Added ssh for gitea

2025-07-02 16:38:28 +02:00 · 2025-07-02 16:38:28 +02:00 · 4ae1752f90
commit 4ae1752f90
parent 5bf5a49983
3 changed files with 31 additions and 13 deletions
--- a/conf.d/config.yaml
+++ b/conf.d/config.yaml
@ -4,12 +4,10 @@ http:
      rule: "Host(`hemlabb.uk`)"
      entrypoints:
        - websecure
-      service: "uptime-kuma@docker"
+      service: "kuma@docker"
      tls:
        certresolver: cloudflare
        domains:
          - main: "hemlabb.uk"
            sans:
              - "*.hemlabb.uk"
-
-
--- a/conf.d/gitea.yaml
+++ b/conf.d/gitea.yaml
@ -1,12 +1,35 @@
+tcp:
+  routers:
+    gitea-ssh:
+      entryPoints:
+        - ssh
+      rule: "HostSNI(`*`)"
+      service: gitea-ssh
+
+  services:
+    gitea-ssh:
+      loadBalancer:
+        servers:
+          - address: "gitea.lab:22"
+
 http:
  routers:
    gitea:
      rule: "Host(`gitea.hemlabb.uk`)"
-      service: gitea
      entryPoints:
        - websecure
+      service: gitea
+      tls:
+        certResolver: cloudflare
+
  services:
    gitea:
      loadBalancer:
        servers:
-          - url: "https://gitea.lab:3000" # Replace with your service's address
+          - url: "http://gitea.lab:3000"
+
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
--- a/traefik.yaml
+++ b/traefik.yaml
@ -17,7 +17,9 @@ entryPoints:
    address: ':443'
    http:
      tls:
-        certResolver: letsencrypt
+        certResolver: cloudflare
+  ssh:
+    address: ':2222'
  traefik:
    address: ':8080'

@ -26,8 +28,8 @@ certificatesResolvers:
    acme:
      email: s.nilsson@me.com
      storage: /etc/traefik/ssl/acme.json
-      # caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
-      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
+      #caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
+      #caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
@ -35,11 +37,6 @@ certificatesResolvers:
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
-            #  letsencrypt:
-            #    acme:
-            #      email: "foo@bar.com"
-            #      storage: /etc/traefik/ssl/acme.json
-            #      tlsChallenge: {}

 api:
  dashboard: true