Added config

2025-07-02 11:05:05 +02:00 · 2025-07-02 11:05:05 +02:00 · 5bf5a49983
commit 5bf5a49983
parent bf4df82068
5 changed files with 109 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+ssl/
--- a/conf.d/config.yaml
+++ b/conf.d/config.yaml
@ -0,0 +1,15 @@
+http:
+  routers:
+    wild:
+      rule: "Host(`hemlabb.uk`)"
+      entrypoints:
+        - websecure
+      service: "uptime-kuma@docker"
+      tls:
+        certresolver: cloudflare
+        domains:
+          - main: "hemlabb.uk"
+            sans:
+              - "*.hemlabb.uk"
+
+
--- a/conf.d/gitea.yaml
+++ b/conf.d/gitea.yaml
@ -0,0 +1,12 @@
+http:
+  routers:
+    gitea:
+      rule: "Host(`gitea.hemlabb.uk`)"
+      service: gitea
+      entryPoints:
+        - websecure
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: "https://gitea.lab:3000" # Replace with your service's address
--- a/conf.d/pihole.yaml
+++ b/conf.d/pihole.yaml
@ -0,0 +1,12 @@
+http:
+  routers:
+    pihole:
+      rule: "Host(`pihole.hemlabb.uk`)"
+      service: pihole
+      entryPoints:
+        - websecure
+  services:
+    pihole:
+      loadBalancer:
+        servers:
+          - url: "http://192.168.1.11/admin" # Replace with your service's address
--- a/traefik.yaml
+++ b/traefik.yaml
@ -0,0 +1,69 @@
+providers:
+  file:
+    directory: /etc/traefik/conf.d/
+  docker:
+    endpoint: tcp://nas.lab:2375
+    exposedByDefault: false
+    useBindPortIP: true
+entryPoints:
+  web:
+    address: ':80'
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: ':443'
+    http:
+      tls:
+        certResolver: letsencrypt
+  traefik:
+    address: ':8080'
+
+certificatesResolvers:
+  cloudflare:
+    acme:
+      email: s.nilsson@me.com
+      storage: /etc/traefik/ssl/acme.json
+      # caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
+      caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
+      dnsChallenge:
+        provider: cloudflare
+        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
+        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
+        resolvers:
+          - "1.1.1.1:53"
+          - "1.0.0.1:53"
+            #  letsencrypt:
+            #    acme:
+            #      email: "foo@bar.com"
+            #      storage: /etc/traefik/ssl/acme.json
+            #      tlsChallenge: {}
+
+api:
+  dashboard: true
+  insecure: true
+
+tracing: {}
+
+log:
+  filePath: /var/log/traefik/traefik.log
+  format: json
+  level: INFO
+
+accessLog:
+  filePath: /var/log/traefik/traefik-access.log
+  format: json
+  filters:
+    statusCodes:
+      - "200"
+      - "400-599"
+    retryAttempts: true
+    minDuration: "10ms"
+  bufferingSize: 0
+  fields:
+    headers:
+      defaultMode: drop
+      names:
+        User-Agent: keep