## EXTERNAL ROUTING - Only use if you want to proxy something manually ## rou

1. ## EXTERNAL ROUTING - Only use if you want to proxy something manually ##
2. routers:
3. # Plex routing - Remove if not used
4. plex:
5. entryPoints:
6. - https
7. rule: 'Host(`plex.eksen.duckdns.org`)'
8. service: plex
9. # middlewares:
10. # - "auth"
11. ## SERVICES ##
12. services:
13. # Plex service - Remove if not used
14. plex:
15. loadBalancer:
16. servers:
17. - url: http://192.168.0.178:32400/
18.  
19. ## MIDDLEWARES ##
20. middlewares:
21. # Only Allow Local networks
22. local-ipallowlist:
23. ipAllowList:
24. sourceRange:
25. - 172.20.0.0/32 # localhost
26. - 192.168.0.0/24 # LAN Subnet
27.  
28.  
29. # used for crowdsec-bouncer
30. crowdsec-bouncer:
31. forwardauth:
32. address: http://crowdsec-traefik-bouncer:8080/api/v1/forwardAuth
33. trustForwardHeader: true
34.  
35. # Authentik
36. auth:
37. forwardauth:
38. address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik
39. trustForwardHeader: true
40. authResponseHeaders:
41. - X-authentik-username
42. - X-authentik-groups
43. - X-authentik-email
44. - X-authentik-name
45. - X-authentik-uid
46. - X-authentik-jwt
47. - X-authentik-meta-jwks
48. - X-authentik-meta-outpost
49. - X-authentik-meta-provider
50. - X-authentik-meta-app
51. - X-authentik-meta-version
52.  
53.  
54. # Security headers
55. securityHeaders:
56. headers:
57. customResponseHeaders:
58. X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
59. X-Forwarded-Proto: "https"
60. server: ""
61. customRequestHeaders:
62. X-Forwarded-Proto: "https"
63. sslProxyHeaders:
64. X-Forwarded-Proto: "https"
65. referrerPolicy: "same-origin"
66. hostsProxyHeaders:
67. - "X-Forwarded-Host"
68. contentTypeNosniff: true
69. browserXssFilter: true
70. forceSTSHeader: true
71. stsIncludeSubdomains: true
72. stsSeconds: 63072000
73. stsPreload: true
74.  
75. # Only use secure ciphers - https://ssl-config.mozilla.org/#server=traefik&version=2.6.0&config=intermediate&guideline=5.6
76. tls:
77. options:
78. default:
79. minVersion: VersionTLS12
80. cipherSuites:
81. - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
82. - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
83. - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
84. - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
85. - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
86. - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305