defaultTLS: &defaultTLS minVersion: VersionTLS13 cipherSuites: - TLS_AES_256_GCM_SHA384 - TLS_AES_128_GCM_SHA256 - TLS_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_FALLBACK_SCSV tls: options: external: <<: *defaultTLS internal: clientAuth: caFiles: - /etc/traefik/com.rskio.ca.crt clientAuthType: RequireAndVerifyClientCert <<: *defaultTLS http: routers: stream: rule: Host(`stream.rskio.com`) service: stream@file entryPoints: - websecure tls: options: external@file certResolver: rskio_certresolver # storage: # rule: Host(`storage.rskio.com`) # service: storage@file # entryPoints: # - websecure # tls: # options: internal@file # certResolver: rskio_certresolver # # metrics: # rule: Host(`metrics.rskio.com`) # service: metrics@file # entryPoints: # - websecure # tls: # options: internal@file # certResolver: rskio_certresolver # stage-docs: rule: Host(`docs.stage.rskio.com`) service: stage@file entryPoints: - websecure tls: options: internal@file certResolver: rskio_certresolver stage-dashboard: rule: Host(`lb.stage.rskio.com`) service: stage@file entryPoints: - websecure middlewares: - redirect-dashboard tls: options: internal@file certResolver: rskio_certresolver pihole: rule: Host(`dns.rskio.com`) service: pihole@file entryPoints: - websecure middlewares: - redirect-pihole tls: options: internal@file certResolver: rskio_certresolver # ghost: # rule: Host(`blog.rskio.com`) # service: ghost@file # entryPoints: # - websecure # middlewares: # - secureHeaders # tls: # options: external@file # certResolver: rskio_certresolver network: rule: Host(`network.rskio.com`) service: network@file entryPoints: - websecure middlewares: - secureHeaders tls: options: internal@file certResolver: rskio_certresolver core01kvm: rule: Host(`core01.rskio.com`) service: core01kvm@file entrypoints: - websecure middlewares: - secureHeaders tls: options: internal@file certResolver: rskio_certresolver traefik-dashboard: rule: Host(`oxy.rskio.com`) service: api@internal entryPoints: - websecure middlewares: - redirect-dashboard tls: options: internal@file certResolver: rskio_certresolver serversTransports: backendIgnoreTLS: insecureSkipVerify: true services: stream: loadBalancer: servers: - url: "http://192.168.1.179:8096" # storage: # loadBalancer: # servers: # - url: "https://192.168.1.230:8443" # serversTransport: backendIgnoreTLS # # metrics: # loadBalancer: # servers: # - url: "https://192.168.1.230:3000" # serversTransport: backendIgnoreTLS stage: loadBalancer: servers: - url: "https://192.168.1.25" serversTransport: backendIgnoreTLS pihole: loadBalancer: servers: - url: "http://192.168.1.152:8001" # ghost: # loadBalancer: # servers: # - url: "http://192.168.1.152:2368" network: loadBalancer: servers: - url: "https://192.168.1.254" serversTransport: backendIgnoreTLS core01kvm: loadBalancer: servers: - url: "http://192.168.1.202" middlewares: redirect-dashboard: redirectRegex: regex: "^https?://([^/]+)/?$" replacement: "https://${1}/dashboard/" permanent: true redirect-pihole: redirectRegex: regex: "^https?://([^/]+)/?$" replacement: "https://${1}/admin/" permanent: true secureHeaders: headers: browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true frameDeny: true referrerPolicy: "same-origin" sslRedirect: true stsSeconds: 31536000