## STATIC CONFIGURATION

log:
  level: "DEBUG"
  filePath: "/var/log/traefik/traefik.log"
accessLog:
  filePath: "/var/log/traefik/access.log"
  filters:
    statusCodes:
      - "200-299" # log successful http requests
      - "400-599" # log failed http requests

api:
  insecure: false
  dashboard: true

entryPoints:
  web:
   address: "10.0.0.225:80"
   forwardedHeaders:
      trustedIPs: &trustedIps
        # Start of Cloudlare's public IP list
        - 103.21.244.0/22
        - 103.22.200.0/22
        - 103.31.4.0/22
        - 104.16.0.0/13
        - 104.24.0.0/14
        - 108.162.192.0/18
        - 131.0.72.0/22
        - 141.101.64.0/18
        - 162.158.0.0/15
        - 172.64.0.0/13
        - 173.245.48.0/20
        - 188.114.96.0/20
        - 190.93.240.0/20
        - 197.234.240.0/22
        - 198.41.128.0/17
        - 2400:cb00::/32
        - 2606:4700::/32
        - 2803:f800::/32
        - 2405:b500::/32
        - 2405:8100::/32
        - 2a06:98c0::/29
        - 2c0f:f248::/32
        # End of Cloudlare's public IP list
   http:
      redirections:                           # HTTPS redirection (80 to 443)
        entryPoint:
          to: "websecure"                         # The target element
          scheme: "https"
  websecure:
    address: "10.0.0.225:443"
    forwardedHeaders:
      # Reuse the list of Cloudflare's public IPs from above
      trustedIPs: *trustedIps
    http3: {}
  internal_web:
    address: "192.168.50.4:80"
    http:
        redirections:                           # HTTPS redirection (80 to 443)
          entryPoint:
            to: "internal_websecure"                         # The target element
            scheme: "https"
  internal_websecure:
    address: "192.168.50.4:443"
    http3: {}
  metrics:
    address: "127.0.0.1:8082"
  dashboard:
    address: "127.0.0.1:9090"

global:
  checknewversion: false                       # Periodically check if a new version has been released.
  sendanonymoususage: false                    # Periodically send anonymous usage statistics.

providers:
  docker:
    exposedByDefault: false
#    network: traefik_default  # Ensure this matches the Docker network
  file:
    filename: "/dynamic.yml"  # Enable dynamic configuration file
certificatesResolvers:
  letsencrypt:
    acme:
      email: gbanyan.huang@gmail.com
      storage: /letsencrypt/acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
#      caServer: "https://acme-staging.api.letsencrypt.org/directory"

metrics:
  prometheus:
    entryPoint: metrics

experimental:
  plugins:
    cloudflare:
      moduleName: github.com/agence-gaya/traefik-plugin-cloudflare
      version: v1.2.0
    bouncer:
      moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
      version: v1.4.2