wip: playing with traefik

traefik.yml

@@ -0,0 +1,97 @@
+api:
+  dashboard: true
+  insecure: false
+
+providers:
+  file:
+    filename: /etc/traefik/traefik.yml
+
+certificatesResolvers:
+  myresolver:
+    acme:
+      email: arcodage@gmail.com
+      storage: acme.json
+      tlsChallenge: {}
+
+entryPoints:
+  web:
+    address: ":80"
+
+  websecure:
+    address: ":443"
+  
+  gitea:
+    address: ":60000"
+
+http:
+
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: "http://gitea.home"
+
+  routers:
+    acme-challenge:
+      rule: Host(`rg-evry.changeip.co`) && PathPrefix(`/.well-known/acme-challenge`)
+      service: api@internal
+      tls:
+        certResolver: myresolver
+      entryPoints:
+        - websecure
+        - web
+    
+    main:
+      rule: Host(`rg-evry.changeip.co`) && ClientIP(`90.16.102.250`)
+      service: gitea
+      tls:
+        certResolver: myresolver
+      entrypoints:
+        - websecure
+        - web
+      middlewares:
+        - localIp
+        - redirectToGitea
+        - resetPath
+
+
+    dashboard:
+      rule: Host(`traefik.home`) && (Path(`/`) || PathPrefix(`/api`) || PathPrefix(`/dashboard`))
+      service: api@internal
+      middlewares:
+        - redirectToDashboard
+
+    gitea:
+      rule: Host(`rg-evry.changeip.co`) && ClientIP(`90.16.102.250`)
+      service: gitea
+      tls:
+        certResolver: myresolver
+      entryPoints:
+        - gitea
+      middlewares:
+        - localIp
+
+  middlewares:
+    localIp:
+      ipAllowList:
+        sourceRange:
+          - "192.168.1.0/24"
+          - "90.16.102.250/32"
+    redirectToDashboard:
+      replacePathRegex:
+        regex: ^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$
+        replacement: ${1}/dashboard/
+    
+    resetPath:
+      replacePath:
+        path: "/"
+    
+    redirectToGitea:
+      redirectScheme:
+        scheme: https
+        port: 60000
+
+log:
+  level: TRACE
+
+accesslog: {}