2023-12-25 18:22:22 +00:00
|
|
|
# vi: ft=yaml
|
|
|
|
|
version: "3.7"
|
|
|
|
|
|
|
|
|
|
networks:
|
|
|
|
|
traefik:
|
|
|
|
|
external: true
|
|
|
|
|
|
|
|
|
|
configs:
|
|
|
|
|
services:
|
|
|
|
|
external: true
|
|
|
|
|
name: "{{ services.config_name }}"
|
|
|
|
|
|
|
|
|
|
volumes:
|
|
|
|
|
acme:
|
|
|
|
|
driver_opts:
|
|
|
|
|
type: "nfs"
|
2024-01-01 12:16:11 +00:00
|
|
|
o: "addr=lewis.dmz,nolock,soft,rw"
|
|
|
|
|
device: ":/mnt/data/nfs/traefik/acme"
|
2023-12-25 18:22:22 +00:00
|
|
|
|
|
|
|
|
services:
|
|
|
|
|
traefik:
|
|
|
|
|
image: traefik:3.0.0-beta2
|
|
|
|
|
networks:
|
|
|
|
|
- traefik
|
|
|
|
|
ports:
|
|
|
|
|
- mode: host
|
|
|
|
|
protocol: tcp
|
|
|
|
|
published: 443
|
|
|
|
|
target: 443
|
|
|
|
|
- mode: host
|
|
|
|
|
protocol: tcp
|
|
|
|
|
published: 80
|
|
|
|
|
target: 80
|
|
|
|
|
- mode: host
|
|
|
|
|
protocol: tcp
|
|
|
|
|
published: 444
|
|
|
|
|
target: 444
|
|
|
|
|
deploy:
|
|
|
|
|
placement:
|
|
|
|
|
constraints:
|
|
|
|
|
- node.role == manager
|
|
|
|
|
labels:
|
|
|
|
|
- traefik.enable=true
|
|
|
|
|
- traefik.http.routers.dashboard.entrypoints=localsecure
|
|
|
|
|
- traefik.http.routers.dashboard.rule=Host(`traefik.kun.is`)
|
|
|
|
|
- traefik.http.routers.dashboard.service=api@internal
|
|
|
|
|
- traefik.http.services.dashboard.loadbalancer.server.port=8080
|
|
|
|
|
- traefik.http.routers.dashboard.tls=true
|
|
|
|
|
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
|
|
|
|
|
- traefik.docker.network=traefik
|
|
|
|
|
|
|
|
|
|
- traefik.http.routers.esrom.entrypoints=websecure
|
|
|
|
|
- traefik.http.routers.esrom.service=esrom@file
|
2024-01-17 18:47:22 +00:00
|
|
|
- traefik.http.routers.esrom.rule=Host(`esrom.kun.is`)
|
2023-12-25 18:22:22 +00:00
|
|
|
- traefik.http.routers.esrom.tls=true
|
|
|
|
|
- traefik.http.routers.esrom.tls.certresolver=letsencrypt
|
2024-03-21 22:21:25 +00:00
|
|
|
|
2024-03-23 11:48:30 +00:00
|
|
|
- traefik.http.routers.cyberchef.entrypoints=websecure
|
|
|
|
|
- traefik.http.routers.cyberchef.service=k3s@file
|
|
|
|
|
- traefik.http.routers.cyberchef.rule=Host(`cyberchef.kun.is`)
|
|
|
|
|
- traefik.http.routers.cyberchef.tls=true
|
|
|
|
|
- traefik.http.routers.cyberchef.tls.certresolver=letsencrypt
|
2024-03-23 00:14:45 +00:00
|
|
|
|
2024-03-27 20:20:22 +00:00
|
|
|
- traefik.http.routers.freshrss.entrypoints=websecure
|
|
|
|
|
- traefik.http.routers.freshrss.service=k3s@file
|
|
|
|
|
- traefik.http.routers.freshrss.rule=Host(`rss.kun.is`)
|
|
|
|
|
- traefik.http.routers.freshrss.tls=true
|
|
|
|
|
- traefik.http.routers.freshrss.tls.certresolver=letsencrypt
|
2024-03-28 19:27:36 +00:00
|
|
|
|
|
|
|
|
- traefik.http.routers.inbucket.entrypoints=localsecure
|
|
|
|
|
- traefik.http.routers.inbucket.service=k3s@file
|
|
|
|
|
- traefik.http.routers.inbucket.rule=Host(`inbucket.kun.is`)
|
|
|
|
|
- traefik.http.routers.inbucket.tls=true
|
|
|
|
|
- traefik.http.routers.inbucket.tls.certresolver=letsencrypt
|
2024-03-28 20:10:15 +00:00
|
|
|
|
|
|
|
|
- traefik.http.routers.radicale.entrypoints=websecure
|
|
|
|
|
- traefik.http.routers.radicale.service=k3s@file
|
|
|
|
|
- traefik.http.routers.radicale.rule=Host(`dav.kun.is`)
|
|
|
|
|
- traefik.http.routers.radicale.tls=true
|
|
|
|
|
- traefik.http.routers.radicale.tls.certresolver=letsencrypt
|
2024-03-28 20:44:21 +00:00
|
|
|
|
|
|
|
|
- traefik.http.routers.syncthing.entrypoints=localsecure
|
|
|
|
|
- traefik.http.routers.syncthing.service=k3s@file
|
|
|
|
|
- traefik.http.routers.syncthing.rule=Host(`sync.kun.is`)
|
|
|
|
|
- traefik.http.routers.syncthing.tls=true
|
|
|
|
|
- traefik.http.routers.syncthing.tls.certresolver=letsencrypt
|
2024-03-28 22:05:05 +00:00
|
|
|
|
|
|
|
|
- traefik.http.routers.pihole.entrypoints=localsecure
|
|
|
|
|
- traefik.http.routers.pihole.service=k3s@file
|
|
|
|
|
- traefik.http.routers.pihole.rule=Host(`pihole.kun.is`)
|
|
|
|
|
- traefik.http.routers.pihole.tls=true
|
|
|
|
|
- traefik.http.routers.pihole.tls.certresolver=letsencrypt
|
2024-03-29 09:24:54 +00:00
|
|
|
|
|
|
|
|
- traefik.http.routers.hedgedoc.entrypoints=websecure
|
|
|
|
|
- traefik.http.routers.hedgedoc.service=k3s@file
|
|
|
|
|
- traefik.http.routers.hedgedoc.rule=Host(`md.kun.is`)
|
|
|
|
|
- traefik.http.routers.hedgedoc.tls=true
|
|
|
|
|
- traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt
|
2024-03-29 11:04:16 +00:00
|
|
|
|
|
|
|
|
- traefik.http.routers.nextcloud.entrypoints=websecure
|
|
|
|
|
- traefik.http.routers.nextcloud.service=k3s@file
|
|
|
|
|
- traefik.http.routers.nextcloud.rule=Host(`cloud.kun.is`)
|
|
|
|
|
- traefik.http.routers.nextcloud.tls=true
|
|
|
|
|
- traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
|
2024-03-29 12:50:51 +00:00
|
|
|
|
|
|
|
|
- traefik.http.routers.paperless-ngx.entrypoints=websecure
|
|
|
|
|
- traefik.http.routers.paperless-ngx.service=k3s@file
|
|
|
|
|
- traefik.http.routers.paperless-ngx.rule=Host(`paperless.kun.is`)
|
|
|
|
|
- traefik.http.routers.paperless-ngx.tls=true
|
|
|
|
|
- traefik.http.routers.paperless-ngx.tls.certresolver=letsencrypt
|
2023-12-25 18:22:22 +00:00
|
|
|
volumes:
|
|
|
|
|
- type: bind
|
|
|
|
|
source: /var/run/docker.sock
|
|
|
|
|
target: /var/run/docker.sock
|
|
|
|
|
- type: volume
|
|
|
|
|
source: acme
|
|
|
|
|
target: /acme
|
|
|
|
|
volume:
|
|
|
|
|
nocopy: true
|
|
|
|
|
configs:
|
|
|
|
|
- source: services
|
|
|
|
|
target: /etc/traefik/services.yml
|
|
|
|
|
command:
|
|
|
|
|
- --providers.docker
|
|
|
|
|
- --providers.docker.swarmmode
|
|
|
|
|
- --providers.docker.watch
|
|
|
|
|
- --providers.docker.exposedbydefault=false
|
|
|
|
|
|
|
|
|
|
- --providers.file.filename=/etc/traefik/services.yml
|
|
|
|
|
|
|
|
|
|
- --api
|
|
|
|
|
- --api.insecure=false
|
|
|
|
|
- --api.dashboard=true
|
|
|
|
|
|
|
|
|
|
- --entrypoints.web.address=:80
|
|
|
|
|
- --entrypoints.web.http.redirections.entrypoint=true
|
|
|
|
|
- --entrypoints.web.http.redirections.entrypoint.to=websecure
|
|
|
|
|
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
|
|
|
|
- --entrypoints.web.http.redirections.entrypoint.permanent=true
|
|
|
|
|
|
|
|
|
|
- --entrypoints.websecure.address=:443
|
|
|
|
|
|
|
|
|
|
- --entrypoints.localsecure.address=:444
|
|
|
|
|
|
|
|
|
|
- --certificatesresolvers.letsencrypt.acme=true
|
|
|
|
|
- --certificatesresolvers.letsencrypt.acme.email=pim@kunis.nl
|
|
|
|
|
- --certificatesresolvers.letsencrypt.acme.storage=/acme/acme.json
|
|
|
|
|
- --certificatesresolvers.letsencrypt.acme.httpchallenge=true
|
|
|
|
|
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
|
|
|
|
|
|
|
|
|
|
- --serversTransport.insecureSkipVerify=true
|
|
|
|
|
|
|
|
|
|
- --accesslog=true
|
|
|
|
|
- --accesslog.fields.defaultmode=keep
|
|
|
|
|
- --accesslog.fields.names.ClientUsername=drop
|
|
|
|
|
- --accesslog.fields.headers.defaultmode=keep
|
|
|
|
|
- --accesslog.fields.headers.names.User-Agent=keep
|
|
|
|
|
- --accesslog.fields.headers.names.Authorization=drop
|
|
|
|
|
- --accesslog.fields.headers.names.Content-Type=keep
|
