api:
  dashboard: true
  insecure: false

providers:
  file:
    filename: /etc/traefik/traefik.yml

certificatesResolvers:
  myresolver:
    acme:
      email: arcodage@gmail.com
      storage: acme.json
      tlsChallenge: {}

entryPoints:
  web:
    address: ":80"

  websecure:
    address: ":443"
  
  gitea:
    address: ":60000"

http:

  services:
    gitea:
      loadBalancer:
        servers:
          - url: "http://gitea.home"

  routers:
    acme-challenge:
      rule: Host(`rg-evry.changeip.co`) && PathPrefix(`/.well-known/acme-challenge`)
      service: api@internal
      tls:
        certResolver: myresolver
      entryPoints:
        - websecure
        - web
    
    main:
      rule: Host(`rg-evry.changeip.co`) && ClientIP(`90.16.102.250`)
      service: gitea
      tls:
        certResolver: myresolver
      entrypoints:
        - websecure
        - web
      middlewares:
        - localIp
        - redirectToGitea
        - resetPath


    dashboard:
      rule: Host(`traefik.home`) && (Path(`/`) || PathPrefix(`/api`) || PathPrefix(`/dashboard`))
      service: api@internal
      middlewares:
        - redirectToDashboard

    gitea:
      rule: Host(`rg-evry.changeip.co`) && ClientIP(`90.16.102.250`)
      service: gitea
      tls:
        certResolver: myresolver
      entryPoints:
        - gitea
      middlewares:
        - localIp

  middlewares:
    localIp:
      ipAllowList:
        sourceRange:
          - "192.168.1.0/24"
          - "90.16.102.250/32"
    redirectToDashboard:
      replacePathRegex:
        regex: ^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$
        replacement: ${1}/dashboard/
    
    resetPath:
      replacePath:
        path: "/"
    
    redirectToGitea:
      redirectScheme:
        scheme: https
        port: 60000

log:
  level: TRACE

accesslog: {}