knight/docker-stacks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0cbe7d386295edd35bc2f11801c115fd98d9e558
docker-stacks/stacks/traefik/conf.d/middlewares.yaml
knight 0cbe7d3862
Some checks failed
Deploy Stacks / deploy-prod (push) Failing after 0s
Details
Deploy Stacks / deploy-dev (push) Has been cancelled
Details
Use ubuntu-prod hostname in Traefik upstreams
2026-02-05 19:21:55 -05:00

262 lines
6.3 KiB
YAML
Executable File
Raw Blame History

core:
defaultRuleSyntax: v2
http:
routers:
https-redirect:
entryPoints:
- http
# Activate this Router on any Host requested
rule: "hostregexp(`{host:.+}`)"
service: dummy
middlewares:
- redirect-to-https
# (NEW) Redirect immich.ghost.tel to photos.ghost.tel
immich-redirect:
entryPoints:
- http
- https # Catch both HTTP and HTTPS requests
rule: Host(`immich.ghost.tel`)
service: dummy # Dummy service since it's a redirect, not proxying
middlewares:
- redirect-immich-to-photos
tls:
certResolver: http
homeassist:
entryPoints:
- https
rule: Host(`home.ghost.tel`)
service: HomeAssistant
tls:
certResolver: http
middlewares:
- securityHeaders
dynmap:
entryPoints:
- http
- https
rule: Host(`dynmap.ghost.tel`)
service: dynmap
tls:
certResolver: http
amp:
entryPoints:
- http
rule: Host(`amped.ghost.tel`)
service: amp
tls:
certResolver: http
# Uncomment if you need them; included for reference
# brake:
# entryPoints:
# - http
# rule: Host(`parker.ramz.cc`) || Host(`whoami.brake.tel`) || Host(`electrate.brake.tel`) || Host(`sarah.brake.tel`) || Host(`brake.tel`)
# service: brake
# brakehttps:
# entryPoints:
# - https
# rule: Host(`parker.ramz.cc`) || Host(`whoami.brake.tel`) || Host(`electrate.brake.tel`) || Host(`sarah.brake.tel`) || Host(`brake.tel`)
# service: brakehttps
invid:
entryPoints:
- http
- https
rule: Host(`inv.ghost.tel`) && !(Path(`/latest_version`) || PathPrefix(`/api/manifest/dash/id/`) || PathPrefix(`/videoplayback`) || PathPrefix(`/download`))
service: invid
tls:
certResolver: http
# (NEW) Route /companion path to Invidious Companion
invid-companion:
entryPoints:
- http
- https
rule: Host(`inv.ghost.tel`) && (Path(`/latest_version`) || PathPrefix(`/api/manifest/dash/id/`) || PathPrefix(`/youtubei/v1/player`) || PathPrefix(`/videoplayback`) || PathPrefix(`/download`))
service: invid-companion
tls:
certResolver: http
middlewares:
- invid-companion-prefix
# tempai:
# entryPoints:
# - http
# - https
# rule: Host(`shell.ghost.tel`)
# service: tempai
# tls:
# certResolver: http
# middlewares:
# - dashboard-auth
picam:
entryPoints:
- http
- https
rule: Host(`printview.ghost.tel`)
service: picam
tls:
certResolver: http
# Example internal API / dashboard config (for reference)
# my-api:
# entryPoints:
# - dashboard
# rule: "PathPrefix(`/dashboard`) || PathPrefix(`/api`)"
# service: api@internal
# middlewares:
# - dashboard-auth
my-secure-api:
entryPoints:
- https
rule: "Host(`traefik.ghost.tel`)"
service: api@internal
middlewares:
- auth
tls:
certResolver: http
services:
HomeAssistant:
loadBalancer:
passHostHeader: true
servers:
- url: "http://homeassistant.localdomain:8123"
dummy:
loadBalancer:
servers:
- url: "localhost"
dynmap:
loadBalancer:
servers:
- url: "http://ramiel:8123/"
amp:
loadBalancer:
passHostHeader: true
servers:
- url: "http://192.168.1.205:8080"
# brake:
# loadBalancer:
# passHostHeader: true
# servers:
# - url: "http://192.168.1.231:3333"
# brakehttps:
# loadBalancer:
# passHostHeader: true
# servers:
# - url: "http://192.168.1.231:3333"
invid:
loadBalancer:
passHostHeader: true
servers:
- url: "http://ubuntu-prod.localdomain:3000"
# (NEW) Invidious Companion service at port 8282
invid-companion:
loadBalancer:
passHostHeader: true
servers:
- url: "http://ubuntu-prod.localdomain:8282"
picam:
loadBalancer:
passHostHeader: true
servers:
- url: "http://192.168.1.80:8080"
# tempai:
# loadBalancer:
# passHostHeader: true
# servers:
# - url: "http://192.168.5.10:3001"
middlewares:
# (NEW) Middleware to redirect immich.ghost.tel to photos.ghost.tel
redirect-immich-to-photos:
redirectRegex:
regex: "^https?://immich\\.ghost\\.tel(/.*)?$"
replacement: "https://photos.ghost.tel$1"
permanent: true
dashboard-auth:
basicAuth:
usersFile: "/basicAuth"
redirect-to-https:
redirectScheme:
scheme: https
# permanent: true
auth:
forwardAuth:
address: http://ubuntu-prod.localdomain:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
securityHeaders:
headers:
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
server: ""
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: https
referrerPolicy: "same-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
contentTypeNosniff: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true
# (NEW) Adds /companion prefix before passing to Companion
invid-companion-prefix:
addPrefix:
prefix: "/companion"
gzip:
compress: {}
# Example for TCP routing (commented out)
# tcp:
# routers:
# router-ssh:
# entryPoints:
# - web-secure
# rule: HostSNI(`*`)
# service: service-ssh
# services:
# service-ssh:
# loadBalancer:
# servers:
# - address: 192.168.1.203:2245
Reference in New Issue View Git Blame Copy Permalink