config-scripts/traefik/data/config.yml

186 lines
4.1 KiB
YAML

http:
#region routers
routers:
pve01:
entryPoints:
- "http"
- "https"
rule: "Host(`pve01.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: pve01
pve02:
entryPoints:
- "https"
rule: "Host(`pve02.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: pve02
pve03:
entryPoints:
- "https"
rule: "Host(`pve03.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: pve03
pihole:
entryPoints:
- "https"
rule: "Host(`dns.office.kh3group.com`) || Host(`dns.kh3group.com`) "
middlewares:
- default-headers
- addprefix-pihole
tls: {}
service: pihole
pfsense:
entryPoints:
- "https"
rule: "Host(`firewall.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: pfsense
mysite:
entryPoints:
- "https"
rule: "Host(`my.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: mysite
portal:
entryPoints:
- "https"
rule: "Host(`portal.office.kh3group.com`)"
middlewares:
- default-headers
tls: {}
service: portal
printer:
entryPoints:
- "https"
rule: "Host(`printer.office.kh3group.com`)"
middlewares:
- default-headers
# - prefix-printer
tls: {}
service: printer
#endregion
#region services
services:
pve01:
loadBalancer:
servers:
- url: "https://192.168.2.3:8006"
passHostHeader: true
pve02:
loadBalancer:
servers:
- url: "https://192.168.2.10:8006"
passHostHeader: true
pve03:
loadBalancer:
servers:
- url: "https://192.168.100.60:8006"
passHostHeader: true
pihole:
loadBalancer:
servers:
- url: "http://192.168.2.2:80"
passHostHeader: true
pfsense:
loadBalancer:
servers:
- url: "https://192.168.100.1:443"
passHostHeader: true
mysite:
loadBalancer:
serversTransport: sptransport
servers:
- url: "http://192.168.2.34:80"
passHostHeader: true
portal:
loadBalancer:
serversTransport: sptransport
servers:
- url: "http://192.168.2.33:80"
passHostHeader: true
printer:
loadBalancer:
servers:
- url: "https://192.168.100.100"
passHostHeader: true
#endregion
serversTransports:
sptransport:
disableHTTP2: true
middlewares:
addprefix-pihole:
addPrefix:
prefix: "/admin"
https-redirect:
redirectScheme:
scheme: https
prefix-printer:
addPrefix:
prefix: "/main"
default-headers:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
idrac:
headers:
frameDeny: true
sslRedirect: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipWhiteList:
sourceRange:
- "10.0.0.0/8"
- "192.168.100.0/24"
- "172.16.16.0/32"
secured:
chain:
middlewares:
- default-whitelist
- default-headers
crowdsec-bouncer:
forwardauth:
address: http://bouncer-traefik:8080/api/v1/forwardAuth
trustForwardHeader: true
#tcp:
# routers:
# mysites:
# rule: "HostSNI(`my.office.kh3group.com`)"
# tls: {}
# service: mysites
# services:
# mysites:
# loadBalancer:
# servers:
# - address: "192.168.2.34:80"