Move Traefik file routes to Docker labels
This commit is contained in:
@@ -31,6 +31,10 @@ services:
|
||||
- "traefik.http.routers.authentik.rule=Host(`authentik.${DOMAIN}`)"
|
||||
- "traefik.http.routers.authentik.tls.certresolver=http"
|
||||
- "traefik.http.services.authentik.loadbalancer.server.port=9000"
|
||||
- "traefik.http.routers.authentik-outpost.entrypoints=https"
|
||||
- "traefik.http.routers.authentik-outpost.rule=HostRegexp(`{subdomain:[a-z0-9]+}.ghost.tel`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
||||
- "traefik.http.routers.authentik-outpost.service=authentik"
|
||||
- "traefik.http.routers.authentik-outpost.tls.certresolver=http"
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:latest
|
||||
|
||||
@@ -16,7 +16,7 @@ services:
|
||||
- "traefik.http.routers.brain.entrypoints=https"
|
||||
- "traefik.http.routers.brain.rule=Host(`brain.${DOMAIN}`)"
|
||||
- "traefik.http.routers.brain.tls.certresolver=http"
|
||||
- "traefik.http.routers.brain.middlewares=auth@file"
|
||||
- "traefik.http.routers.brain.middlewares=auth@docker"
|
||||
|
||||
sftp:
|
||||
image: atmoz/sftp
|
||||
|
||||
@@ -18,7 +18,7 @@ services:
|
||||
- "traefik.http.routers.changedetection.entrypoints=https"
|
||||
- "traefik.http.routers.changedetection.rule=Host(`change.${DOMAIN}`)"
|
||||
- "traefik.http.routers.changedetection.tls.certresolver=http"
|
||||
- "traefik.http.routers.changedetection.middlewares=auth@file"
|
||||
- "traefik.http.routers.changedetection.middlewares=auth@docker"
|
||||
depends_on:
|
||||
- playwright-chrome
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@ services:
|
||||
- "traefik.http.routers.gollum.entrypoints=https"
|
||||
- "traefik.http.routers.gollum.rule=Host(`gollum.${DOMAIN}`)"
|
||||
- "traefik.http.routers.gollum.tls.certresolver=http"
|
||||
- "traefik.http.routers.gollum.middlewares=auth@file"
|
||||
- "traefik.http.routers.gollum.middlewares=auth@docker"
|
||||
|
||||
networks:
|
||||
web:
|
||||
|
||||
@@ -41,10 +41,10 @@ services:
|
||||
labels:
|
||||
- "com.ghost.tel/stack-type=public"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.invidious.loadbalancer.server.port=3000"
|
||||
- "traefik.http.routers.invidious.entrypoints=https"
|
||||
- "traefik.http.routers.invidious.rule=Host(`inv.${DOMAIN}`)"
|
||||
- "traefik.http.routers.invidious.tls.certresolver=http"
|
||||
- "traefik.http.services.invid.loadbalancer.server.port=3000"
|
||||
- "traefik.http.routers.invid.entrypoints=http,https"
|
||||
- "traefik.http.routers.invid.rule=Host(`inv.${DOMAIN}`) && !(Path(`/latest_version`) || PathPrefix(`/api/manifest/dash/id/`) || PathPrefix(`/videoplayback`) || PathPrefix(`/download`))"
|
||||
- "traefik.http.routers.invid.tls.certresolver=http"
|
||||
networks:
|
||||
- web
|
||||
- default
|
||||
@@ -74,10 +74,11 @@ services:
|
||||
memory: 1G
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.invidious-companion.loadbalancer.server.port=8282"
|
||||
- "traefik.http.routers.invidious-companion.entrypoints=https"
|
||||
- "traefik.http.routers.invidious-companion.rule=Host(`inv.${DOMAIN}`) && PathPrefix(`/companion`)"
|
||||
- "traefik.http.routers.invidious-companion.tls.certresolver=http"
|
||||
- "traefik.http.services.invid-companion.loadbalancer.server.port=8282"
|
||||
- "traefik.http.routers.invid-companion.entrypoints=http,https"
|
||||
- "traefik.http.routers.invid-companion.rule=Host(`inv.${DOMAIN}`) && (Path(`/latest_version`) || PathPrefix(`/api/manifest/dash/id/`) || PathPrefix(`/youtubei/v1/player`) || PathPrefix(`/videoplayback`) || PathPrefix(`/download`))"
|
||||
- "traefik.http.routers.invid-companion.tls.certresolver=http"
|
||||
- "traefik.http.routers.invid-companion.middlewares=invid-companion-prefix@docker"
|
||||
networks:
|
||||
- web
|
||||
- default
|
||||
|
||||
@@ -24,7 +24,7 @@ services:
|
||||
- "traefik.http.routers.todo-obbytodo.entrypoints=https"
|
||||
- "traefik.http.routers.todo-obbytodo.rule=Host(`shell.${DOMAIN}`) && PathPrefix(`/todo`)"
|
||||
- "traefik.http.routers.todo-obbytodo.tls.certresolver=http"
|
||||
- "traefik.http.routers.todo-obbytodo.middlewares=todo-obbytodo-stripprefix@docker,dashboard-auth@file"
|
||||
- "traefik.http.routers.todo-obbytodo.middlewares=todo-obbytodo-stripprefix@docker,dashboard-auth@docker"
|
||||
- "traefik.http.routers.todo-obbytodo.priority=100"
|
||||
- "traefik.http.middlewares.todo-obbytodo-stripprefix.stripPrefix.prefixes=/todo"
|
||||
- "traefik.http.services.todo-obbytodo.loadbalancer.server.port=3000"
|
||||
@@ -32,7 +32,7 @@ services:
|
||||
- "traefik.http.routers.events-obbytodo.entrypoints=https"
|
||||
- "traefik.http.routers.events-obbytodo.rule=Host(`shell.${DOMAIN}`) && PathPrefix(`/events`)"
|
||||
- "traefik.http.routers.events-obbytodo.tls.certresolver=http"
|
||||
- "traefik.http.routers.events-obbytodo.middlewares=dashboard-auth@file"
|
||||
- "traefik.http.routers.events-obbytodo.middlewares=dashboard-auth@docker"
|
||||
- "traefik.http.routers.events-obbytodo.priority=100"
|
||||
- "traefik.http.routers.events-obbytodo.service=todo-obbytodo"
|
||||
|
||||
@@ -64,7 +64,7 @@ services:
|
||||
- "traefik.http.routers.shell-secure.entrypoints=https"
|
||||
- "traefik.http.routers.shell-secure.rule=Host(`shell.${DOMAIN}`)"
|
||||
- "traefik.http.routers.shell-secure.tls.certresolver=http"
|
||||
- "traefik.http.routers.shell-secure.middlewares=dashboard-auth@file"
|
||||
- "traefik.http.routers.shell-secure.middlewares=dashboard-auth@docker"
|
||||
- "traefik.http.services.shell-secure.loadbalancer.server.port=3033"
|
||||
- "traefik.http.routers.shell-secure.service=shell-secure"
|
||||
|
||||
|
||||
24
stacks/service-map/docker-compose.yml
Normal file
24
stacks/service-map/docker-compose.yml
Normal file
@@ -0,0 +1,24 @@
|
||||
services:
|
||||
service-map:
|
||||
build: .
|
||||
container_name: service-map
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "com.ghost.tel/stack-type=dev-only"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.service-map.rule=Host(`map.ghost.tel`)"
|
||||
- "traefik.http.routers.service-map.entrypoints=https"
|
||||
- "traefik.http.routers.service-map.tls.certresolver=http"
|
||||
- "traefik.http.routers.service-map.middlewares=dashboard-auth@docker"
|
||||
- "traefik.http.services.service-map.loadbalancer.server.port=3000"
|
||||
environment:
|
||||
- HOSTS=ubuntu-dev,ubuntu-prod
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ~/.ssh:/root/.ssh:ro
|
||||
networks:
|
||||
- web
|
||||
|
||||
networks:
|
||||
web:
|
||||
external: true
|
||||
@@ -1,23 +0,0 @@
|
||||
http:
|
||||
routers:
|
||||
authentik:
|
||||
entrypoints:
|
||||
- https
|
||||
rule: "Host(`authentik.ghost.tel`)"
|
||||
service: authentik
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
authentik-outpost:
|
||||
entrypoints:
|
||||
- https
|
||||
rule: "HostRegexp(`{subdomain:[a-z0-9]+}.ghost.tel`) && PathPrefix(`/outpost.goauthentik.io/`)"
|
||||
service: authentik
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
services:
|
||||
authentik:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://ubuntu-prod.localdomain:9000"
|
||||
@@ -1,14 +0,0 @@
|
||||
tcp:
|
||||
routers:
|
||||
ssh-router:
|
||||
entryPoints:
|
||||
- ssh
|
||||
rule: "HostSNI(`*`)"
|
||||
service: ssh-service
|
||||
|
||||
services:
|
||||
ssh-service:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- address: "web:22" # Reference the service name defined in docker-compose
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
http:
|
||||
routers:
|
||||
library:
|
||||
entrypoints:
|
||||
- https
|
||||
- http
|
||||
rule: Host(`library.ghost.tel`)
|
||||
service: library
|
||||
tls:
|
||||
certResolver: http
|
||||
middlewares:
|
||||
- securityHeaders
|
||||
|
||||
services:
|
||||
library:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://docker-dev:8033/"
|
||||
@@ -1,19 +0,0 @@
|
||||
http:
|
||||
routers:
|
||||
meshmon:
|
||||
entrypoints:
|
||||
- https
|
||||
- http
|
||||
rule: Host(`meshmon.ghost.tel`)
|
||||
service: meshmon
|
||||
tls:
|
||||
certResolver: http
|
||||
middlewares:
|
||||
- securityHeaders
|
||||
|
||||
services:
|
||||
meshmon:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://docker-dev:8383/"
|
||||
@@ -1,261 +0,0 @@
|
||||
core:
|
||||
defaultRuleSyntax: v2
|
||||
|
||||
http:
|
||||
routers:
|
||||
https-redirect:
|
||||
entryPoints:
|
||||
- http
|
||||
# Activate this Router on any Host requested
|
||||
rule: "hostregexp(`{host:.+}`)"
|
||||
service: dummy
|
||||
middlewares:
|
||||
- redirect-to-https
|
||||
|
||||
# (NEW) Redirect immich.ghost.tel to photos.ghost.tel
|
||||
immich-redirect:
|
||||
entryPoints:
|
||||
- http
|
||||
- https # Catch both HTTP and HTTPS requests
|
||||
rule: Host(`immich.ghost.tel`)
|
||||
service: dummy # Dummy service since it's a redirect, not proxying
|
||||
middlewares:
|
||||
- redirect-immich-to-photos
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
homeassist:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: Host(`home.ghost.tel`)
|
||||
service: HomeAssistant
|
||||
tls:
|
||||
certResolver: http
|
||||
middlewares:
|
||||
- securityHeaders
|
||||
|
||||
dynmap:
|
||||
entryPoints:
|
||||
- http
|
||||
- https
|
||||
rule: Host(`dynmap.ghost.tel`)
|
||||
service: dynmap
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
amp:
|
||||
entryPoints:
|
||||
- http
|
||||
rule: Host(`amped.ghost.tel`)
|
||||
service: amp
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
# Uncomment if you need them; included for reference
|
||||
# brake:
|
||||
# entryPoints:
|
||||
# - http
|
||||
# rule: Host(`parker.ramz.cc`) || Host(`whoami.brake.tel`) || Host(`electrate.brake.tel`) || Host(`sarah.brake.tel`) || Host(`brake.tel`)
|
||||
# service: brake
|
||||
|
||||
# brakehttps:
|
||||
# entryPoints:
|
||||
# - https
|
||||
# rule: Host(`parker.ramz.cc`) || Host(`whoami.brake.tel`) || Host(`electrate.brake.tel`) || Host(`sarah.brake.tel`) || Host(`brake.tel`)
|
||||
# service: brakehttps
|
||||
|
||||
invid:
|
||||
entryPoints:
|
||||
- http
|
||||
- https
|
||||
rule: Host(`inv.ghost.tel`) && !(Path(`/latest_version`) || PathPrefix(`/api/manifest/dash/id/`) || PathPrefix(`/videoplayback`) || PathPrefix(`/download`))
|
||||
service: invid
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
# (NEW) Route /companion path to Invidious Companion
|
||||
invid-companion:
|
||||
entryPoints:
|
||||
- http
|
||||
- https
|
||||
rule: Host(`inv.ghost.tel`) && (Path(`/latest_version`) || PathPrefix(`/api/manifest/dash/id/`) || PathPrefix(`/youtubei/v1/player`) || PathPrefix(`/videoplayback`) || PathPrefix(`/download`))
|
||||
service: invid-companion
|
||||
tls:
|
||||
certResolver: http
|
||||
middlewares:
|
||||
- invid-companion-prefix
|
||||
|
||||
# tempai:
|
||||
# entryPoints:
|
||||
# - http
|
||||
# - https
|
||||
# rule: Host(`shell.ghost.tel`)
|
||||
# service: tempai
|
||||
# tls:
|
||||
# certResolver: http
|
||||
# middlewares:
|
||||
# - dashboard-auth
|
||||
|
||||
|
||||
picam:
|
||||
entryPoints:
|
||||
- http
|
||||
- https
|
||||
rule: Host(`printview.ghost.tel`)
|
||||
service: picam
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
# Example internal API / dashboard config (for reference)
|
||||
# my-api:
|
||||
# entryPoints:
|
||||
# - dashboard
|
||||
# rule: "PathPrefix(`/dashboard`) || PathPrefix(`/api`)"
|
||||
# service: api@internal
|
||||
# middlewares:
|
||||
# - dashboard-auth
|
||||
|
||||
my-secure-api:
|
||||
entryPoints:
|
||||
- https
|
||||
rule: "Host(`traefik.ghost.tel`)"
|
||||
service: api@internal
|
||||
middlewares:
|
||||
- auth
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
services:
|
||||
HomeAssistant:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://homeassistant.localdomain:8123"
|
||||
|
||||
dummy:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "localhost"
|
||||
|
||||
dynmap:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://ramiel:8123/"
|
||||
|
||||
amp:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://192.168.1.205:8080"
|
||||
|
||||
# brake:
|
||||
# loadBalancer:
|
||||
# passHostHeader: true
|
||||
# servers:
|
||||
# - url: "http://192.168.1.231:3333"
|
||||
|
||||
# brakehttps:
|
||||
# loadBalancer:
|
||||
# passHostHeader: true
|
||||
# servers:
|
||||
# - url: "http://192.168.1.231:3333"
|
||||
|
||||
invid:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://ubuntu-prod.localdomain:3000"
|
||||
|
||||
# (NEW) Invidious Companion service at port 8282
|
||||
invid-companion:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://ubuntu-prod.localdomain:8282"
|
||||
|
||||
picam:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://192.168.1.80:8080"
|
||||
|
||||
# tempai:
|
||||
# loadBalancer:
|
||||
# passHostHeader: true
|
||||
# servers:
|
||||
# - url: "http://192.168.5.10:3001"
|
||||
|
||||
|
||||
middlewares:
|
||||
# (NEW) Middleware to redirect immich.ghost.tel to photos.ghost.tel
|
||||
redirect-immich-to-photos:
|
||||
redirectRegex:
|
||||
regex: "^https?://immich\\.ghost\\.tel(/.*)?$"
|
||||
replacement: "https://photos.ghost.tel$1"
|
||||
permanent: true
|
||||
|
||||
dashboard-auth:
|
||||
basicAuth:
|
||||
usersFile: "/basicAuth"
|
||||
|
||||
redirect-to-https:
|
||||
redirectScheme:
|
||||
scheme: https
|
||||
# permanent: true
|
||||
|
||||
auth:
|
||||
forwardAuth:
|
||||
address: http://ubuntu-prod.localdomain:9000/outpost.goauthentik.io/auth/traefik
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- X-authentik-username
|
||||
- X-authentik-groups
|
||||
- X-authentik-email
|
||||
- X-authentik-name
|
||||
- X-authentik-uid
|
||||
- X-authentik-jwt
|
||||
- X-authentik-meta-jwks
|
||||
- X-authentik-meta-outpost
|
||||
- X-authentik-meta-provider
|
||||
- X-authentik-meta-app
|
||||
- X-authentik-meta-version
|
||||
|
||||
securityHeaders:
|
||||
headers:
|
||||
customResponseHeaders:
|
||||
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
|
||||
server: ""
|
||||
X-Forwarded-Proto: "https"
|
||||
sslProxyHeaders:
|
||||
X-Forwarded-Proto: https
|
||||
referrerPolicy: "same-origin"
|
||||
hostsProxyHeaders:
|
||||
- "X-Forwarded-Host"
|
||||
contentTypeNosniff: true
|
||||
browserXssFilter: true
|
||||
forceSTSHeader: true
|
||||
stsIncludeSubdomains: true
|
||||
stsSeconds: 63072000
|
||||
stsPreload: true
|
||||
|
||||
# (NEW) Adds /companion prefix before passing to Companion
|
||||
invid-companion-prefix:
|
||||
addPrefix:
|
||||
prefix: "/companion"
|
||||
|
||||
gzip:
|
||||
compress: {}
|
||||
|
||||
# Example for TCP routing (commented out)
|
||||
# tcp:
|
||||
# routers:
|
||||
# router-ssh:
|
||||
# entryPoints:
|
||||
# - web-secure
|
||||
# rule: HostSNI(`*`)
|
||||
# service: service-ssh
|
||||
# services:
|
||||
# service-ssh:
|
||||
# loadBalancer:
|
||||
# servers:
|
||||
# - address: 192.168.1.203:2245
|
||||
@@ -1,21 +0,0 @@
|
||||
http:
|
||||
routers:
|
||||
skeyta:
|
||||
entrypoints:
|
||||
- https
|
||||
- http
|
||||
rule: Host(`skeyta.ghost.tel`)
|
||||
service: skeyta
|
||||
tls:
|
||||
certResolver: http
|
||||
middlewares:
|
||||
- securityHeaders
|
||||
|
||||
services:
|
||||
skeyta:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://ramiel.localdomain:8"
|
||||
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
core:
|
||||
defaultRuleSyntax: v2
|
||||
|
||||
http:
|
||||
routers:
|
||||
radio:
|
||||
entrypoints:
|
||||
- https
|
||||
- http
|
||||
rule: Host(`radio.uplink.tel`)
|
||||
service: radio
|
||||
tls:
|
||||
certResolver: http
|
||||
middlewares:
|
||||
- securityHeaders
|
||||
|
||||
services:
|
||||
radio:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://wunder.localdomain:3000"
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
# sequela.tel routing
|
||||
# All services now run locally via Docker labels:
|
||||
# - wiki.sequela.tel / wiki.sequela.uk -> wikijs-public stack
|
||||
# - matomo.sequela.tel / matomo.sequela.uk -> matomo-public stack
|
||||
#
|
||||
# This file is kept for reference but contains no active routes.
|
||||
@@ -1,23 +0,0 @@
|
||||
core:
|
||||
defaultRuleSyntax: v2
|
||||
|
||||
http:
|
||||
routers:
|
||||
spider:
|
||||
entrypoints:
|
||||
- https
|
||||
- http
|
||||
rule: Host(`spider.ghost.tel`)
|
||||
service: spider
|
||||
tls:
|
||||
certResolver: http
|
||||
middlewares:
|
||||
- securityHeaders
|
||||
|
||||
services:
|
||||
spider:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://melchior.localdomain:30870"
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
core:
|
||||
defaultRuleSyntax: v2
|
||||
|
||||
http:
|
||||
routers:
|
||||
tlc:
|
||||
entrypoints:
|
||||
- https
|
||||
- http
|
||||
rule: Host(`tlc.ghost.tel`) || Host(`thislittlecorner.net`)
|
||||
service: tlc
|
||||
tls:
|
||||
certResolver: http
|
||||
middlewares:
|
||||
- securityHeaders
|
||||
|
||||
services:
|
||||
tlc:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://docker-dev:8080/"
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
# uplink.tel routing
|
||||
# Most services now run locally via Docker labels
|
||||
# This file only contains routes that still need external proxying
|
||||
|
||||
http:
|
||||
routers:
|
||||
# Invidious on uplink.tel still goes to docker-public
|
||||
# (local invidious is inv.ghost.tel)
|
||||
invidious-uplink:
|
||||
entrypoints:
|
||||
- https
|
||||
rule: "Host(`invidious.uplink.tel`)"
|
||||
service: docker-public
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
# Radio (wunder - currently offline)
|
||||
radio:
|
||||
entrypoints:
|
||||
- https
|
||||
- http
|
||||
rule: "Host(`radio.uplink.tel`)"
|
||||
service: radio-wunder
|
||||
tls:
|
||||
certResolver: http
|
||||
|
||||
services:
|
||||
# Proxy to docker-public's traefik (for invidious.uplink.tel)
|
||||
docker-public:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
serversTransport: insecure-transport
|
||||
servers:
|
||||
- url: "https://192.168.5.46:443"
|
||||
|
||||
# Radio points to wunder (offline)
|
||||
radio-wunder:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://100.64.0.8:3000"
|
||||
|
||||
serversTransports:
|
||||
insecure-transport:
|
||||
insecureSkipVerify: true
|
||||
@@ -1,20 +0,0 @@
|
||||
http:
|
||||
routers:
|
||||
photos:
|
||||
entrypoints:
|
||||
- https
|
||||
- http
|
||||
rule: Host(`photos.ghost.tel`)
|
||||
service: wille
|
||||
tls:
|
||||
certResolver: http
|
||||
middlewares:
|
||||
- securityHeaders
|
||||
|
||||
services:
|
||||
wille:
|
||||
loadBalancer:
|
||||
passHostHeader: true
|
||||
servers:
|
||||
- url: "http://wille.localdomain:2283"
|
||||
|
||||
@@ -7,6 +7,127 @@ services:
|
||||
- no-new-privileges:true
|
||||
labels:
|
||||
- "com.ghost.tel/stack-type=prod"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.traefik.entrypoints=https"
|
||||
- "traefik.http.routers.traefik.rule=Host(`traefik.ghost.tel`)"
|
||||
- "traefik.http.routers.traefik.service=api@internal"
|
||||
- "traefik.http.routers.traefik.middlewares=auth@docker"
|
||||
- "traefik.http.routers.traefik.tls.certresolver=http"
|
||||
- "traefik.http.routers.immich-redirect.entrypoints=http,https"
|
||||
- "traefik.http.routers.immich-redirect.rule=Host(`immich.ghost.tel`)"
|
||||
- "traefik.http.routers.immich-redirect.service=dummy"
|
||||
- "traefik.http.routers.immich-redirect.middlewares=redirect-immich-to-photos@docker"
|
||||
- "traefik.http.routers.immich-redirect.tls.certresolver=http"
|
||||
- "traefik.http.routers.homeassist.entrypoints=https"
|
||||
- "traefik.http.routers.homeassist.rule=Host(`home.ghost.tel`)"
|
||||
- "traefik.http.routers.homeassist.service=homeassistant"
|
||||
- "traefik.http.routers.homeassist.middlewares=securityHeaders@docker"
|
||||
- "traefik.http.routers.homeassist.tls.certresolver=http"
|
||||
- "traefik.http.routers.dynmap.entrypoints=http,https"
|
||||
- "traefik.http.routers.dynmap.rule=Host(`dynmap.ghost.tel`)"
|
||||
- "traefik.http.routers.dynmap.service=dynmap"
|
||||
- "traefik.http.routers.dynmap.tls.certresolver=http"
|
||||
- "traefik.http.routers.amp.entrypoints=http"
|
||||
- "traefik.http.routers.amp.rule=Host(`amped.ghost.tel`)"
|
||||
- "traefik.http.routers.amp.service=amp"
|
||||
- "traefik.http.routers.amp.tls.certresolver=http"
|
||||
- "traefik.http.routers.picam.entrypoints=http,https"
|
||||
- "traefik.http.routers.picam.rule=Host(`printview.ghost.tel`)"
|
||||
- "traefik.http.routers.picam.service=picam"
|
||||
- "traefik.http.routers.picam.tls.certresolver=http"
|
||||
- "traefik.http.routers.library.entrypoints=http,https"
|
||||
- "traefik.http.routers.library.rule=Host(`library.ghost.tel`)"
|
||||
- "traefik.http.routers.library.service=library"
|
||||
- "traefik.http.routers.library.middlewares=securityHeaders@docker"
|
||||
- "traefik.http.routers.library.tls.certresolver=http"
|
||||
- "traefik.http.routers.meshmon.entrypoints=http,https"
|
||||
- "traefik.http.routers.meshmon.rule=Host(`meshmon.ghost.tel`)"
|
||||
- "traefik.http.routers.meshmon.service=meshmon"
|
||||
- "traefik.http.routers.meshmon.middlewares=securityHeaders@docker"
|
||||
- "traefik.http.routers.meshmon.tls.certresolver=http"
|
||||
- "traefik.http.routers.skeyta.entrypoints=http,https"
|
||||
- "traefik.http.routers.skeyta.rule=Host(`skeyta.ghost.tel`)"
|
||||
- "traefik.http.routers.skeyta.service=skeyta"
|
||||
- "traefik.http.routers.skeyta.middlewares=securityHeaders@docker"
|
||||
- "traefik.http.routers.skeyta.tls.certresolver=http"
|
||||
- "traefik.http.routers.radio.entrypoints=http,https"
|
||||
- "traefik.http.routers.radio.rule=Host(`radio.uplink.tel`)"
|
||||
- "traefik.http.routers.radio.service=radio"
|
||||
- "traefik.http.routers.radio.middlewares=securityHeaders@docker"
|
||||
- "traefik.http.routers.radio.tls.certresolver=http"
|
||||
- "traefik.http.routers.spider.entrypoints=http,https"
|
||||
- "traefik.http.routers.spider.rule=Host(`spider.ghost.tel`)"
|
||||
- "traefik.http.routers.spider.service=spider"
|
||||
- "traefik.http.routers.spider.middlewares=securityHeaders@docker"
|
||||
- "traefik.http.routers.spider.tls.certresolver=http"
|
||||
- "traefik.http.routers.tlc.entrypoints=http,https"
|
||||
- "traefik.http.routers.tlc.rule=Host(`tlc.ghost.tel`) || Host(`thislittlecorner.net`)"
|
||||
- "traefik.http.routers.tlc.service=tlc"
|
||||
- "traefik.http.routers.tlc.middlewares=securityHeaders@docker"
|
||||
- "traefik.http.routers.tlc.tls.certresolver=http"
|
||||
- "traefik.http.routers.photos.entrypoints=http,https"
|
||||
- "traefik.http.routers.photos.rule=Host(`photos.ghost.tel`)"
|
||||
- "traefik.http.routers.photos.service=wille"
|
||||
- "traefik.http.routers.photos.middlewares=securityHeaders@docker"
|
||||
- "traefik.http.routers.photos.tls.certresolver=http"
|
||||
- "traefik.http.routers.invidious-uplink.entrypoints=https"
|
||||
- "traefik.http.routers.invidious-uplink.rule=Host(`invidious.uplink.tel`)"
|
||||
- "traefik.http.routers.invidious-uplink.service=docker-public"
|
||||
- "traefik.http.routers.invidious-uplink.tls.certresolver=http"
|
||||
- "traefik.http.routers.service-map.entrypoints=https"
|
||||
- "traefik.http.routers.service-map.rule=Host(`map.ghost.tel`)"
|
||||
- "traefik.http.routers.service-map.service=service-map"
|
||||
- "traefik.http.routers.service-map.middlewares=dashboard-auth@docker"
|
||||
- "traefik.http.routers.service-map.tls.certresolver=http"
|
||||
- "traefik.http.services.dummy.loadbalancer.server.url=http://127.0.0.1"
|
||||
- "traefik.http.services.homeassistant.loadbalancer.server.url=http://homeassistant.localdomain:8123"
|
||||
- "traefik.http.services.homeassistant.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.dynmap.loadbalancer.server.url=http://ramiel:8123/"
|
||||
- "traefik.http.services.amp.loadbalancer.server.url=http://192.168.1.205:8080"
|
||||
- "traefik.http.services.amp.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.picam.loadbalancer.server.url=http://192.168.1.80:8080"
|
||||
- "traefik.http.services.picam.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.library.loadbalancer.server.url=http://docker-dev:8033/"
|
||||
- "traefik.http.services.library.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.meshmon.loadbalancer.server.url=http://docker-dev:8383/"
|
||||
- "traefik.http.services.meshmon.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.skeyta.loadbalancer.server.url=http://ramiel.localdomain:8"
|
||||
- "traefik.http.services.skeyta.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.radio.loadbalancer.server.url=http://100.64.0.8:3000"
|
||||
- "traefik.http.services.radio.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.spider.loadbalancer.server.url=http://melchior.localdomain:30870"
|
||||
- "traefik.http.services.spider.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.tlc.loadbalancer.server.url=http://docker-dev:8080/"
|
||||
- "traefik.http.services.tlc.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.wille.loadbalancer.server.url=http://wille.localdomain:2283"
|
||||
- "traefik.http.services.wille.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.service-map.loadbalancer.server.url=http://docker-dev:3333/"
|
||||
- "traefik.http.services.service-map.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.docker-public.loadbalancer.server.url=https://192.168.5.46:443"
|
||||
- "traefik.http.services.docker-public.loadbalancer.passHostHeader=true"
|
||||
- "traefik.http.services.docker-public.loadbalancer.serversTransport=insecure-transport"
|
||||
- "traefik.http.serversTransports.insecure-transport.insecureSkipVerify=true"
|
||||
- "traefik.http.middlewares.redirect-immich-to-photos.redirectregex.regex=^https?://immich\\.ghost\\.tel(/.*)?$"
|
||||
- "traefik.http.middlewares.redirect-immich-to-photos.redirectregex.replacement=https://photos.ghost.tel$1"
|
||||
- "traefik.http.middlewares.redirect-immich-to-photos.redirectregex.permanent=true"
|
||||
- "traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/basicAuth"
|
||||
- "traefik.http.middlewares.auth.forwardauth.address=http://authentik-server:9000/outpost.goauthentik.io/auth/traefik"
|
||||
- "traefik.http.middlewares.auth.forwardauth.trustForwardHeader=true"
|
||||
- "traefik.http.middlewares.auth.forwardauth.authResponseHeaders=X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.customResponseHeaders.X-Robots-Tag=none,noarchive,nosnippet,notranslate,noimageindex"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.customResponseHeaders.server="
|
||||
- "traefik.http.middlewares.securityHeaders.headers.customResponseHeaders.X-Forwarded-Proto=https"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.sslProxyHeaders.X-Forwarded-Proto=https"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.referrerPolicy=same-origin"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.hostsProxyHeaders=X-Forwarded-Host"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.contentTypeNosniff=true"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.browserXssFilter=true"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.forceSTSHeader=true"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.stsIncludeSubdomains=true"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.stsSeconds=63072000"
|
||||
- "traefik.http.middlewares.securityHeaders.headers.stsPreload=true"
|
||||
- "traefik.http.middlewares.invid-companion-prefix.addprefix.prefix=/companion"
|
||||
- "traefik.http.middlewares.gzip.compress=true"
|
||||
networks:
|
||||
- web
|
||||
ports:
|
||||
@@ -19,7 +140,6 @@ services:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- ./traefik.yml:/traefik.yml:ro
|
||||
- ./acme.json:/acme.json
|
||||
- ./conf.d/:/conf.d/
|
||||
- ./basicAuth:/basicAuth:ro
|
||||
- /var/log:/var/log
|
||||
|
||||
|
||||
@@ -22,9 +22,6 @@ entryPoints:
|
||||
|
||||
providers:
|
||||
providersThrottleDuration: 2s
|
||||
file:
|
||||
directory: "/conf.d"
|
||||
watch: true
|
||||
docker:
|
||||
watch: true
|
||||
endpoint: "unix:///var/run/docker.sock"
|
||||
@@ -66,4 +63,3 @@ metrics:
|
||||
- 0.3
|
||||
- 1.2
|
||||
- 5.0
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@ services:
|
||||
- "traefik.http.routers.zerotier.entrypoints=https"
|
||||
- "traefik.http.routers.zerotier.rule=Host(`zerotierui.${DOMAIN}`)"
|
||||
- "traefik.http.routers.zerotier.tls.certresolver=http"
|
||||
- "traefik.http.routers.zerotier.middlewares=dashboard-auth@file"
|
||||
- "traefik.http.routers.zerotier.middlewares=dashboard-auth@docker"
|
||||
- "traefik.http.services.zerotier.loadbalancer.server.port=3000"
|
||||
|
||||
networks:
|
||||
|
||||
Reference in New Issue
Block a user