oster
/
homeserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

traefik fixed hass

This commit is contained in:
Stefan Ostermann 2025-03-30 20:14:10 +00:00
parent c42118724a
commit 7b842f5523
4 changed files with 453 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
traefik/conf.d/rules.yml
View File

@ -19,13 +19,6 @@ http:
- X-authentik-meta-app
- X-authentik-meta-version
routers:
hass-router:
entryPoints:
- "hass"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
service: hass-service
tls:
certResolver: letsencrypt
paperless-router:
entryPoints:
- "websecure"
@ -43,17 +36,9 @@ http:
service: jellyfin-service
tls:
certResolver: letsencrypt
hass-router-auth:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
paperless-router-auth:
entryPoints:
- "websecure"
- "websecure"
rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
@ -64,7 +49,7 @@ http:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- middlewares-authentik
- middlewares-authentik
service: wikimd-service
tls:
certResolver: letsencrypt
@ -81,13 +66,13 @@ http:
- "websecure"
rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- middlewares-authentik
- middlewares-authentik
service: comfy-service
tls:
certResolver: letsencrypt
comfy-router-auth:
entryPoints:
- "websecure"
- "websecure"
rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
@ -107,15 +92,34 @@ http:
service: auth-service
tls:
certResolver: letsencrypt
hass2-router:
hass-router-secure:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/auth/`) && !PathPrefix(`/auth/token`) "
priority: 14
middlewares:
- middlewares-authentik
service: hass-service
tls:
certResolver: letsencrypt
hass-router:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- "middlewares-authentik"
priority: 10
# middlewares:
# - middlewares-authentik
service: hass-service
tls:
certResolver: letsencrypt
hass-router-auth:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
nas-router:
entryPoints:
- "websecure"

179
traefik/conf.d/rules.yml.backup4 Normal file
View File

@ -0,0 +1,179 @@
# dynamic configuration
http:
middlewares:
middlewares-authentik:
forwardAuth:
address: http://ubuntu:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
routers:
hass-router:
entryPoints:
- "hass"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
service: hass-service
tls:
certResolver: letsencrypt
paperless-router:
entryPoints:
- "websecure"
rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- "middlewares-authentik"
priority: 15
service: paperless-service
tls:
certResolver: letsencrypt
jellyfin-router:
entryPoints:
- "websecure"
rule: "Host(`media.home.thoster.net`) && PathPrefix(`/`)"
service: jellyfin-service
tls:
certResolver: letsencrypt
hass-router-auth:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
paperless-router-auth:
entryPoints:
- "websecure"
rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
default-router:
entryPoints:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- middlewares-authentik
service: wikimd-service
tls:
certResolver: letsencrypt
default-router-auth:
entryPoints:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
comfy-router:
entryPoints:
- "websecure"
rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- middlewares-authentik
service: comfy-service
tls:
certResolver: letsencrypt
comfy-router-auth:
entryPoints:
- "websecure"
rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
photos-router:
entryPoints:
- "websecure"
rule: "Host(`photo.home.thoster.net`) && PathPrefix(`/`)"
service: photos-service
tls:
certResolver: letsencrypt
auth-router:
entryPoints:
- "websecure"
rule: "Host(`auth.home.thoster.net`) && PathPrefix(`/`)"
service: auth-service
tls:
certResolver: letsencrypt
hass2-router:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- "middlewares-authentik"
service: hass-service
tls:
certResolver: letsencrypt
nas-router:
entryPoints:
- "websecure"
rule: "Host(`nas.home.thoster.net`) && PathPrefix(`/`)"
service: nas-service
tls:
certResolver: letsencrypt
ai-router:
entryPoints:
- "websecure"
rule: "Host(`ai.home.thoster.net`) && PathPrefix(`/`)"
service: ai-service
tls:
certResolver: letsencrypt
services:
hass-service:
loadBalancer:
servers:
- url: "http://192.168.178.114:8123"
photos-service:
loadBalancer:
servers:
- url: "http://ubuntu:2283"
nas-service:
loadBalancer:
servers:
- url: "http://nas"
ai-service:
loadBalancer:
servers:
- url: "http://ubuntu:8082"
wikimd-service:
loadBalancer:
servers:
- url: "http://ubuntu:5200"
comfy-service:
loadBalancer:
servers:
- url: "http://192.168.178.87:8188"
auth-service:
loadBalancer:
servers:
- url: "http://ubuntu:9000"
paperless-service:
loadBalancer:
servers:
- url: "http://ubuntu:8000"
jellyfin-service:
loadBalancer:
servers:
- url: "http://ubuntu:8096"
dummy-service:
loadBalancer:
servers:
- url: "http://whoami"
authentik:
loadBalancer:
servers:
- url: "http://ubuntu:9000/outpost.goauthentik.io"

183
traefik/conf.d/rules.yml.hmm Normal file
View File

@ -0,0 +1,183 @@
# dynamic configuration
http:
middlewares:
middlewares-authentik:
forwardAuth:
address: http://ubuntu:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
routers:
paperless-router:
entryPoints:
- "websecure"
rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- "middlewares-authentik"
priority: 15
service: paperless-service
tls:
certResolver: letsencrypt
jellyfin-router:
entryPoints:
- "websecure"
rule: "Host(`media.home.thoster.net`) && PathPrefix(`/`)"
service: jellyfin-service
tls:
certResolver: letsencrypt
paperless-router-auth:
entryPoints:
- "websecure"
rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
default-router:
entryPoints:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- middlewares-authentik
service: wikimd-service
tls:
certResolver: letsencrypt
default-router-auth:
entryPoints:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
comfy-router:
entryPoints:
- "websecure"
rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- middlewares-authentik
service: comfy-service
tls:
certResolver: letsencrypt
comfy-router-auth:
entryPoints:
- "websecure"
rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
photos-router:
entryPoints:
- "websecure"
rule: "Host(`photo.home.thoster.net`) && PathPrefix(`/`)"
service: photos-service
tls:
certResolver: letsencrypt
auth-router:
entryPoints:
- "websecure"
rule: "Host(`auth.home.thoster.net`) && PathPrefix(`/`)"
service: auth-service
tls:
certResolver: letsencrypt
hass-router-secure:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/auth/`)"
priority: 14
middlewares:
- middlewares-authentik
service: hass-service
tls:
certResolver: letsencrypt
hass-router:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)"
priority: 10
middlewares:
- middlewares-authentik
service: hass-service
tls:
certResolver: letsencrypt
hass-router-auth:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
nas-router:
entryPoints:
- "websecure"
rule: "Host(`nas.home.thoster.net`) && PathPrefix(`/`)"
service: nas-service
tls:
certResolver: letsencrypt
ai-router:
entryPoints:
- "websecure"
rule: "Host(`ai.home.thoster.net`) && PathPrefix(`/`)"
service: ai-service
tls:
certResolver: letsencrypt
services:
hass-service:
loadBalancer:
servers:
- url: "http://192.168.178.114:8123"
photos-service:
loadBalancer:
servers:
- url: "http://ubuntu:2283"
nas-service:
loadBalancer:
servers:
- url: "http://nas"
ai-service:
loadBalancer:
servers:
- url: "http://ubuntu:8082"
wikimd-service:
loadBalancer:
servers:
- url: "http://ubuntu:5200"
comfy-service:
loadBalancer:
servers:
- url: "http://192.168.178.87:8188"
auth-service:
loadBalancer:
servers:
- url: "http://ubuntu:9000"
paperless-service:
loadBalancer:
servers:
- url: "http://ubuntu:8000"
jellyfin-service:
loadBalancer:
servers:
- url: "http://ubuntu:8096"
dummy-service:
loadBalancer:
servers:
- url: "http://whoami"
authentik:
loadBalancer:
servers:
- url: "http://ubuntu:9000/outpost.goauthentik.io"

65
traefik/traefik.yaml.x Normal file
View File

@ -0,0 +1,65 @@
providers:
file:
directory: /etc/traefik/conf.d/
entryPoints:
web:
address: ':80'
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ':443'
http:
tls:
certResolver: letsencrypt
paperless:
address: ':5200'
traefik:
address: ':8080'
hass:
address: ':444'
http:
tls:
certResolver: letsencrypt
redirections:
entryPoint:
scheme: https
certificatesResolvers:
letsencrypt:
acme:
email: "stefan@ostermail.de"
storage: /etc/traefik/ssl/acme.json
tlsChallenge: {}
api:
dashboard: true
insecure: true
log:
filePath: /var/log/traefik/traefik.log
format: json
level: INFO
accessLog:
filePath: /var/log/traefik/traefik-access.log
format: json
filters:
statusCodes:
- "200"
- "400-599"
retryAttempts: true
minDuration: "10ms"
bufferingSize: 0
fields:
headers:
defaultMode: drop
names:
User-Agent: keep