lost/hq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fdb2ba0d4727b6d0ba999da33cfbabeca2c2514f
hq/traefik/etc/dynamic.yml
rskntroot fdb2ba0d47 enable ghost, enable paste, add stage k3s env
2025-06-15 23:31:21 +00:00

200 lines
4.6 KiB
YAML
Raw Blame History

defaultTLS: &defaultTLS
minVersion: VersionTLS13
cipherSuites:
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_FALLBACK_SCSV
tls:
options:
external:
<<: *defaultTLS
internal:
clientAuth:
caFiles:
- /etc/traefik/com.rskio.ca.crt
clientAuthType: RequireAndVerifyClientCert
<<: *defaultTLS
http:
routers:
stream:
rule: Host(`stream.rskio.com`)
service: stream@file
entryPoints:
- websecure
tls:
options: external@file
certResolver: rskio_certresolver
# storage:
# rule: Host(`storage.rskio.com`)
# service: storage@file
# entryPoints:
# - websecure
# tls:
# options: internal@file
# certResolver: rskio_certresolver
#
# metrics:
# rule: Host(`metrics.rskio.com`)
# service: metrics@file
# entryPoints:
# - websecure
# tls:
# options: internal@file
# certResolver: rskio_certresolver
#
stage-docs:
rule: Host(`docs.stage.rskio.com`)
service: stage@file
entryPoints:
- websecure
tls:
options: internal@file
certResolver: rskio_certresolver
stage-dashboard:
rule: Host(`lb.stage.rskio.com`)
service: stage@file
entryPoints:
- websecure
middlewares:
- redirect-dashboard
tls:
options: internal@file
certResolver: rskio_certresolver
pihole:
rule: Host(`dns.rskio.com`)
service: pihole@file
entryPoints:
- websecure
middlewares:
- redirect-pihole
tls:
options: internal@file
certResolver: rskio_certresolver
# ghost:
# rule: Host(`blog.rskio.com`)
# service: ghost@file
# entryPoints:
# - websecure
# middlewares:
# - secureHeaders
# tls:
# options: external@file
# certResolver: rskio_certresolver
network:
rule: Host(`network.rskio.com`)
service: network@file
entryPoints:
- websecure
middlewares:
- secureHeaders
tls:
options: internal@file
certResolver: rskio_certresolver
core01kvm:
rule: Host(`core01.rskio.com`)
service: core01kvm@file
entrypoints:
- websecure
middlewares:
- secureHeaders
tls:
options: internal@file
certResolver: rskio_certresolver
traefik-dashboard:
rule: Host(`oxy.rskio.com`)
service: api@internal
entryPoints:
- websecure
middlewares:
- redirect-dashboard
tls:
options: internal@file
certResolver: rskio_certresolver
serversTransports:
backendIgnoreTLS:
insecureSkipVerify: true
services:
stream:
loadBalancer:
servers:
- url: "http://192.168.1.179:8096"
# storage:
# loadBalancer:
# servers:
# - url: "https://192.168.1.230:8443"
# serversTransport: backendIgnoreTLS
#
# metrics:
# loadBalancer:
# servers:
# - url: "https://192.168.1.230:3000"
# serversTransport: backendIgnoreTLS
stage:
loadBalancer:
servers:
- url: "https://192.168.1.25"
serversTransport: backendIgnoreTLS
pihole:
loadBalancer:
servers:
- url: "http://192.168.1.152:8001"
# ghost:
# loadBalancer:
# servers:
# - url: "http://192.168.1.152:2368"
network:
loadBalancer:
servers:
- url: "https://192.168.1.254"
serversTransport: backendIgnoreTLS
core01kvm:
loadBalancer:
servers:
- url: "http://192.168.1.202"
middlewares:
redirect-dashboard:
redirectRegex:
regex: "^https?://([^/]+)/?$"
replacement: "https://${1}/dashboard/"
permanent: true
redirect-pihole:
redirectRegex:
regex: "^https?://([^/]+)/?$"
replacement: "https://${1}/admin/"
permanent: true
secureHeaders:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
frameDeny: true
referrerPolicy: "same-origin"
sslRedirect: true
stsSeconds: 31536000
Reference in New Issue View Git Blame Copy Permalink