api:
  dashboard: true
  debug: true
entryPoints:
  web:
    address: ":80"
    http:
      middlewares:
        - default-whitelist@file
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"
    http:
      middlewares:
        - default-whitelist@file
      tls:
        certResolver: letsencrypt
        domains:
          - main: '*.local.domain.name'
  web-external:
    address: ":81"
    http:
      redirections:
        entryPoint:
          to: websecure-external
          scheme: https
  websecure-external:
    address: ":444"
    http:
      tls:
        certResolver: letsencrypt
        domains:
          - main: domain.name
            sans:
              - '*.domain.name'
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  letsencrypt:
    acme:
      email: email@domain.name
      storage: acme.json
      caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      dnsChallenge:
        provider: cloudflare
        #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        #delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted 
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"
log:
  level: "INFO"
  filePath: "/var/log/traefik/traefik.log"
  maxSize: 10
  maxBackups: 5
accessLog:
  filePath: "/var/log/traefik/access.log"
  fields:
    names:
      StartUTC: drop