From 5bf5a49983a0e1aca18e96f36f91418aaeb1dd80 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 2 Jul 2025 11:05:05 +0200 Subject: [PATCH] Added config --- .gitignore | 1 + conf.d/config.yaml | 15 ++++++++++ conf.d/gitea.yaml | 12 ++++++++ conf.d/pihole.yaml | 12 ++++++++ traefik.yaml | 69 ++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 109 insertions(+) create mode 100644 .gitignore create mode 100644 conf.d/config.yaml create mode 100644 conf.d/gitea.yaml create mode 100644 conf.d/pihole.yaml create mode 100644 traefik.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6a0b115 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +ssl/ diff --git a/conf.d/config.yaml b/conf.d/config.yaml new file mode 100644 index 0000000..fbf3805 --- /dev/null +++ b/conf.d/config.yaml @@ -0,0 +1,15 @@ +http: + routers: + wild: + rule: "Host(`hemlabb.uk`)" + entrypoints: + - websecure + service: "uptime-kuma@docker" + tls: + certresolver: cloudflare + domains: + - main: "hemlabb.uk" + sans: + - "*.hemlabb.uk" + + diff --git a/conf.d/gitea.yaml b/conf.d/gitea.yaml new file mode 100644 index 0000000..905e8b4 --- /dev/null +++ b/conf.d/gitea.yaml @@ -0,0 +1,12 @@ +http: + routers: + gitea: + rule: "Host(`gitea.hemlabb.uk`)" + service: gitea + entryPoints: + - websecure + services: + gitea: + loadBalancer: + servers: + - url: "https://gitea.lab:3000" # Replace with your service's address \ No newline at end of file diff --git a/conf.d/pihole.yaml b/conf.d/pihole.yaml new file mode 100644 index 0000000..0b35b56 --- /dev/null +++ b/conf.d/pihole.yaml @@ -0,0 +1,12 @@ +http: + routers: + pihole: + rule: "Host(`pihole.hemlabb.uk`)" + service: pihole + entryPoints: + - websecure + services: + pihole: + loadBalancer: + servers: + - url: "http://192.168.1.11/admin" # Replace with your service's address diff --git a/traefik.yaml b/traefik.yaml new file mode 100644 index 0000000..86afe10 --- /dev/null +++ b/traefik.yaml @@ -0,0 +1,69 @@ +providers: + file: + directory: /etc/traefik/conf.d/ + docker: + endpoint: tcp://nas.lab:2375 + exposedByDefault: false + useBindPortIP: true +entryPoints: + web: + address: ':80' + http: + redirections: + entryPoint: + to: websecure + scheme: https + websecure: + address: ':443' + http: + tls: + certResolver: letsencrypt + traefik: + address: ':8080' + +certificatesResolvers: + cloudflare: + acme: + email: s.nilsson@me.com + storage: /etc/traefik/ssl/acme.json + # caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default) + caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging + dnsChallenge: + provider: cloudflare + #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers. + #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted + resolvers: + - "1.1.1.1:53" + - "1.0.0.1:53" + # letsencrypt: + # acme: + # email: "foo@bar.com" + # storage: /etc/traefik/ssl/acme.json + # tlsChallenge: {} + +api: + dashboard: true + insecure: true + +tracing: {} + +log: + filePath: /var/log/traefik/traefik.log + format: json + level: INFO + +accessLog: + filePath: /var/log/traefik/traefik-access.log + format: json + filters: + statusCodes: + - "200" + - "400-599" + retryAttempts: true + minDuration: "10ms" + bufferingSize: 0 + fields: + headers: + defaultMode: drop + names: + User-Agent: keep