Add traefik config

2025-07-25 17:16:29 +05:30
parent c899a41917
commit 188c679de2
2 changed files with 104 additions and 0 deletions
--- a/traefik/config.yml
+++ b/traefik/config.yml
@@ -0,0 +1,51 @@
+http:
+ #region routers 
+  routers:
+    example:
+      entryPoints:
+        - "websecure"
+      rule: "Host(`example.local.domain.name`)"
+      middlewares:
+        - default-headers
+        - https-redirectscheme
+      tls: {}
+      service: example
+#endregion
+
+#region services
+  services:
+    example:
+      loadBalancer:
+        servers:
+          - url: "http://ip:port/"
+        passHostHeader: true
+#endregion
+
+  middlewares:
+    https-redirectscheme:
+      redirectScheme:
+        scheme: https
+        permanent: true
+    default-headers:
+      headers:
+        frameDeny: true
+        browserXssFilter: true
+        contentTypeNosniff: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 15552000
+        customFrameOptionsValue: SAMEORIGIN
+        customRequestHeaders:
+          X-Forwarded-Proto: https
+
+    default-whitelist:
+      ipAllowList:
+        sourceRange:
+        - "local ip subnet"
+
+    secured:
+      chain:
+        middlewares:
+        - default-whitelist
+        - default-headers
--- a/traefik/traefik.yml
+++ b/traefik/traefik.yml
@@ -0,0 +1,53 @@
+api:
+  dashboard: true
+  debug: true
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        certResolver: letsencrypt
+        domains:
+          - main: domain.name
+            sans:
+              - '*.domain.name'
+              - '*.local.domain.name'
+serversTransport:
+  insecureSkipVerify: true
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+  file:
+    filename: /config.yml
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: email@domain.name
+      storage: acme.json
+      caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
+      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
+      dnsChallenge:
+        provider: cloudflare
+        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
+        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
+        resolvers:
+          - "1.1.1.1:53"
+          - "1.0.0.1:53"
+log:
+  level: "INFO"
+  filePath: "/var/log/traefik/traefik.log"
+  maxSize: 10
+  maxBackups: 5
+accessLog:
+  filePath: "/var/log/traefik/access.log"
+  fields:
+    names:
+      StartUTC: drop