109 lines
2.9 KiB
YAML
109 lines
2.9 KiB
YAML
## STATIC CONFIGURATION
|
|
|
|
log:
|
|
level: "DEBUG"
|
|
filePath: "/var/log/traefik/traefik.log"
|
|
accessLog:
|
|
filePath: "/var/log/traefik/access.log"
|
|
filters:
|
|
statusCodes:
|
|
- "200-299" # log successful http requests
|
|
- "400-599" # log failed http requests
|
|
|
|
api:
|
|
insecure: false
|
|
dashboard: true
|
|
|
|
entryPoints:
|
|
web:
|
|
address: "10.0.0.225:80"
|
|
forwardedHeaders:
|
|
trustedIPs: &trustedIps
|
|
# Start of Cloudlare's public IP list
|
|
- 103.21.244.0/22
|
|
- 103.22.200.0/22
|
|
- 103.31.4.0/22
|
|
- 104.16.0.0/13
|
|
- 104.24.0.0/14
|
|
- 108.162.192.0/18
|
|
- 131.0.72.0/22
|
|
- 141.101.64.0/18
|
|
- 162.158.0.0/15
|
|
- 172.64.0.0/13
|
|
- 173.245.48.0/20
|
|
- 188.114.96.0/20
|
|
- 190.93.240.0/20
|
|
- 197.234.240.0/22
|
|
- 198.41.128.0/17
|
|
- 2400:cb00::/32
|
|
- 2606:4700::/32
|
|
- 2803:f800::/32
|
|
- 2405:b500::/32
|
|
- 2405:8100::/32
|
|
- 2a06:98c0::/29
|
|
- 2c0f:f248::/32
|
|
# End of Cloudlare's public IP list
|
|
http:
|
|
redirections: # HTTPS redirection (80 to 443)
|
|
entryPoint:
|
|
to: "websecure" # The target element
|
|
scheme: "https"
|
|
websecure:
|
|
address: "10.0.0.225:443"
|
|
forwardedHeaders:
|
|
# Reuse the list of Cloudflare's public IPs from above
|
|
trustedIPs: *trustedIps
|
|
http3: {}
|
|
internal_web:
|
|
address: "192.168.50.4:80"
|
|
http:
|
|
redirections: # HTTPS redirection (80 to 443)
|
|
entryPoint:
|
|
to: "internal_websecure" # The target element
|
|
scheme: "https"
|
|
internal_websecure:
|
|
address: "192.168.50.4:443"
|
|
http3: {}
|
|
metrics:
|
|
address: "127.0.0.1:8082"
|
|
dashboard:
|
|
address: "127.0.0.1:9090"
|
|
|
|
global:
|
|
checknewversion: false # Periodically check if a new version has been released.
|
|
sendanonymoususage: false # Periodically send anonymous usage statistics.
|
|
|
|
providers:
|
|
docker:
|
|
exposedByDefault: false
|
|
# network: traefik_default # Ensure this matches the Docker network
|
|
file:
|
|
filename: "/dynamic.yml" # Enable dynamic configuration file
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
acme:
|
|
email: gbanyan.huang@gmail.com
|
|
storage: /letsencrypt/acme.json
|
|
dnsChallenge:
|
|
provider: cloudflare
|
|
resolvers:
|
|
- "1.1.1.1:53"
|
|
- "8.8.8.8:53"
|
|
# caServer: "https://acme-staging.api.letsencrypt.org/directory"
|
|
|
|
metrics:
|
|
prometheus:
|
|
entryPoint: metrics
|
|
|
|
experimental:
|
|
plugins:
|
|
cloudflare:
|
|
moduleName: github.com/agence-gaya/traefik-plugin-cloudflare
|
|
version: v1.2.0
|
|
bouncer:
|
|
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
|
|
version: v1.4.2
|
|
souin:
|
|
moduleName: github.com/darkweak/souin
|
|
version: v1.7.6
|