dynamic/core.yaml

1. http:
2.  
3. #----------------------: https://doc.traefik.io/traefik/routing/routers/
4. routers:
5.  
6. # harden dashboard access: can only be accessed with a username/password
7. dashboard:
8. rule: "Host(`traefik-proxy.mydomain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
9. service: api@internal
10. middlewares:
11. - auth
12.  
13. # catchall rule, evaluated when no router exists for a request;
14. # applicable to HTTP and HTTPS entryPoints only
15. catchall:
16. entryPoints:
17. - "http"
18. - "https"
19. rule: "PathPrefix(`/`)"
20. service: unavailable
21. priority: 1
22.  
23. #----------------------: https://doc.traefik.io/traefik/routing/services/
24. services:
25.  
26. # Service that will always provide a 503 Service Unavailable response
27. unavailable:
28. loadBalancer:
29. servers: {}
30.  
31. #----------------------: https://doc.traefik.io/traefik/middlewares/http/overview/
32. middlewares:
33.  
34. auth:
35. basicAuth:
36. users: # users and MD5 hashed passwords, granted access to the traefik-proxy dashboard
37. - "user:$1$qkpRj/qY$FRb0wAZO8saHdPr4M4oE90"
38.  
39. internal-hosts-endorsed:
40. ipAllowList:
41. sourceRange:
42. - "192.168.2.0/24"
43.  
44. http-only:
45. redirectScheme:
46. scheme: http
47. permanent: true
48.  
49. internal-http-hosts:
50. chain:
51. middlewares:
52. - internal-hosts-endorsed
53. - http-only
54.  
55. https-only:
56. redirectScheme:
57. scheme: https
58. permanent: true
59.  
60. # chains are useful when multiple middleware needs to be applied to a route,
61. # especially if the chain has to be applied to multiple routes
62. internal-https-hosts:
63. chain:
64. middlewares:
65. - internal-hosts-endorsed
66. - https-only
67.  
68. #----------------------: https://doc.traefik.io/traefik/https/tls/
69. tls:
70. options:
71. default:
72. minVersion: VersionTLS13 # change to a lower version if you expect to service Internet traffic from around the world
73. curvePreferences: # below is ordered list
74. - X25519 # the most commonly used 128-bit
75. - CurveP256 # the next most commonly used 128-bit
76. - CurveP384 # 192-bit
77. - CurveP521 # 256-bit
78. sniStrict: true # true if our own certificates should be enforced
79.  
80. #### Traefik uses its own default certificate for connections without SNI, or without a matching domain.
81. # certificates:
82. # - certFile: /etc/traefik/domain.cert
83. # keyFile: /etc/traefik/domain.key
84. # - certFile: /etc/traefik/certificate.pem
85. # keyFile: /etc/traefik/private_key.pem
86.  
87. #### However, we can provide our own default certificate, instead of using the Traefik default.
88. # stores:
89. # default:
90. # defaultCertificate:
91. # certFile: /etc/traefik/cert.crt
92. # keyFile: /etc/traefik/cert.key
93.  
94. #### Alternatively, we can use an ACME generated default certificate.
95. stores:
96. default:
97. defaultGeneratedCert:
98. resolver: cloudflare
99. domain:
100. main: mydomain.com
101. sans:
102. - "*.mydomain.com"