## STATIC CONFIGURATION

log:
  level: "INFO"
  filePath: "/var/log/traefik/traefik.log"
accessLog:
  filePath: "/var/log/traefik/access.log"
  bufferingSize: 256
  filters:
    statusCodes:
      - "400-599" # focus on failed http requests
  fields:
    defaultMode: drop
    names:
      ClientHost: keep
      ClientPort: keep
      Duration: keep
      RequestMethod: keep
      RequestPath: keep
      RequestProtocol: keep
      RouterName: keep
      ServiceName: keep
      ServiceURL: keep
      Status: keep

api:
  insecure: false
  dashboard: true

entryPoints:
  web:
    address: "10.0.0.225:80"
    forwardedHeaders:
      trustedIPs:
        - "173.245.48.0/20"
        - "103.21.244.0/22"
        - "103.22.200.0/22"
        - "103.31.4.0/22"
        - "141.101.64.0/18"
        - "108.162.192.0/18"
        - "190.93.240.0/20"
        - "188.114.96.0/20"
        - "197.234.240.0/22"
        - "198.41.128.0/17"
        - "162.158.0.0/15"
        - "104.16.0.0/13"
        - "104.24.0.0/14"
        - "172.64.0.0/13"
        - "131.0.72.0/22"
        - "2400:cb00::/32"
        - "2606:4700::/32"
        - "2803:f800::/32"
        - "2405:b500::/32"
        - "2405:8100::/32"
        - "2a06:98c0::/29"
        - "2c0f:f248::/32"
    http:
      redirections:                           # HTTPS redirection (80 to 443)
        entryPoint:
          to: "websecure"                         # The target element
          scheme: "https"
  websecure:
    address: "10.0.0.225:443"
    forwardedHeaders:
      trustedIPs:
        - "173.245.48.0/20"
        - "103.21.244.0/22"
        - "103.22.200.0/22"
        - "103.31.4.0/22"
        - "141.101.64.0/18"
        - "108.162.192.0/18"
        - "190.93.240.0/20"
        - "188.114.96.0/20"
        - "197.234.240.0/22"
        - "198.41.128.0/17"
        - "162.158.0.0/15"
        - "104.16.0.0/13"
        - "104.24.0.0/14"
        - "172.64.0.0/13"
        - "131.0.72.0/22"
        - "2400:cb00::/32"
        - "2606:4700::/32"
        - "2803:f800::/32"
        - "2405:b500::/32"
        - "2405:8100::/32"
        - "2a06:98c0::/29"
        - "2c0f:f248::/32"
  internal_web:
    address: "192.168.50.4:80"
    http:
        redirections:                           # HTTPS redirection (80 to 443)
          entryPoint:
            to: "internal_websecure"                         # The target element
            scheme: "https"
  internal_websecure:
    address: "192.168.50.4:443"
  metrics:
    address: ":8082"
  dashboard:
    address: "127.0.0.1:9090"

global:
  checknewversion: false                       # Periodically check if a new version has been released.
  sendanonymoususage: false                    # Periodically send anonymous usage statistics.

providers:
  docker:
    exposedByDefault: false
    # defaultRule: "Host(`{{ .ContainerName }}.gbanyan.net`)"
  file:
    filename: "/dynamic.yml"  # Enable dynamic configuration file
certificatesResolvers:
  letsencrypt:
    acme:
      email: gbanyan.huang@gmail.com
      storage: /letsencrypt/acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
#      caServer: "https://acme-staging.api.letsencrypt.org/directory"

metrics:
  prometheus:
    entryPoint: metrics

experimental:
  plugins:
    bouncer:
      moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
      version: v1.4.2