core: defaultRuleSyntax: v2 http: routers: https-redirect: entryPoints: - http # Activate this Router on any Host requested rule: "hostregexp(`{host:.+}`)" service: dummy middlewares: - redirect-to-https # (NEW) Redirect immich.ghost.tel to photos.ghost.tel immich-redirect: entryPoints: - http - https # Catch both HTTP and HTTPS requests rule: Host(`immich.ghost.tel`) service: dummy # Dummy service since it's a redirect, not proxying middlewares: - redirect-immich-to-photos tls: certResolver: http homeassist: entryPoints: - https rule: Host(`home.ghost.tel`) service: HomeAssistant tls: certResolver: http middlewares: - securityHeaders dynmap: entryPoints: - http - https rule: Host(`dynmap.ghost.tel`) service: dynmap tls: certResolver: http amp: entryPoints: - http rule: Host(`amped.ghost.tel`) service: amp tls: certResolver: http # Uncomment if you need them; included for reference # brake: # entryPoints: # - http # rule: Host(`parker.ramz.cc`) || Host(`whoami.brake.tel`) || Host(`electrate.brake.tel`) || Host(`sarah.brake.tel`) || Host(`brake.tel`) # service: brake # brakehttps: # entryPoints: # - https # rule: Host(`parker.ramz.cc`) || Host(`whoami.brake.tel`) || Host(`electrate.brake.tel`) || Host(`sarah.brake.tel`) || Host(`brake.tel`) # service: brakehttps invid: entryPoints: - http - https rule: Host(`inv.ghost.tel`) && !(Path(`/latest_version`) || PathPrefix(`/api/manifest/dash/id/`) || PathPrefix(`/videoplayback`) || PathPrefix(`/download`)) service: invid tls: certResolver: http # (NEW) Route /companion path to Invidious Companion invid-companion: entryPoints: - http - https rule: Host(`inv.ghost.tel`) && (Path(`/latest_version`) || PathPrefix(`/api/manifest/dash/id/`) || PathPrefix(`/youtubei/v1/player`) || PathPrefix(`/videoplayback`) || PathPrefix(`/download`)) service: invid-companion tls: certResolver: http middlewares: - invid-companion-prefix # tempai: # entryPoints: # - http # - https # rule: Host(`shell.ghost.tel`) # service: tempai # tls: # certResolver: http # middlewares: # - dashboard-auth picam: entryPoints: - http - https rule: Host(`printview.ghost.tel`) service: picam tls: certResolver: http # Example internal API / dashboard config (for reference) # my-api: # entryPoints: # - dashboard # rule: "PathPrefix(`/dashboard`) || PathPrefix(`/api`)" # service: api@internal # middlewares: # - dashboard-auth my-secure-api: entryPoints: - https rule: "Host(`traefik.ghost.tel`)" service: api@internal middlewares: - auth tls: certResolver: http services: HomeAssistant: loadBalancer: passHostHeader: true servers: - url: "http://homeassistant.localdomain:8123" dummy: loadBalancer: servers: - url: "localhost" dynmap: loadBalancer: servers: - url: "http://ramiel:8123/" amp: loadBalancer: passHostHeader: true servers: - url: "http://192.168.1.205:8080" # brake: # loadBalancer: # passHostHeader: true # servers: # - url: "http://192.168.1.231:3333" # brakehttps: # loadBalancer: # passHostHeader: true # servers: # - url: "http://192.168.1.231:3333" invid: loadBalancer: passHostHeader: true servers: - url: "http://ubuntu-prod.localdomain:3000" # (NEW) Invidious Companion service at port 8282 invid-companion: loadBalancer: passHostHeader: true servers: - url: "http://ubuntu-prod.localdomain:8282" picam: loadBalancer: passHostHeader: true servers: - url: "http://192.168.1.80:8080" # tempai: # loadBalancer: # passHostHeader: true # servers: # - url: "http://192.168.5.10:3001" middlewares: # (NEW) Middleware to redirect immich.ghost.tel to photos.ghost.tel redirect-immich-to-photos: redirectRegex: regex: "^https?://immich\\.ghost\\.tel(/.*)?$" replacement: "https://photos.ghost.tel$1" permanent: true dashboard-auth: basicAuth: usersFile: "/basicAuth" redirect-to-https: redirectScheme: scheme: https # permanent: true auth: forwardAuth: address: http://ubuntu-prod.localdomain:9000/outpost.goauthentik.io/auth/traefik trustForwardHeader: true authResponseHeaders: - X-authentik-username - X-authentik-groups - X-authentik-email - X-authentik-name - X-authentik-uid - X-authentik-jwt - X-authentik-meta-jwks - X-authentik-meta-outpost - X-authentik-meta-provider - X-authentik-meta-app - X-authentik-meta-version securityHeaders: headers: customResponseHeaders: X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" server: "" X-Forwarded-Proto: "https" sslProxyHeaders: X-Forwarded-Proto: https referrerPolicy: "same-origin" hostsProxyHeaders: - "X-Forwarded-Host" contentTypeNosniff: true browserXssFilter: true forceSTSHeader: true stsIncludeSubdomains: true stsSeconds: 63072000 stsPreload: true # (NEW) Adds /companion prefix before passing to Companion invid-companion-prefix: addPrefix: prefix: "/companion" gzip: compress: {} # Example for TCP routing (commented out) # tcp: # routers: # router-ssh: # entryPoints: # - web-secure # rule: HostSNI(`*`) # service: service-ssh # services: # service-ssh: # loadBalancer: # servers: # - address: 192.168.1.203:2245