diff --git a/traefik.yml b/traefik.yml new file mode 100644 index 0000000..eabfd94 --- /dev/null +++ b/traefik.yml @@ -0,0 +1,97 @@ +api: + dashboard: true + insecure: false + +providers: + file: + filename: /etc/traefik/traefik.yml + +certificatesResolvers: + myresolver: + acme: + email: arcodage@gmail.com + storage: acme.json + tlsChallenge: {} + +entryPoints: + web: + address: ":80" + + websecure: + address: ":443" + + gitea: + address: ":60000" + +http: + + services: + gitea: + loadBalancer: + servers: + - url: "http://gitea.home" + + routers: + acme-challenge: + rule: Host(`rg-evry.changeip.co`) && PathPrefix(`/.well-known/acme-challenge`) + service: api@internal + tls: + certResolver: myresolver + entryPoints: + - websecure + - web + + main: + rule: Host(`rg-evry.changeip.co`) && ClientIP(`90.16.102.250`) + service: gitea + tls: + certResolver: myresolver + entrypoints: + - websecure + - web + middlewares: + - localIp + - redirectToGitea + - resetPath + + + dashboard: + rule: Host(`traefik.home`) && (Path(`/`) || PathPrefix(`/api`) || PathPrefix(`/dashboard`)) + service: api@internal + middlewares: + - redirectToDashboard + + gitea: + rule: Host(`rg-evry.changeip.co`) && ClientIP(`90.16.102.250`) + service: gitea + tls: + certResolver: myresolver + entryPoints: + - gitea + middlewares: + - localIp + + middlewares: + localIp: + ipAllowList: + sourceRange: + - "192.168.1.0/24" + - "90.16.102.250/32" + redirectToDashboard: + replacePathRegex: + regex: ^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$ + replacement: ${1}/dashboard/ + + resetPath: + replacePath: + path: "/" + + redirectToGitea: + redirectScheme: + scheme: https + port: 60000 + +log: + level: TRACE + +accesslog: {} \ No newline at end of file