Files
raspi/traefik/traefik.yml
T
git eaa27462a1 modified: docker-compose.yml
modified:   traefik/dynamic.yml
	modified:   traefik/traefik.yml
2026-04-14 11:35:05 +10:00

76 lines
1.7 KiB
YAML

api:
dashboard: true
insecure: true # keep false if exposing via router
ping: {}
log:
level: INFO
accessLog:
filePath: /logs/access.log
format: json
entryPoints:
web:
address: ":80"
forwardedHeaders:
# Trust forwarding headers only from upstream proxies/LBs under our control.
# Network assumptions for this stack:
# - 127.0.0.1/32: local host-side reverse-proxy hops
# - 192.168.2.0/24: LAN edge proxies
# - 172.21.0.0/16: pinned Docker subnet for the traefik bridge network
insecure: false
trustedIPs:
- "127.0.0.1/32"
- "192.168.0.0/24"
- "172.21.0.0/16"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
forwardedHeaders:
insecure: false
trustedIPs:
- "127.0.0.1/32"
- "192.168.0.0/24"
- "172.21.0.0/16"
http:
middlewares:
- default-chain@file
providers:
docker:
endpoint: "tcp://docker-socket-proxy:2375"
exposedByDefault: false
file:
filename: /etc/traefik/dynamic.yml
watch: true
experimental:
plugins:
crowdsec-bouncer:
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
version: v1.4.2
certificatesResolvers:
le:
acme:
email: wayne.bennett@live.com
storage: /letsencrypt/acme.json
httpChallenge:
entryPoint: web
metrics:
prometheus:
# entryPoint: metrics:9100 # optional, default is "metrics"
buckets:
- 0.1
- 0.3
- 1.2
- 5.0
addEntryPointsLabels: true # add labels for each entrypoint
addServicesLabels: true # add labels for each service