Compare commits
2 Commits
feature/so
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 44a8560f5a | |||
| 0826bb4502 |
13
README.md
13
README.md
@ -81,3 +81,16 @@ labels:
|
||||
I mount the access.log for crowdsec firewall to read.
|
||||
|
||||
PS: Because I access my traefik dashboard through my local network. I commented out the authetication method for dashboard.
|
||||
|
||||
## Discussion and Changelog
|
||||
|
||||
1. Traefik vs Nginx
|
||||
- Performance: Nginx is still better at high traffic. After all it is written in C. Traefik 3 though claims it has higher 20% performance than before. The latency still showed a little higher than nginx.
|
||||
- Docker Deployment Ease: Traefik is easier for docker service deployment. In my environment, I can assign each docker stack with labels and then guides the traefik to add Let's encrypt SSL.
|
||||
|
||||
2. ChangeLog:
|
||||
|
||||
- 2025.4.21 Add the defaulthost rule for container name for lazy writing. But commented out for precision.
|
||||
- 2025.4.21 Fix the trused IP settings to let the traefik-plugin-cloudflare tackle it.
|
||||
- 2025.4.18 Add Souin HTTP Cache Middleware (in feature branch, not merge into main)
|
||||
- 2025.4.18 Temp disable the compression middleware. It has MIME type bugs.
|
||||
31
traefik.yml
31
traefik.yml
@ -18,31 +18,7 @@ entryPoints:
|
||||
web:
|
||||
address: "10.0.0.225:80"
|
||||
forwardedHeaders:
|
||||
trustedIPs: &trustedIps
|
||||
# Start of Cloudlare's public IP list
|
||||
- 103.21.244.0/22
|
||||
- 103.22.200.0/22
|
||||
- 103.31.4.0/22
|
||||
- 104.16.0.0/13
|
||||
- 104.24.0.0/14
|
||||
- 108.162.192.0/18
|
||||
- 131.0.72.0/22
|
||||
- 141.101.64.0/18
|
||||
- 162.158.0.0/15
|
||||
- 172.64.0.0/13
|
||||
- 173.245.48.0/20
|
||||
- 188.114.96.0/20
|
||||
- 190.93.240.0/20
|
||||
- 197.234.240.0/22
|
||||
- 198.41.128.0/17
|
||||
- 2400:cb00::/32
|
||||
- 2606:4700::/32
|
||||
- 2803:f800::/32
|
||||
- 2405:b500::/32
|
||||
- 2405:8100::/32
|
||||
- 2a06:98c0::/29
|
||||
- 2c0f:f248::/32
|
||||
# End of Cloudlare's public IP list
|
||||
insecure: true #traefik-plugin-cloudflare already handle the real-ip from cloudflare to X-Forwarded-For
|
||||
http:
|
||||
redirections: # HTTPS redirection (80 to 443)
|
||||
entryPoint:
|
||||
@ -51,8 +27,7 @@ entryPoints:
|
||||
websecure:
|
||||
address: "10.0.0.225:443"
|
||||
forwardedHeaders:
|
||||
# Reuse the list of Cloudflare's public IPs from above
|
||||
trustedIPs: *trustedIps
|
||||
insecure: true
|
||||
http3: {}
|
||||
internal_web:
|
||||
address: "192.168.50.4:80"
|
||||
@ -76,7 +51,7 @@ global:
|
||||
providers:
|
||||
docker:
|
||||
exposedByDefault: false
|
||||
# network: traefik_default # Ensure this matches the Docker network
|
||||
# defaultRule: "Host(`{{ .ContainerName }}.gbanyan.net`)"
|
||||
file:
|
||||
filename: "/dynamic.yml" # Enable dynamic configuration file
|
||||
certificatesResolvers:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user