|
|
- address: "emqx1:8083"
|
|
# - address: "emqx2:8083"
|
|
emqx-web-socket-secure-service:
|
|
loadBalancer:
|
|
servers:
|
|
- address: "emqx1:8084"
|
|
# - address: "emqx2:8084"
|
|
|
|
http:
|
|
|
|
routers:
|
|
|
|
chat-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`bot.furyhawk.lol`) || Host(`chat.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: librechat_app
|
|
|
|
# forum-router:
|
|
# entryPoints:
|
|
# - web-secure
|
|
# rule: "Host(`forum.furyhawk.lol`)"
|
|
# middlewares:
|
|
# - csrf
|
|
# # - sslheader
|
|
# tls:
|
|
# certResolver: letsencrypt
|
|
# service: forum_server
|
|
|
|
# kestra-router:
|
|
# entryPoints:
|
|
# - web-secure
|
|
# rule: "Host(`kestra.furyhawk.lol`)"
|
|
# middlewares:
|
|
# - csrf
|
|
# tls:
|
|
# certResolver: letsencrypt
|
|
# service: kestra_app
|
|
|
|
plane-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`plan.furyhawk.lol`) || Host(`plane.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: plane_app
|
|
|
|
# graph-router:
|
|
# entryPoints:
|
|
# - web-secure
|
|
# rule: "Host(`neo4j.furyhawk.lol`)"
|
|
# middlewares:
|
|
# - csrf
|
|
# tls:
|
|
# certResolver: letsencrypt
|
|
# service: neo4j-bolt
|
|
|
|
mqtt-http-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`mqtt.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: emqx-dashboard
|
|
|
|
# mqtt-socket-router:
|
|
# rule: "Host(`mqtt.furyhawk.lol`)"
|
|
# entryPoints:
|
|
# - mqtt
|
|
# service: emqx-mqtt-socket
|
|
|
|
mqtt-ws-http-router:
|
|
entryPoints:
|
|
- web-socket
|
|
rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: emqx-web-socket
|
|
|
|
mqtt-wss-https-router:
|
|
entryPoints:
|
|
- web-socket-secure
|
|
rule: "Host(`broker.furyhawk.lol`) || Host(`mqtt.furyhawk.lol`) || Host(`mqttx.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
service: emqx-web-socket-secure
|
|
|
|
mqttx-router:
|
|
entryPoints:
|
|
- web-secure
|
|
rule: "Host(`mqttx.furyhawk.lol`)"
|
|
middlewares:
|
|
- csrf
|
|
tls:
|
|
certResolver: letsencrypt
|
|
service: mqttx-web
|
|
|
|
middlewares:
|
|
auth:
|
|
basicAuth:
|
|
usersFile: "/etc/traefik/usersfile"
|
|
csrf:
|
|
# https://doc.traefik.io/traefik/middlewares/http/headers/#hostsproxyheaders
|
|
# https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
|
|
headers:
|
|
hostsProxyHeaders: ["X-CSRFToken"]
|
|
sslheader:
|
|
# https://docs.traefik.io/master/middlewares/headers/
|
|
headers:
|
|
sslProxyHeaders:
|
|
X-Forwarded-Proto: "https,wss"
|
|
sslRedirect: true
|
|
no-www:
|
|
redirectRegex:
|
|
regex: "^https?://www\\.(.+)"
|
|
replacement: https://${1}
|
|
permanent: true
|
|
|
|
rate-limit:
|
|
rateLimit:
|
|
average: 384
|
|
burst: 128
|
|
period: 10s
|
|
|
|
# redirect to resume
|
|
redirect-resume:
|
|
redirectRegex:
|
|
regex: "^https://resume.furyhawk.lol/(.*)"
|
|
replacement: "https://info.furyhawk.lol/resume/${1}"
|
|
permanent: true
|
|
|
|
redirect-blog:
|
|
# https://docs.traefik.io/master/middlewares/redirectscheme/
|
|
redirectregex:
|
|
regex: "^https://blog.furyhawk.lol/(.*)"
|
|
replacement: "https://furyhawk.github.io/124c41/${1}"
|
|
permanent: true
|
|
|
|
neo4j_strip:
|
|
# https://docs.traefik.io/master/middlewares/stripprefix/
|
|
stripprefix:
|
|
prefixes:
|
|
- "/neo4j"
|
|
secure-headers:
|
|
headers:
|
|
accessControlAllowMethods:
|
|
- GET
|
|
- OPTIONS
|
|
- PUT
|
|
accessControlMaxAge: 100
|
|
hostsProxyHeaders:
|
|
- "X-Forwarded-Host"
|
|
stsSeconds: 63072000
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
# forceSTSHeader: true # This is a good thing but it can be tricky. Enable after everything works.
|
|
customFrameOptionsValue: SAMEORIGIN # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
referrerPolicy: "same-origin"
|
|
permissionsPolicy: "camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()"
|
|
customResponseHeaders:
|
|
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex," # disable search engines from indexing home server
|
|
server: "" # hide server info from visitors
|
|
|
|
services:
|
|
|
|
# forum_server:
|
|
# loadBalancer:
|
|
# servers:
|
|
# - url: http://flarum-web:80
|
|
# kestra_app:
|
|
# loadBalancer:
|
|
# servers:
|
|
# - url: http://kestra:8080
|
|
librechat_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://LibreChat:3080
|
|
# neo4j-bolt:
|
|
# loadBalancer:
|
|
# servers:
|
|
# - url: http://neo4j_server:7687
|
|
plane_app:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://node01:80
|
|
emqx-mqtt-socket:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://emqx1:1883
|
|
emqx-web-socket:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://emqx1:8083
|
|
# - url: http://emqx2:8083
|
|
emqx-web-socket-secure:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://emqx1:8084
|
|
# - url: http://emqx2:8084
|
|
emqx-dashboard:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://emqx1:18083
|
|
mqttx-web:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://mqttx_web:80
|
|
|
|
providers:
|
|
# https://docs.traefik.io/master/providers/file/
|
|
file:
|
|
filename: /etc/traefik/traefik.yml
|
|
watch: true
|
|
docker:
|
|
network: web
|
|
exposedByDefault: false
|
|
endpoint: "unix:///var/run/docker.sock"
|