init commit
This commit is contained in:
rskntroot
35
traefik/etc/com.rskio.ca.crt
Normal file
35
traefik/etc/com.rskio.ca.crt
Normal file
@@ -0,0 +1,35 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF/zCCA+egAwIBAgIUUiRAdfNY8+cPZkIoKgYmCaHwb6wwDQYJKoZIhvcNAQEL
|
||||
BQAwgY0xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwG
|
||||
RGVudmVyMRIwEAYDVQQKDAlSc2tpbyBMdGQxFDASBgNVBAsMC0RldmVsb3BtZW50
|
||||
MREwDwYDVQQDDAhyc2tpby1jYTEdMBsGCSqGSIb3DQEJARYObG9zdEByc2tpby5j
|
||||
b20wIBcNMjUwMzA0MDc0NDQwWhgPMjA1MjA3MjAwNzQ0NDBaMIGNMQswCQYDVQQG
|
||||
EwJVUzERMA8GA1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkRlbnZlcjESMBAGA1UE
|
||||
CgwJUnNraW8gTHRkMRQwEgYDVQQLDAtEZXZlbG9wbWVudDERMA8GA1UEAwwIcnNr
|
||||
aW8tY2ExHTAbBgkqhkiG9w0BCQEWDmxvc3RAcnNraW8uY29tMIICIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAg8AMIICCgKCAgEArCrI30KsrX1fywvJt3klEZXmOZaFFIl+p86c
|
||||
DC80HpBQ4YRlkWrXYor5jVPNNZMSAx9Vcu8DVqRjysHtRpajgQtNdWrpmbqH/F1r
|
||||
gcdHciedTJqxnE3JAA95hVJYewWsvInUzcgmsvYehEUGnYvFeN+rxfDBMiUDFcav
|
||||
r+FyNk51PTUb+zRdGwwrLvBN86Kc8oyjK7T8q8c10BHD0ESDOY4SeRU0ap0VpsVN
|
||||
EaGfuO5+eHqUMXj5OvoI8mzjPVZ/ELLDlFRxQVZAzcLRAXIHzIXlt2ROl5dypXyE
|
||||
l++0kVZBBk0qVLk95r8w+sYzaMH5zPUp4UFQjLFSSgyCpWpzwWrbyOdvDzcVJ3As
|
||||
8A/8lqSThbCIbHLXllqQO0Oi3oSZQm/Crn3aQw5kOUwYEyJvnlSXXMcvkHVQgLv/
|
||||
Uhl0OlQfSjwIEzL0Ezti/9kmAVHUvxBbEWu2zq5g8/3zzaVU6FX9EdPNsVTTk9Qw
|
||||
RxslLWWtUtlkhtOjD6EoruboFDxlTC7sfTrWsUF9+5O11xbowmvHPycs2QE8fn13
|
||||
paYmMLMq4XNtjErKKlYUh12/Ysca91FwUX6+JQtygzrwf0kX1ZY5oW+QpjnRAL+q
|
||||
+7JD+uP14VrsJTN781e615icI0RcMvpyfnf2za6TZR8U0bov224M+kdgaAKae2jb
|
||||
h/cjLVsCAwEAAaNTMFEwHQYDVR0OBBYEFL5x8cKfmeYPZ/bcm4p6xfCWwwVHMB8G
|
||||
A1UdIwQYMBaAFL5x8cKfmeYPZ/bcm4p6xfCWwwVHMA8GA1UdEwEB/wQFMAMBAf8w
|
||||
DQYJKoZIhvcNAQELBQADggIBAATyoT95B5MiXmbt6PW00Gkn16RBLORTFJ6CrRB8
|
||||
J03bSYUk8H4xyT9C4jvi+HDQD66zPaMmMwoy5sSx0XUdNa+wZNTztUaKiDa9XPyU
|
||||
osztloZgH6heheyls4TCexHDmVjwPndYXLDg9X8gUIdw2hFYcjrtyRFeUuDIvQ8b
|
||||
XVrTAZ3iaPWsPYEV+PvY3EaSbTLJWmTEIbYEbx3XGIkSSsYTEqJqWaMkxlHxTJK+
|
||||
mruk7mqGeCNgyrbX7jvyxqF+U0lWG2dgw+2z70+c4uOfA3hVAcZDQAXHT1DOdDde
|
||||
WnZ1g0WH/VktF61ldd7F34ljBfVsGTvfem/gwHdjplf8eavw6L8f4bV1UbM3j7TM
|
||||
rtaNN4+Gb+1gmBMzkHpQFMF1jQifrDEhytnpRd6CP0rtzYjg6IwcRdeTTQtsI1y9
|
||||
hiEP+FRsZbj2QV7wNMfmCQG8/QAsrAVaAho6MmTlPoZaIXdiVBJPALBkfJUIUII4
|
||||
OqgAWF4uAqxQx1iUOkeq/+RQtUCMQol0k20UBA4rGQbw7WjCYhJq1DdCsYsCka6N
|
||||
rUfTI5tZSM9bUNbCabsn56OWERx0KRjY4hTZqrlbjOpnAuOF0qqUcxLhgwgtLbWz
|
||||
5eJz/ulkMtv/1woK0EqPHiDl4DqX1PIGNQFxTFJqvOC7a4Emokij6VOiz96H7mqK
|
||||
Oxh9
|
||||
-----END CERTIFICATE-----
|
||||
56
traefik/etc/dynamic.yml
Normal file
56
traefik/etc/dynamic.yml
Normal file
@@ -0,0 +1,56 @@
|
||||
tls:
|
||||
options:
|
||||
docs:
|
||||
minVersion: VersionTLS13
|
||||
cipherSuites:
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_CHACHA20_POLY1305_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_FALLBACK_SCSV
|
||||
dashboard:
|
||||
minVersion: VersionTLS13
|
||||
cipherSuites:
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_CHACHA20_POLY1305_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_FALLBACK_SCSV
|
||||
clientAuth:
|
||||
caFiles:
|
||||
- /etc/traefik/com.rskio.ca.crt
|
||||
clientAuthType: RequireAndVerifyClientCert
|
||||
|
||||
http:
|
||||
routers:
|
||||
traefik-dashboard:
|
||||
rule: "Host(`oxy.rskio.com`)"
|
||||
service: "api@internal"
|
||||
entryPoints:
|
||||
- "websecure"
|
||||
middlewares:
|
||||
- "redirect-dashboard"
|
||||
tls:
|
||||
options: dashboard@file
|
||||
certResolver: rskio_certresolver
|
||||
middlewares:
|
||||
redirect-dashboard:
|
||||
redirectRegex:
|
||||
regex: "^https?://([^/]+)/?$"
|
||||
replacement: "https://${1}/dashboard/"
|
||||
permanent: true
|
||||
secureHeaders:
|
||||
headers:
|
||||
browserXssFilter: true
|
||||
contentTypeNosniff: true
|
||||
forceSTSHeader: true
|
||||
frameDeny: true
|
||||
referrerPolicy: "same-origin"
|
||||
sslRedirect: true
|
||||
stsSeconds: 31536000
|
||||
44
traefik/etc/traefik.yml
Normal file
44
traefik/etc/traefik.yml
Normal file
@@ -0,0 +1,44 @@
|
||||
global:
|
||||
checkNewVersion: false
|
||||
sendAnonymousUsage: false
|
||||
|
||||
entryPoints:
|
||||
web:
|
||||
address: :80
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: websecure
|
||||
priority: 10
|
||||
websecure:
|
||||
address: :443
|
||||
http3:
|
||||
advertisedPort: 443
|
||||
|
||||
certificatesResolvers:
|
||||
rskio_certresolver:
|
||||
acme:
|
||||
tlsChallenge: {}
|
||||
email: rskntroot@gmail.com
|
||||
storage: /letsencrypt/acme.json
|
||||
|
||||
log:
|
||||
level: INFO
|
||||
format: json
|
||||
filePath: /var/log/traefik/traefik.log
|
||||
|
||||
accessLog:
|
||||
format: json
|
||||
filePath: /var/log/traefik/access.log
|
||||
|
||||
api:
|
||||
dashboard: true
|
||||
|
||||
providers:
|
||||
docker:
|
||||
endpoint: unix:///var/run/docker.sock
|
||||
network: hq_default
|
||||
exposedByDefault: false
|
||||
file:
|
||||
filename: /etc/traefik/dynamic.yml
|
||||
watch: true
|
||||
Reference in New Issue
Block a user