diff --git a/traefik/conf.d/rules.yml b/traefik/conf.d/rules.yml index 34f6dbf..4fa0c1e 100644 --- a/traefik/conf.d/rules.yml +++ b/traefik/conf.d/rules.yml @@ -19,13 +19,6 @@ http: - X-authentik-meta-app - X-authentik-meta-version routers: - hass-router: - entryPoints: - - "hass" - rule: "Host(`home.thoster.net`) && PathPrefix(`/`)" - service: hass-service - tls: - certResolver: letsencrypt paperless-router: entryPoints: - "websecure" @@ -43,17 +36,9 @@ http: service: jellyfin-service tls: certResolver: letsencrypt - hass-router-auth: - entryPoints: - - "websecure" - rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" - priority: 15 - service: authentik - tls: - certResolver: letsencrypt paperless-router-auth: entryPoints: - - "websecure" + - "websecure" rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" priority: 15 service: authentik @@ -64,7 +49,7 @@ http: - "websecure" rule: "Host(`home.thoster.net`) && PathPrefix(`/`)" middlewares: - - middlewares-authentik + - middlewares-authentik service: wikimd-service tls: certResolver: letsencrypt @@ -81,13 +66,13 @@ http: - "websecure" rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/`)" middlewares: - - middlewares-authentik + - middlewares-authentik service: comfy-service tls: certResolver: letsencrypt comfy-router-auth: entryPoints: - - "websecure" + - "websecure" rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" priority: 15 service: authentik @@ -107,15 +92,34 @@ http: service: auth-service tls: certResolver: letsencrypt - hass2-router: + hass-router-secure: + entryPoints: + - "websecure" + rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/auth/`) && !PathPrefix(`/auth/token`) " + priority: 14 + middlewares: + - middlewares-authentik + service: hass-service + tls: + certResolver: letsencrypt + hass-router: entryPoints: - "websecure" rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)" - middlewares: - - "middlewares-authentik" + priority: 10 +# middlewares: +# - middlewares-authentik service: hass-service tls: certResolver: letsencrypt + hass-router-auth: + entryPoints: + - "websecure" + rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt nas-router: entryPoints: - "websecure" diff --git a/traefik/conf.d/rules.yml.backup4 b/traefik/conf.d/rules.yml.backup4 new file mode 100644 index 0000000..34f6dbf --- /dev/null +++ b/traefik/conf.d/rules.yml.backup4 @@ -0,0 +1,179 @@ +# dynamic configuration +http: + middlewares: + middlewares-authentik: + forwardAuth: + address: http://ubuntu:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version + routers: + hass-router: + entryPoints: + - "hass" + rule: "Host(`home.thoster.net`) && PathPrefix(`/`)" + service: hass-service + tls: + certResolver: letsencrypt + paperless-router: + entryPoints: + - "websecure" + rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - "middlewares-authentik" + priority: 15 + service: paperless-service + tls: + certResolver: letsencrypt + jellyfin-router: + entryPoints: + - "websecure" + rule: "Host(`media.home.thoster.net`) && PathPrefix(`/`)" + service: jellyfin-service + tls: + certResolver: letsencrypt + hass-router-auth: + entryPoints: + - "websecure" + rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + paperless-router-auth: + entryPoints: + - "websecure" + rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + default-router: + entryPoints: + - "websecure" + rule: "Host(`home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - middlewares-authentik + service: wikimd-service + tls: + certResolver: letsencrypt + default-router-auth: + entryPoints: + - "websecure" + rule: "Host(`home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + comfy-router: + entryPoints: + - "websecure" + rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - middlewares-authentik + service: comfy-service + tls: + certResolver: letsencrypt + comfy-router-auth: + entryPoints: + - "websecure" + rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + photos-router: + entryPoints: + - "websecure" + rule: "Host(`photo.home.thoster.net`) && PathPrefix(`/`)" + service: photos-service + tls: + certResolver: letsencrypt + auth-router: + entryPoints: + - "websecure" + rule: "Host(`auth.home.thoster.net`) && PathPrefix(`/`)" + service: auth-service + tls: + certResolver: letsencrypt + hass2-router: + entryPoints: + - "websecure" + rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - "middlewares-authentik" + service: hass-service + tls: + certResolver: letsencrypt + nas-router: + entryPoints: + - "websecure" + rule: "Host(`nas.home.thoster.net`) && PathPrefix(`/`)" + service: nas-service + tls: + certResolver: letsencrypt + ai-router: + entryPoints: + - "websecure" + rule: "Host(`ai.home.thoster.net`) && PathPrefix(`/`)" + service: ai-service + tls: + certResolver: letsencrypt + + services: + hass-service: + loadBalancer: + servers: + - url: "http://192.168.178.114:8123" + photos-service: + loadBalancer: + servers: + - url: "http://ubuntu:2283" + nas-service: + loadBalancer: + servers: + - url: "http://nas" + ai-service: + loadBalancer: + servers: + - url: "http://ubuntu:8082" + wikimd-service: + loadBalancer: + servers: + - url: "http://ubuntu:5200" + comfy-service: + loadBalancer: + servers: + - url: "http://192.168.178.87:8188" + auth-service: + loadBalancer: + servers: + - url: "http://ubuntu:9000" + paperless-service: + loadBalancer: + servers: + - url: "http://ubuntu:8000" + jellyfin-service: + loadBalancer: + servers: + - url: "http://ubuntu:8096" + dummy-service: + loadBalancer: + servers: + - url: "http://whoami" + authentik: + loadBalancer: + servers: + - url: "http://ubuntu:9000/outpost.goauthentik.io" + diff --git a/traefik/conf.d/rules.yml.hmm b/traefik/conf.d/rules.yml.hmm new file mode 100644 index 0000000..3bb6f7d --- /dev/null +++ b/traefik/conf.d/rules.yml.hmm @@ -0,0 +1,183 @@ +# dynamic configuration +http: + middlewares: + middlewares-authentik: + forwardAuth: + address: http://ubuntu:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-entitlements + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version + routers: + paperless-router: + entryPoints: + - "websecure" + rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - "middlewares-authentik" + priority: 15 + service: paperless-service + tls: + certResolver: letsencrypt + jellyfin-router: + entryPoints: + - "websecure" + rule: "Host(`media.home.thoster.net`) && PathPrefix(`/`)" + service: jellyfin-service + tls: + certResolver: letsencrypt + paperless-router-auth: + entryPoints: + - "websecure" + rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + default-router: + entryPoints: + - "websecure" + rule: "Host(`home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - middlewares-authentik + service: wikimd-service + tls: + certResolver: letsencrypt + default-router-auth: + entryPoints: + - "websecure" + rule: "Host(`home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + comfy-router: + entryPoints: + - "websecure" + rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/`)" + middlewares: + - middlewares-authentik + service: comfy-service + tls: + certResolver: letsencrypt + comfy-router-auth: + entryPoints: + - "websecure" + rule: "Host(`comfy.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + photos-router: + entryPoints: + - "websecure" + rule: "Host(`photo.home.thoster.net`) && PathPrefix(`/`)" + service: photos-service + tls: + certResolver: letsencrypt + auth-router: + entryPoints: + - "websecure" + rule: "Host(`auth.home.thoster.net`) && PathPrefix(`/`)" + service: auth-service + tls: + certResolver: letsencrypt + hass-router-secure: + entryPoints: + - "websecure" + rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/auth/`)" + priority: 14 + middlewares: + - middlewares-authentik + service: hass-service + tls: + certResolver: letsencrypt + hass-router: + entryPoints: + - "websecure" + rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)" + priority: 10 + middlewares: + - middlewares-authentik + service: hass-service + tls: + certResolver: letsencrypt + hass-router-auth: + entryPoints: + - "websecure" + rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + service: authentik + tls: + certResolver: letsencrypt + nas-router: + entryPoints: + - "websecure" + rule: "Host(`nas.home.thoster.net`) && PathPrefix(`/`)" + service: nas-service + tls: + certResolver: letsencrypt + ai-router: + entryPoints: + - "websecure" + rule: "Host(`ai.home.thoster.net`) && PathPrefix(`/`)" + service: ai-service + tls: + certResolver: letsencrypt + + services: + hass-service: + loadBalancer: + servers: + - url: "http://192.168.178.114:8123" + photos-service: + loadBalancer: + servers: + - url: "http://ubuntu:2283" + nas-service: + loadBalancer: + servers: + - url: "http://nas" + ai-service: + loadBalancer: + servers: + - url: "http://ubuntu:8082" + wikimd-service: + loadBalancer: + servers: + - url: "http://ubuntu:5200" + comfy-service: + loadBalancer: + servers: + - url: "http://192.168.178.87:8188" + auth-service: + loadBalancer: + servers: + - url: "http://ubuntu:9000" + paperless-service: + loadBalancer: + servers: + - url: "http://ubuntu:8000" + jellyfin-service: + loadBalancer: + servers: + - url: "http://ubuntu:8096" + dummy-service: + loadBalancer: + servers: + - url: "http://whoami" + authentik: + loadBalancer: + servers: + - url: "http://ubuntu:9000/outpost.goauthentik.io" + diff --git a/traefik/traefik.yaml.x b/traefik/traefik.yaml.x new file mode 100644 index 0000000..e6b1949 --- /dev/null +++ b/traefik/traefik.yaml.x @@ -0,0 +1,65 @@ +providers: + file: + directory: /etc/traefik/conf.d/ + +entryPoints: + web: + address: ':80' + http: + redirections: + entryPoint: + to: websecure + scheme: https + + websecure: + address: ':443' + http: + tls: + certResolver: letsencrypt + + paperless: + address: ':5200' + + traefik: + address: ':8080' + + hass: + address: ':444' + http: + tls: + certResolver: letsencrypt + redirections: + entryPoint: + scheme: https + +certificatesResolvers: + letsencrypt: + acme: + email: "stefan@ostermail.de" + storage: /etc/traefik/ssl/acme.json + tlsChallenge: {} + +api: + dashboard: true + insecure: true + +log: + filePath: /var/log/traefik/traefik.log + format: json + level: INFO + +accessLog: + filePath: /var/log/traefik/traefik-access.log + format: json + filters: + statusCodes: + - "200" + - "400-599" + retryAttempts: true + minDuration: "10ms" + bufferingSize: 0 + fields: + headers: + defaultMode: drop + names: + User-Agent: keep