http: #region routers routers: pve01: entryPoints: - "http" - "https" rule: "Host(`pve01.office.kh3group.com`)" middlewares: - default-headers tls: {} service: pve01 pve02: entryPoints: - "https" rule: "Host(`pve02.office.kh3group.com`)" middlewares: - default-headers tls: {} service: pve02 pve03: entryPoints: - "https" rule: "Host(`pve03.office.kh3group.com`)" middlewares: - default-headers tls: {} service: pve03 pihole: entryPoints: - "https" rule: "Host(`dns.office.kh3group.com`) || Host(`dns.kh3group.com`) " middlewares: - default-headers - addprefix-pihole tls: {} service: pihole pfsense: entryPoints: - "https" rule: "Host(`firewall.office.kh3group.com`)" middlewares: - default-headers tls: {} service: pfsense mysite: entryPoints: - "https" rule: "Host(`my.office.kh3group.com`)" middlewares: - default-headers tls: {} service: mysite portal: entryPoints: - "https" rule: "Host(`portal.office.kh3group.com`)" middlewares: - default-headers tls: {} service: portal printer: entryPoints: - "https" rule: "Host(`printer.office.kh3group.com`)" middlewares: - default-headers # - prefix-printer tls: {} service: printer #endregion #region services services: pve01: loadBalancer: servers: - url: "https://192.168.2.3:8006" passHostHeader: true pve02: loadBalancer: servers: - url: "https://192.168.2.10:8006" passHostHeader: true pve03: loadBalancer: servers: - url: "https://192.168.100.60:8006" passHostHeader: true pihole: loadBalancer: servers: - url: "http://192.168.2.2:80" passHostHeader: true pfsense: loadBalancer: servers: - url: "https://192.168.100.1:443" passHostHeader: true mysite: loadBalancer: serversTransport: sptransport servers: - url: "http://192.168.2.34:80" passHostHeader: true portal: loadBalancer: serversTransport: sptransport servers: - url: "http://192.168.2.33:80" passHostHeader: true printer: loadBalancer: servers: - url: "https://192.168.100.100" passHostHeader: true #endregion serversTransports: sptransport: disableHTTP2: true middlewares: addprefix-pihole: addPrefix: prefix: "/admin" https-redirect: redirectScheme: scheme: https prefix-printer: addPrefix: prefix: "/main" default-headers: headers: frameDeny: true sslRedirect: true browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 15552000 customFrameOptionsValue: SAMEORIGIN customRequestHeaders: X-Forwarded-Proto: https idrac: headers: frameDeny: true sslRedirect: true browserXssFilter: true forceSTSHeader: true stsIncludeSubdomains: true stsSeconds: 15552000 customFrameOptionsValue: SAMEORIGIN customRequestHeaders: X-Forwarded-Proto: https default-whitelist: ipWhiteList: sourceRange: - "10.0.0.0/8" - "192.168.100.0/24" - "172.16.16.0/32" secured: chain: middlewares: - default-whitelist - default-headers crowdsec-bouncer: forwardauth: address: http://bouncer-traefik:8080/api/v1/forwardAuth trustForwardHeader: true #tcp: # routers: # mysites: # rule: "HostSNI(`my.office.kh3group.com`)" # tls: {} # service: mysites # services: # mysites: # loadBalancer: # servers: # - address: "192.168.2.34:80"