Compare commits
2 Commits
main
...
feature/so
| Author | SHA1 | Date | |
|---|---|---|---|
| 3fc856c77a | |||
| 3662ab2605 |
@ -90,7 +90,4 @@ PS: Because I access my traefik dashboard through my local network. I commented
|
|||||||
|
|
||||||
2. ChangeLog:
|
2. ChangeLog:
|
||||||
|
|
||||||
- 2025.4.21 Add the defaulthost rule for container name for lazy writing. But commented out for precision.
|
- 2025.4.18 Add Souin HTTP Cache Middleware.
|
||||||
- 2025.4.21 Fix the trused IP settings to let the traefik-plugin-cloudflare tackle it.
|
|
||||||
- 2025.4.18 Add Souin HTTP Cache Middleware (in feature branch, not merge into main)
|
|
||||||
- 2025.4.18 Temp disable the compression middleware. It has MIME type bugs.
|
|
||||||
@ -6,7 +6,7 @@ services:
|
|||||||
# ports:
|
# ports:
|
||||||
# - 10.0.0.225:80:80
|
# - 10.0.0.225:80:80
|
||||||
# - 10.0.0.225:443:443
|
# - 10.0.0.225:443:443
|
||||||
# - 192.168.50.4:8080:8080
|
# - 192.168.50.4:9090:9090
|
||||||
# - 192.168.50.4:80:80
|
# - 192.168.50.4:80:80
|
||||||
# - 192.168.50.4:443:443 # Added port mapping for the dashboard
|
# - 192.168.50.4:443:443 # Added port mapping for the dashboard
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@ -33,9 +33,15 @@ services:
|
|||||||
- "com.centurylinklabs.watchtower.enable=true" # Added label for Watchtower
|
- "com.centurylinklabs.watchtower.enable=true" # Added label for Watchtower
|
||||||
# "traefik.http.middlewares.auth.basicauth.usersfile=/dashboard_authfile"
|
# "traefik.http.middlewares.auth.basicauth.usersfile=/dashboard_authfile"
|
||||||
- "traefik.http.services.traefik.loadbalancer.server.port=9090"
|
- "traefik.http.services.traefik.loadbalancer.server.port=9090"
|
||||||
|
redis:
|
||||||
#networks:
|
image: valkey/valkey:latest
|
||||||
|
container_name: traefik-redis
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
internal_traefik_default:
|
||||||
|
ipv4_address: 172.20.0.100
|
||||||
|
networks:
|
||||||
# traefik_default:
|
# traefik_default:
|
||||||
# external: true
|
# external: true
|
||||||
# internal_traefik_default:
|
internal_traefik_default:
|
||||||
# external: true
|
external: true
|
||||||
|
|||||||
18
dynamic.yml
18
dynamic.yml
@ -30,6 +30,22 @@ http:
|
|||||||
- application/javascript
|
- application/javascript
|
||||||
- application/json
|
- application/json
|
||||||
- text/plain
|
- text/plain
|
||||||
|
http-cache:
|
||||||
|
plugin:
|
||||||
|
souin:
|
||||||
|
default_cache:
|
||||||
|
ttl: 10s
|
||||||
|
default_cache_control: public, max-age=600
|
||||||
|
redis:
|
||||||
|
url: 172.20.0.100://redis:6379
|
||||||
|
allowed_http_verbs:
|
||||||
|
- GET
|
||||||
|
- HEAD
|
||||||
|
- POST
|
||||||
|
log_level: debug
|
||||||
|
api:
|
||||||
|
souin: {}
|
||||||
|
prometheus: {}
|
||||||
routers:
|
routers:
|
||||||
block-direct-access:
|
block-direct-access:
|
||||||
rule: "HostRegexp(`{host:.+}`)" # Matches any host
|
rule: "HostRegexp(`{host:.+}`)" # Matches any host
|
||||||
@ -51,4 +67,4 @@ http:
|
|||||||
netdata:
|
netdata:
|
||||||
loadBalancer:
|
loadBalancer:
|
||||||
servers:
|
servers:
|
||||||
- url: "http://127.0.0.1:19999"
|
- url: "http://127.0.0.1:19999"
|
||||||
|
|||||||
34
traefik.yml
34
traefik.yml
@ -18,7 +18,31 @@ entryPoints:
|
|||||||
web:
|
web:
|
||||||
address: "10.0.0.225:80"
|
address: "10.0.0.225:80"
|
||||||
forwardedHeaders:
|
forwardedHeaders:
|
||||||
insecure: true #traefik-plugin-cloudflare already handle the real-ip from cloudflare to X-Forwarded-For
|
trustedIPs: &trustedIps
|
||||||
|
# Start of Cloudlare's public IP list
|
||||||
|
- 103.21.244.0/22
|
||||||
|
- 103.22.200.0/22
|
||||||
|
- 103.31.4.0/22
|
||||||
|
- 104.16.0.0/13
|
||||||
|
- 104.24.0.0/14
|
||||||
|
- 108.162.192.0/18
|
||||||
|
- 131.0.72.0/22
|
||||||
|
- 141.101.64.0/18
|
||||||
|
- 162.158.0.0/15
|
||||||
|
- 172.64.0.0/13
|
||||||
|
- 173.245.48.0/20
|
||||||
|
- 188.114.96.0/20
|
||||||
|
- 190.93.240.0/20
|
||||||
|
- 197.234.240.0/22
|
||||||
|
- 198.41.128.0/17
|
||||||
|
- 2400:cb00::/32
|
||||||
|
- 2606:4700::/32
|
||||||
|
- 2803:f800::/32
|
||||||
|
- 2405:b500::/32
|
||||||
|
- 2405:8100::/32
|
||||||
|
- 2a06:98c0::/29
|
||||||
|
- 2c0f:f248::/32
|
||||||
|
# End of Cloudlare's public IP list
|
||||||
http:
|
http:
|
||||||
redirections: # HTTPS redirection (80 to 443)
|
redirections: # HTTPS redirection (80 to 443)
|
||||||
entryPoint:
|
entryPoint:
|
||||||
@ -27,7 +51,8 @@ entryPoints:
|
|||||||
websecure:
|
websecure:
|
||||||
address: "10.0.0.225:443"
|
address: "10.0.0.225:443"
|
||||||
forwardedHeaders:
|
forwardedHeaders:
|
||||||
insecure: true
|
# Reuse the list of Cloudflare's public IPs from above
|
||||||
|
trustedIPs: *trustedIps
|
||||||
http3: {}
|
http3: {}
|
||||||
internal_web:
|
internal_web:
|
||||||
address: "192.168.50.4:80"
|
address: "192.168.50.4:80"
|
||||||
@ -51,7 +76,7 @@ global:
|
|||||||
providers:
|
providers:
|
||||||
docker:
|
docker:
|
||||||
exposedByDefault: false
|
exposedByDefault: false
|
||||||
# defaultRule: "Host(`{{ .ContainerName }}.gbanyan.net`)"
|
# network: traefik_default # Ensure this matches the Docker network
|
||||||
file:
|
file:
|
||||||
filename: "/dynamic.yml" # Enable dynamic configuration file
|
filename: "/dynamic.yml" # Enable dynamic configuration file
|
||||||
certificatesResolvers:
|
certificatesResolvers:
|
||||||
@ -78,3 +103,6 @@ experimental:
|
|||||||
bouncer:
|
bouncer:
|
||||||
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
|
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
|
||||||
version: v1.4.2
|
version: v1.4.2
|
||||||
|
souin:
|
||||||
|
moduleName: github.com/darkweak/souin
|
||||||
|
version: v1.7.6
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user