gbanyan/Exposed-Traefik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Traefik for Exposed Self-hosted service

Browse Source
This commit is contained in:
root 2025-01-30 21:50:17 +08:00
commit 2cb94a3925
6 changed files with 144 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
.env
dashboard_authfile
access.log
certs/

0
README.md Normal file
View File

25
docker-compose.yaml Normal file
View File

@ -0,0 +1,25 @@
services:
traefik:
image: traefik:latest
container_name: traefik
network_mode: host
restart: unless-stopped
environment:
- CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./certs:/letsencrypt
- ./dashboard_authfile:/dashboard_authfile:ro
- ./dynamic.yml:/dynamic.yml
- ./traefik.yml:/traefik.yml:ro
- ./access.log:/access.log:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`gbanyan.net`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.usersfile=/dashboard_authfile"
- "traefik.http.services.traefik.loadbalancer.server.port=443"

6
dynamic.yml Normal file
View File

@ -0,0 +1,6 @@
http:
middlewares:
cloudflarewarp:
plugin:
cloudflarewarp:
disableDefault: false

48
dynamic.yml_bac Normal file
View File

@ -0,0 +1,48 @@
http:
routers:
nextcloud:
rule: Host(`next.gbanyan.net`)
service: nextcloud
middlewares:
- nextcloud-chain
entryPoints: ["websecure"]
tls:
certResolver: letsencrypt
services:
nextcloud:
loadBalancer:
servers:
- url: http://192.168.40.11:8081
middlewares:
limit:
buffering:
memRequestBodyBytes: 2048000
nextcloud-secure-headers:
headers:
hostsProxyHeaders:
- "X-Forwarded-Host"
referrerPolicy: "same-origin"
stsSeconds: 15552000
https-redirect:
redirectscheme:
scheme: https
nextcloud-redirect:
replacepathregex:
regex: "^/.well-known/ca(l|rd)dav"
replacement: "/remote.php/dav/"
nextcloud-webfinger:
replacepathregex:
regex: "^(/.well-known/*)"
replacement: "/index.php$${1}"
nextcloud-chain:
chain:
middlewares:
#- https-redirect
- nextcloud-secure-headers
- nextcloud-redirect
- nextcloud-webfinger

61
traefik.yml Normal file
View File

@ -0,0 +1,61 @@
## STATIC CONFIGURATION
log:
level: DEBUG
accessLog:
filePath: "/access.log"
format: json
filters:
statusCodes:
- "200-299" # log successful http requests
- "400-599" # log failed http requests
#retryAttempts: true
#minDuration: "10ms"
# collect logs as in-memory buffer before writing into log file
bufferingSize: 0
fields:
headers:
defaultMode: drop # drop all headers per default
names:
User-Agent: keep # log user agent strings
api:
insecure: false
dashboard: true
entryPoints:
web:
address: ":80"
http:
redirections: # HTTPS redirection (80 to 443)
entryPoint:
to: "websecure" # The target element
scheme: "https"
# The redirection target scheme
websecure:
address: ":443"
http3: {}
global:
checknewversion: false # Periodically check if a new version has been released.
sendanonymoususage: false # Periodically send anonymous usage statistics.
providers:
docker:
exposedByDefault: false
file:
filename: "/dynamic.yml"
certificatesResolvers:
letsencrypt:
acme:
email: gbanyan.huang@gmail.com
storage: /letsencrypt/acme.json
dnsChallenge:
provider: cloudflare
experimental:
plugins:
cloudflarewarp:
modulename: github.com/BetterCorp/cloudflarewarp
version: v1.4.0