mosskoi/MKs-Docker-Compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
MKs-Docker-Compose/tools/wireguard/traefik/dynamic.yml
mk 0fdd755e4b add: collabora to netcloud
2026-04-03 09:08:53 -03:00

107 lines
3.9 KiB
YAML
Raw Permalink Blame History

# =============================================================================
# Traefik Dynamic Configuration
# This file defines your routers, services, and middlewares.
#
# HTTP → HTTPS redirection is handled globally in traefik.yml, so each service
# only needs a single router for HTTPS.
#
# Sections marked "No changes needed" are reusable building blocks.
# Sections marked "CONFIGURE" are where you add your own services.
# =============================================================================
http:
# --- No changes needed ---------------------------------------------------
middlewares:
https-headers:
# Required for services that need to know the original protocol
# (e.g. Mastodon, Matrix/Synapse)
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
# Nextcloud headers to prevent man in the middle attacks
hsts:
headers:
stsSeconds: 15552000
stsIncludeSubdomains: true
stsPreload: true
serversTransports:
# Use this for backend containers that use self-signed TLS certs
# (e.g. Nextcloud). Reference it in a service with:
# serversTransport: insecure-transport
insecure-transport:
insecureSkipVerify: true
# -------------------------------------------------------------------------
# --- CONFIGURE -----------------------------------------------------------
routers:
# Basic service
my-service:
rule: "Host(`service.example.com`)" # <-- change domain
entryPoints:
- websecure
service: my-service
tls:
certResolver: letsencrypt
# Service that needs X-Forwarded-Proto (e.g. Mastodon, Synapse)
my-service-with-headers:
rule: "Host(`other.example.com`)" # <-- change domain
entryPoints:
- websecure
service: my-service-with-headers
middlewares:
- https-headers
- hsts
tls:
certResolver: letsencrypt
# Service with a self-signed cert on the backend (e.g. Nextcloud)
my-https-backend:
rule: "Host(`secure.example.com`)" # <-- change domain
entryPoints:
- websecure
service: my-https-backend
tls:
certResolver: letsencrypt
services:
my-service:
loadBalancer:
servers:
- url: "http://container-name:PORT" # <-- change container name and port
my-service-with-headers:
loadBalancer:
servers:
- url: "http://container-name:PORT" # <-- change container name and port
my-https-backend:
loadBalancer:
servers:
- url: "https://container-name:PORT" # <-- change container name and port
serversTransport: insecure-transport
# -------------------------------------------------------------------------
# =============================================================================
# TCP — only needed for raw TCP services (game servers, etc.)
# Remove this section entirely if you don't need it.
# =============================================================================
tcp:
# --- CONFIGURE -----------------------------------------------------------
routers:
my-tcp-service:
rule: "HostSNI(`*`)"
entryPoints:
- my-tcp-entrypoint # <-- must match an entrypoint defined in traefik.yml
service: my-tcp-service
services:
my-tcp-service:
loadBalancer:
servers:
- address: "container-name:PORT" # <-- change container name and port
# -------------------------------------------------------------------------
Reference in New Issue View Git Blame Copy Permalink