first commit

2025-04-16 16:01:11 +08:00
commit 591667f0f7
10 changed files with 295 additions and 0 deletions
--- a/traefik.yml
+++ b/traefik.yml
@@ -0,0 +1,103 @@
+## STATIC CONFIGURATION
+
+log:
+  level: "DEBUG"
+  filePath: "/var/log/traefik/traefik.log"
+accessLog:
+  filePath: "/var/log/traefik/access.log"
+  filters:
+    statusCodes:
+      - "200-299" # log successful http requests
+      - "400-599" # log failed http requests
+
+api:
+  insecure: false
+  dashboard: true
+
+entryPoints:
+  web:
+   address: "10.0.0.225:80"
+   forwardedHeaders:
+      trustedIPs: &trustedIps
+        # Start of Cloudlare's public IP list
+        - 103.21.244.0/22
+        - 103.22.200.0/22
+        - 103.31.4.0/22
+        - 104.16.0.0/13
+        - 104.24.0.0/14
+        - 108.162.192.0/18
+        - 131.0.72.0/22
+        - 141.101.64.0/18
+        - 162.158.0.0/15
+        - 172.64.0.0/13
+        - 173.245.48.0/20
+        - 188.114.96.0/20
+        - 190.93.240.0/20
+        - 197.234.240.0/22
+        - 198.41.128.0/17
+        - 2400:cb00::/32
+        - 2606:4700::/32
+        - 2803:f800::/32
+        - 2405:b500::/32
+        - 2405:8100::/32
+        - 2a06:98c0::/29
+        - 2c0f:f248::/32
+        # End of Cloudlare's public IP list
+   http:
+      redirections:                           # HTTPS redirection (80 to 443)
+        entryPoint:
+          to: "websecure"                         # The target element
+          scheme: "https"
+  websecure:
+    address: "10.0.0.225:443"
+    forwardedHeaders:
+      # Reuse the list of Cloudflare's public IPs from above
+      trustedIPs: *trustedIps
+    http3: {}
+  internal_web:
+    address: "192.168.50.4:80"
+    http:
+        redirections:                           # HTTPS redirection (80 to 443)
+          entryPoint:
+            to: "internal_websecure"                         # The target element
+            scheme: "https"
+  internal_websecure:
+    address: "192.168.50.4:443"
+    http3: {}
+  metrics:
+    address: "127.0.0.1:8082"
+
+global:
+  checknewversion: false                       # Periodically check if a new version has been released.
+  sendanonymoususage: false                    # Periodically send anonymous usage statistics.
+
+providers:
+  docker:
+    exposedByDefault: false
+#    network: traefik_default  # Ensure this matches the Docker network
+  file:
+    filename: "/dynamic.yml"  # Enable dynamic configuration file
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: gbanyan.huang@gmail.com
+      storage: /letsencrypt/acme.json
+      dnsChallenge:
+        provider: cloudflare
+        resolvers:
+          - "1.1.1.1:53"
+          - "8.8.8.8:53"
+#      caServer: "https://acme-staging.api.letsencrypt.org/directory"
+
+metrics:
+  prometheus:
+    entryPoint: metrics
+
+experimental:
+  plugins:
+    cloudflare:
+      moduleName: github.com/agence-gaya/traefik-plugin-cloudflare
+      version: v1.2.0
+    bouncer:
+      moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
+      version: v1.4.2