oster
/
homeserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

traefik

This commit is contained in:
Stefan Ostermann 2025-02-02 21:16:30 +00:00
parent 402f5f7128
commit 9c51a6361a
5 changed files with 440 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
traefik/conf.d/rules.yml Normal file
View File

@ -0,0 +1,147 @@
# dynamic configuration
http:
middlewares:
middlewares-authentik:
forwardAuth:
address: http://ubuntu:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
routers:
hass-router:
entryPoints:
- "hass"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
service: hass-service
tls:
certResolver: letsencrypt
paperless-router:
entryPoints:
- "websecure"
rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- "middlewares-authentik"
priority: 15
service: paperless-service
tls:
certResolver: letsencrypt
hass-router-auth:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
paperless-router-auth:
entryPoints:
- "websecure"
rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
default-router:
entryPoints:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- middlewares-authentik
service: wikimd-service
tls:
certResolver: letsencrypt
default-router-auth:
entryPoints:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
photos-router:
entryPoints:
- "websecure"
rule: "Host(`photo.home.thoster.net`) && PathPrefix(`/`)"
service: photos-service
tls:
certResolver: letsencrypt
auth-router:
entryPoints:
- "websecure"
rule: "Host(`auth.home.thoster.net`) && PathPrefix(`/`)"
service: auth-service
tls:
certResolver: letsencrypt
hass2-router:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- "middlewares-authentik"
service: hass-service
tls:
certResolver: letsencrypt
nas-router:
entryPoints:
- "websecure"
rule: "Host(`nas.home.thoster.net`) && PathPrefix(`/`)"
service: nas-service
tls:
certResolver: letsencrypt
ai-router:
entryPoints:
- "websecure"
rule: "Host(`ai.home.thoster.net`) && PathPrefix(`/`)"
service: ai-service
tls:
certResolver: letsencrypt
services:
hass-service:
loadBalancer:
servers:
- url: "http://ubuntu:8123"
photos-service:
loadBalancer:
servers:
- url: "http://ubuntu:2283"
nas-service:
loadBalancer:
servers:
- url: "http://nas"
ai-service:
loadBalancer:
servers:
- url: "http://ubuntu:8082"
wikimd-service:
loadBalancer:
servers:
- url: "http://ubuntu:5200"
auth-service:
loadBalancer:
servers:
- url: "http://ubuntu:9000"
paperless-service:
loadBalancer:
servers:
- url: "http://ubuntu:8000"
dummy-service:
loadBalancer:
servers:
- url: "http://whoami"
authentik:
loadBalancer:
servers:
- url: "http://ubuntu:9000/outpost.goauthentik.io"

90
traefik/conf.d/rules.yml.backup Normal file
View File

@ -0,0 +1,90 @@
# dynamic configuration
http:
routers:
# Redirect all HTTP traffic to HTTPS
# http-redirect-router:
# entryPoints:
# - "web"
# rule: "HostAny() && PathPrefix('/')"
# middlewares:
# - "redirect_https"
# service: dummy-service
hass-router:
entryPoints:
- "hass"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
service: hass-service
tls:
certResolver: letsencrypt
default-router:
entryPoints:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
service: php-service
tls:
certResolver: letsencrypt
photos-router:
entryPoints:
- "websecure"
rule: "Host(`photo.home.thoster.net`) && PathPrefix(`/`)"
service: photos-service
tls:
certResolver: letsencrypt
auth-router:
entryPoints:
- "websecure"
rule: "Host(`auth.home.thoster.net`) && PathPrefix(`/`)"
service: auth-service
tls:
certResolver: letsencrypt
hass2-router:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)"
service: hass-service
tls:
certResolver: letsencrypt
nas-router:
entryPoints:
- "websecure"
rule: "Host(`nas.home.thoster.net`) && PathPrefix(`/`)"
service: nas-service
tls:
certResolver: letsencrypt
ai-router:
entryPoints:
- "websecure"
rule: "Host(`ai.home.thoster.net`) && PathPrefix(`/`)"
service: ai-service
tls:
certResolver: letsencrypt
services:
hass-service:
loadBalancer:
servers:
- url: "http://ubuntu:8123"
photos-service:
loadBalancer:
servers:
- url: "http://ubuntu:2283"
nas-service:
loadBalancer:
servers:
- url: "http://nas"
ai-service:
loadBalancer:
servers:
- url: "http://mini:8080"
php-service:
loadBalancer:
servers:
- url: "http://nginx-php-fastcgi"
auth-service:
loadBalancer:
servers:
- url: "http://ubuntu:9000"
dummy-service:
loadBalancer:
servers:
- url: "http://whoami"

137
traefik/conf.d/rules.yml.backup2 Normal file
View File

@ -0,0 +1,137 @@
# dynamic configuration
http:
middlewares:
middlewares-authentik:
forwardAuth:
address: http://ubuntu:9000/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
routers:
hass-router:
entryPoints:
- "hass"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
service: hass-service
tls:
certResolver: letsencrypt
paperless-router:
entryPoints:
- "websecure"
rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- "middlewares-authentik"
priority: 15
service: paperless-service
tls:
certResolver: letsencrypt
paperless-router-auth:
entryPoints:
- "websecure"
rule: "Host(`pl.home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
default-router:
entryPoints:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/`)"
middlewares:
- middlewares-authentik
service: wikimd-service
tls:
certResolver: letsencrypt
default-router-auth:
entryPoints:
- "websecure"
rule: "Host(`home.thoster.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
priority: 15
service: authentik
tls:
certResolver: letsencrypt
photos-router:
entryPoints:
- "websecure"
rule: "Host(`photo.home.thoster.net`) && PathPrefix(`/`)"
service: photos-service
tls:
certResolver: letsencrypt
auth-router:
entryPoints:
- "websecure"
rule: "Host(`auth.home.thoster.net`) && PathPrefix(`/`)"
service: auth-service
tls:
certResolver: letsencrypt
hass2-router:
entryPoints:
- "websecure"
rule: "Host(`hass.home.thoster.net`) && PathPrefix(`/`)"
service: hass-service
tls:
certResolver: letsencrypt
nas-router:
entryPoints:
- "websecure"
rule: "Host(`nas.home.thoster.net`) && PathPrefix(`/`)"
service: nas-service
tls:
certResolver: letsencrypt
ai-router:
entryPoints:
- "websecure"
rule: "Host(`ai.home.thoster.net`) && PathPrefix(`/`)"
service: ai-service
tls:
certResolver: letsencrypt
services:
hass-service:
loadBalancer:
servers:
- url: "http://ubuntu:8123"
photos-service:
loadBalancer:
servers:
- url: "http://ubuntu:2283"
nas-service:
loadBalancer:
servers:
- url: "http://nas"
ai-service:
loadBalancer:
servers:
- url: "http://mini:8080"
wikimd-service:
loadBalancer:
servers:
- url: "http://ubuntu:5200"
auth-service:
loadBalancer:
servers:
- url: "http://ubuntu:9000"
paperless-service:
loadBalancer:
servers:
- url: "http://ubuntu:8000"
dummy-service:
loadBalancer:
servers:
- url: "http://whoami"
authentik:
loadBalancer:
servers:
- url: "http://ubuntu:9000/outpost.goauthentik.io"

1
traefik/ssl/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
acme.json

65
traefik/traefik.yaml Normal file
View File

@ -0,0 +1,65 @@
providers:
file:
directory: /etc/traefik/conf.d/
entryPoints:
web:
address: ':80'
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ':443'
http:
tls:
certResolver: letsencrypt
paperless:
address: ':5200'
traefik:
address: ':8080'
hass:
address: ':444'
http:
tls:
certResolver: letsencrypt
redirections:
entryPoint:
scheme: https
certificatesResolvers:
letsencrypt:
acme:
email: "stefan@ostermail.de"
storage: /etc/traefik/ssl/acme.json
tlsChallenge: {}
api:
dashboard: true
insecure: true
log:
filePath: /var/log/traefik/traefik.log
format: json
level: INFO
accessLog:
filePath: /var/log/traefik/traefik-access.log
format: json
filters:
statusCodes:
- "200"
- "400-599"
retryAttempts: true
minDuration: "10ms"
bufferingSize: 0
fields:
headers:
defaultMode: drop
names:
User-Agent: keep