modified: docker-compose.yml
modified: traefik/dynamic.yml modified: traefik/traefik.yml
This commit is contained in:
+9
-1
@@ -19,6 +19,10 @@ services:
|
|||||||
- ${PROJECT_ROOT}/traefik/letsencrypt:/letsencrypt
|
- ${PROJECT_ROOT}/traefik/letsencrypt:/letsencrypt
|
||||||
- ${PROJECT_ROOT}/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
|
- ${PROJECT_ROOT}/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
|
||||||
- ${PROJECT_ROOT}/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
|
- ${PROJECT_ROOT}/traefik/dynamic.yml:/etc/traefik/dynamic.yml:ro
|
||||||
|
- ${PROJECT_ROOT}/traefik/certs:/etc/traefik/certs:ro
|
||||||
|
healthcheck:
|
||||||
|
test: traefik healthcheck --ping
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
- proxy
|
- proxy
|
||||||
|
|
||||||
@@ -45,7 +49,7 @@ services:
|
|||||||
- traefik.http.routers.kuma.entrypoints=websecure
|
- traefik.http.routers.kuma.entrypoints=websecure
|
||||||
- traefik.http.routers.kuma.tls=true
|
- traefik.http.routers.kuma.tls=true
|
||||||
- traefik.http.routers.kuma.tls.certresolver=le
|
- traefik.http.routers.kuma.tls.certresolver=le
|
||||||
|
- traefik.http.routers.kuma.tls.options=mtls-private-admin@file
|
||||||
# Service -> container port
|
# Service -> container port
|
||||||
- traefik.http.services.kuma.loadbalancer.server.port=3001
|
- traefik.http.services.kuma.loadbalancer.server.port=3001
|
||||||
# - traefik.http.routers.kuma.middlewares=default-chain@file
|
# - traefik.http.routers.kuma.middlewares=default-chain@file
|
||||||
@@ -177,3 +181,7 @@ services:
|
|||||||
networks:
|
networks:
|
||||||
proxy:
|
proxy:
|
||||||
name: proxy
|
name: proxy
|
||||||
|
driver: bridge
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: 172.21.0.0/16
|
||||||
|
|||||||
@@ -25,3 +25,12 @@ http:
|
|||||||
middlewares:
|
middlewares:
|
||||||
- secHeaders
|
- secHeaders
|
||||||
- crowdsec
|
- crowdsec
|
||||||
|
tls:
|
||||||
|
options:
|
||||||
|
mtls-private-admin:
|
||||||
|
minVersion: VersionTLS12
|
||||||
|
sniStrict: true
|
||||||
|
clientAuth:
|
||||||
|
caFiles:
|
||||||
|
- /etc/traefik/certs/ca/clients-ca.crt
|
||||||
|
clientAuthType: RequireAndVerifyClientCert
|
||||||
|
|||||||
@@ -13,6 +13,17 @@ accessLog:
|
|||||||
entryPoints:
|
entryPoints:
|
||||||
web:
|
web:
|
||||||
address: ":80"
|
address: ":80"
|
||||||
|
forwardedHeaders:
|
||||||
|
# Trust forwarding headers only from upstream proxies/LBs under our control.
|
||||||
|
# Network assumptions for this stack:
|
||||||
|
# - 127.0.0.1/32: local host-side reverse-proxy hops
|
||||||
|
# - 192.168.2.0/24: LAN edge proxies
|
||||||
|
# - 172.21.0.0/16: pinned Docker subnet for the traefik bridge network
|
||||||
|
insecure: false
|
||||||
|
trustedIPs:
|
||||||
|
- "127.0.0.1/32"
|
||||||
|
- "192.168.0.0/24"
|
||||||
|
- "172.21.0.0/16"
|
||||||
http:
|
http:
|
||||||
redirections:
|
redirections:
|
||||||
entryPoint:
|
entryPoint:
|
||||||
@@ -21,6 +32,12 @@ entryPoints:
|
|||||||
|
|
||||||
websecure:
|
websecure:
|
||||||
address: ":443"
|
address: ":443"
|
||||||
|
forwardedHeaders:
|
||||||
|
insecure: false
|
||||||
|
trustedIPs:
|
||||||
|
- "127.0.0.1/32"
|
||||||
|
- "192.168.0.0/24"
|
||||||
|
- "172.21.0.0/16"
|
||||||
http:
|
http:
|
||||||
middlewares:
|
middlewares:
|
||||||
- default-chain@file
|
- default-chain@file
|
||||||
|
|||||||
Reference in New Issue
Block a user