174 lines
4.0 KiB
YAML
174 lines
4.0 KiB
YAML
defaultTLS: &defaultTLS
|
|
minVersion: VersionTLS13
|
|
cipherSuites:
|
|
- TLS_AES_256_GCM_SHA384
|
|
- TLS_AES_128_GCM_SHA256
|
|
- TLS_CHACHA20_POLY1305_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
|
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
|
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
|
- TLS_FALLBACK_SCSV
|
|
|
|
tls:
|
|
options:
|
|
external:
|
|
<<: *defaultTLS
|
|
|
|
internal:
|
|
clientAuth:
|
|
caFiles:
|
|
- /etc/traefik/com.rskio.ca.crt
|
|
clientAuthType: RequireAndVerifyClientCert
|
|
<<: *defaultTLS
|
|
|
|
http:
|
|
routers:
|
|
stream:
|
|
rule: Host(`stream.rskio.com`)
|
|
service: stream@file
|
|
entryPoints:
|
|
- websecure
|
|
tls:
|
|
options: external@file
|
|
certResolver: rskio_certresolver
|
|
|
|
# storage:
|
|
# rule: Host(`storage.rskio.com`)
|
|
# service: storage@file
|
|
# entryPoints:
|
|
# - websecure
|
|
# tls:
|
|
# options: internal@file
|
|
# certResolver: rskio_certresolver
|
|
#
|
|
# metrics:
|
|
# rule: Host(`metrics.rskio.com`)
|
|
# service: metrics@file
|
|
# entryPoints:
|
|
# - websecure
|
|
# tls:
|
|
# options: internal@file
|
|
# certResolver: rskio_certresolver
|
|
|
|
pihole:
|
|
rule: Host(`dns.rskio.com`)
|
|
service: pihole@file
|
|
entryPoints:
|
|
- websecure
|
|
middlewares:
|
|
- redirect-pihole
|
|
tls:
|
|
options: internal@file
|
|
certResolver: rskio_certresolver
|
|
|
|
# ghost:
|
|
# rule: Host(`blog.rskio.com`)
|
|
# service: ghost@file
|
|
# entryPoints:
|
|
# - websecure
|
|
# middlewares:
|
|
# - secureHeaders
|
|
# tls:
|
|
# options: external@file
|
|
# certResolver: rskio_certresolver
|
|
|
|
network:
|
|
rule: Host(`network.rskio.com`)
|
|
service: network@file
|
|
entryPoints:
|
|
- websecure
|
|
middlewares:
|
|
- secureHeaders
|
|
tls:
|
|
options: internal@file
|
|
certResolver: rskio_certresolver
|
|
|
|
core01kvm:
|
|
rule: Host(`core01.rskio.com`)
|
|
service: core01kvm@file
|
|
entrypoints:
|
|
- websecure
|
|
middlewares:
|
|
- secureHeaders
|
|
tls:
|
|
options: internal@file
|
|
certResolver: rskio_certresolver
|
|
|
|
traefik-dashboard:
|
|
rule: Host(`oxy.rskio.com`)
|
|
service: api@internal
|
|
entryPoints:
|
|
- websecure
|
|
middlewares:
|
|
- redirect-dashboard
|
|
tls:
|
|
options: internal@file
|
|
certResolver: rskio_certresolver
|
|
|
|
serversTransports:
|
|
backendIgnoreTLS:
|
|
insecureSkipVerify: true
|
|
|
|
services:
|
|
stream:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://192.168.1.179:8096"
|
|
|
|
# storage:
|
|
# loadBalancer:
|
|
# servers:
|
|
# - url: "https://192.168.1.230:8443"
|
|
# serversTransport: backendIgnoreTLS
|
|
#
|
|
# metrics:
|
|
# loadBalancer:
|
|
# servers:
|
|
# - url: "https://192.168.1.230:3000"
|
|
# serversTransport: backendIgnoreTLS
|
|
|
|
pihole:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://192.168.1.152:8001"
|
|
|
|
# ghost:
|
|
# loadBalancer:
|
|
# servers:
|
|
# - url: "http://192.168.1.152:2368"
|
|
|
|
network:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "https://192.168.1.254"
|
|
serversTransport: backendIgnoreTLS
|
|
|
|
core01kvm:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://192.168.1.202"
|
|
|
|
middlewares:
|
|
redirect-dashboard:
|
|
redirectRegex:
|
|
regex: "^https?://([^/]+)/?$"
|
|
replacement: "https://${1}/dashboard/"
|
|
permanent: true
|
|
|
|
redirect-pihole:
|
|
redirectRegex:
|
|
regex: "^https?://([^/]+)/?$"
|
|
replacement: "https://${1}/admin/"
|
|
permanent: true
|
|
|
|
secureHeaders:
|
|
headers:
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
forceSTSHeader: true
|
|
frameDeny: true
|
|
referrerPolicy: "same-origin"
|
|
sslRedirect: true
|
|
stsSeconds: 31536000
|