# # # @module: Traefik # @type: Traefik static file # @desc: traefik must be restarted with any values of this file are changed. # # # # # Global # # global: checkNewVersion: false sendAnonymousUsage: false # # # Logs # # filePath must match volume mounted in docker-compose.yml # # log: level: DEBUG format: "common" # # # Access Logs # # filePath must match volume mounted in docker-compose.yml # # accessLog: filePath: "/var/log/traefik/access.log" # # # Api # # api: dashboard: true insecure: true debug: true # # # Ping # # ping: entryPoint: "ping" # # # Entry Points # # entryPoints: # # # Port > Ping # # ping: address: :8082 # # # Port > Traefik Dashboard # # traefik: address: :8080 # # # Port > HTTP # # *trustedIps : List of Cloudflare Trusted IP's above for HTTPS requests # # http: address: :80 forwardedHeaders: trustedIPs: &trustedIps # Cloudlare Public IP List > Start > for HTTP requests, remove this if you don't use it; https://cloudflare.com/de-de/ips/ - 103.21.244.0/22 - 103.22.200.0/22 - 103.31.4.0/22 - 104.16.0.0/13 - 104.24.0.0/14 - 108.162.192.0/18 - 131.0.72.0/22 - 141.101.64.0/18 - 162.158.0.0/15 - 172.64.0.0/13 - 173.245.48.0/20 - 188.114.96.0/20 - 190.93.240.0/20 - 197.234.240.0/22 - 198.41.128.0/17 - 2400:cb00::/32 - 2606:4700::/32 - 2803:f800::/32 - 2405:b500::/32 - 2405:8100::/32 - 2a06:98c0::/29 - 2c0f:f248::/32 http: redirections: entryPoint: to: https scheme: https # # # Port > HTTPS # # *trustedIps : List of Cloudflare Trusted IP's above for HTTPS requests # http->tls : Generate wildcard domain certificate # # https: address: :443 http3: {} forwardedHeaders: trustedIPs: *trustedIps # # # Server Transport # # serversTransport: insecureSkipVerify: true # # # Providers # # file: # filename: must match volume mounted in docker-compose.yml # # docker: # exposedByDefault = true # all docker-compose.yml files will automatically create a new traefik provider. # # this means if you are using file provider in dynamic file, each container # will show up twice. x1 @docker and x1 @file # # if exposedByDefault = false, you must manually add `trafik.enable=true` to each container in the docker-compose.yml # # providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false network: traefik watch: true file: filename: "/etc/traefik/dynamic.yml" watch: true # # # Metrics # # metrics: prometheus: addServicesLabels: true buckets: - 0.1 - 0.3 - 1.2 - 5.0 # # # Plugins # # experimental: plugins: traefik-api-token-middleware: moduleName: "github.com/Aetherinox/traefik-api-token-middleware" version: "v0.1.2" traefik-whois-middleware: moduleName: "github.com/Aetherinox/traefik-whois-middleware" version: "v0.1.0" traefik-get-real-ip: moduleName: "github.com/Paxxs/traefik-get-real-ip" version: "v1.0.3" # # # Certificate Resolvers # # httpChallenge port 80 # the challenge consist to expose a token on an HTTP endpoint. # # tlsChallenge port 443 # the challenge consist to expose a temporary certificates on an HTTPS endpoint. # # dnsChallenge the challenge consist to expose a TXT record on a DNS. # DNS challenge is the only challenge that allows to get a wildcard certificate (ex: *.example.com) but it's the slowest. # # storage this is the path within the container, NOT the host path. # # certificatesResolvers: cloudflare: acme: email: user@email.com storage: /cloudflare/acme.json keyType: EC256 preferredChain: 'ISRG Root X1' dnsChallenge: provider: cloudflare delayBeforeCheck: 5 resolvers: - "1.1.1.1:53" - "1.0.0.1:53"