gbanyan/GB-Traefik
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: gbanyan:feature/souin-http-cache
Branches Tags
gbanyan:main
gbanyan:feature/souin-http-cache
..
compare: gbanyan:main
Branches Tags
gbanyan:main
gbanyan:feature/souin-http-cache

2 Commits
feature/so ... main

Author SHA1 Message Date
Gbanyan
44a8560f5a Fix Cloudflare Trusted IP settings 2025-04-21 18:59:59 +08:00
Gbanyan
0826bb4502 README Changelog Update 2025-04-19 01:20:50 +08:00
4 changed files with 13 additions and 60 deletions
Show Stats Expand all files Collapse all files

5
README.md
View File

@ -90,4 +90,7 @@ PS: Because I access my traefik dashboard through my local network. I commented
2. ChangeLog:
- 2025.4.18 Add Souin HTTP Cache Middleware.
- 2025.4.21 Add the defaulthost rule for container name for lazy writing. But commented out for precision.
- 2025.4.21 Fix the trused IP settings to let the traefik-plugin-cloudflare tackle it.
- 2025.4.18 Add Souin HTTP Cache Middleware (in feature branch, not merge into main)
- 2025.4.18 Temp disable the compression middleware. It has MIME type bugs.

16
docker-compose.yaml
View File

@ -6,7 +6,7 @@ services:
# ports:
# - 10.0.0.225:80:80
# - 10.0.0.225:443:443
# - 192.168.50.4:9090:9090
# - 192.168.50.4:8080:8080
# - 192.168.50.4:80:80
# - 192.168.50.4:443:443 # Added port mapping for the dashboard
restart: unless-stopped
@ -33,15 +33,9 @@ services:
- "com.centurylinklabs.watchtower.enable=true" # Added label for Watchtower
# "traefik.http.middlewares.auth.basicauth.usersfile=/dashboard_authfile"
- "traefik.http.services.traefik.loadbalancer.server.port=9090"
redis:
image: valkey/valkey:latest
container_name: traefik-redis
restart: unless-stopped
networks:
internal_traefik_default:
ipv4_address: 172.20.0.100
networks:
#networks:
# traefik_default:
# external: true
internal_traefik_default:
external: true
# internal_traefik_default:
# external: true

18
dynamic.yml
View File

@ -30,22 +30,6 @@ http:
- application/javascript
- application/json
- text/plain
http-cache:
plugin:
souin:
default_cache:
ttl: 10s
default_cache_control: public, max-age=600
redis:
url: 172.20.0.100://redis:6379
allowed_http_verbs:
- GET
- HEAD
- POST
log_level: debug
api:
souin: {}
prometheus: {}
routers:
block-direct-access:
rule: "HostRegexp(`{host:.+}`)" # Matches any host
@ -67,4 +51,4 @@ http:
netdata:
loadBalancer:
servers:
- url: "http://127.0.0.1:19999"
- url: "http://127.0.0.1:19999"

34
traefik.yml
View File

@ -18,31 +18,7 @@ entryPoints:
web:
address: "10.0.0.225:80"
forwardedHeaders:
trustedIPs: &trustedIps
# Start of Cloudlare's public IP list
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 104.16.0.0/13
- 104.24.0.0/14
- 108.162.192.0/18
- 131.0.72.0/22
- 141.101.64.0/18
- 162.158.0.0/15
- 172.64.0.0/13
- 173.245.48.0/20
- 188.114.96.0/20
- 190.93.240.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 2400:cb00::/32
- 2606:4700::/32
- 2803:f800::/32
- 2405:b500::/32
- 2405:8100::/32
- 2a06:98c0::/29
- 2c0f:f248::/32
# End of Cloudlare's public IP list
insecure: true #traefik-plugin-cloudflare already handle the real-ip from cloudflare to X-Forwarded-For
http:
redirections: # HTTPS redirection (80 to 443)
entryPoint:
@ -51,8 +27,7 @@ entryPoints:
websecure:
address: "10.0.0.225:443"
forwardedHeaders:
# Reuse the list of Cloudflare's public IPs from above
trustedIPs: *trustedIps
insecure: true
http3: {}
internal_web:
address: "192.168.50.4:80"
@ -76,7 +51,7 @@ global:
providers:
docker:
exposedByDefault: false
# network: traefik_default # Ensure this matches the Docker network
# defaultRule: "Host(`{{ .ContainerName }}.gbanyan.net`)"
file:
filename: "/dynamic.yml" # Enable dynamic configuration file
certificatesResolvers:
@ -103,6 +78,3 @@ experimental:
bouncer:
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
version: v1.4.2
souin:
moduleName: github.com/darkweak/souin
version: v1.7.6