Fixes for Traefik
This commit is contained in:
@@ -1,6 +1,6 @@
|
|||||||
DOMAIN_NAME=
|
DOMAIN_NAME=
|
||||||
SUBDOMAIN=
|
SUBDOMAIN=
|
||||||
TRAEFIK_USER=
|
# TRAEFIK_USER=
|
||||||
SSL_EMAIL_FILE=/run/secrets/CF_API_EMAIL
|
SSL_EMAIL_FILE=/run/secrets/CF_API_EMAIL
|
||||||
CF_API_EMAIL_FILE=/run/secrets/CF_API_EMAIL
|
CF_API_EMAIL_FILE=/run/secrets/CF_API_EMAIL
|
||||||
CF_API_KEY_FILE=/run/secrets/CF_API_KEY
|
CF_API_KEY_FILE=/run/secrets/CF_API_KEY
|
||||||
|
|||||||
@@ -31,19 +31,24 @@ services:
|
|||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.traefik_dashboard.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
|
- traefik.http.routers.traefik_dashboard.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
|
||||||
# - traefik.http.routers.traefik_dashboard.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`) && PathPrefix(`/outpost.goauthentik.io/`)
|
|
||||||
- traefik.http.routers.traefik_dashboard.entrypoints=websecure
|
- traefik.http.routers.traefik_dashboard.entrypoints=websecure
|
||||||
- traefik.http.routers.traefik_dashboard.service=api@internal
|
- traefik.http.routers.traefik_dashboard.service=api@internal
|
||||||
- traefik.http.routers.traefik_dashboard.tls=true
|
- traefik.http.routers.traefik_dashboard.tls=true
|
||||||
- traefik.http.middlewares.myauth.basicauth.users=${TRAEFIK_USER}
|
# - traefik.http.middlewares.myauth.basicauth.users=${TRAEFIK_USER}
|
||||||
- traefik.http.routers.traefik_dashboard.middlewares=myauth@docker
|
# - traefik.http.routers.traefik_dashboard.middlewares=myauth@docker
|
||||||
# - traefik.http.routers.traefik_dashboard.middlewares=authentik-forwardauth@docker
|
- traefik.http.routers.traefik_dashboard.middlewares=authentik-forwardauth@docker
|
||||||
- traefik.http.routers.traefik_dashboard.tls.certresolver=cloudflare
|
- traefik.http.routers.traefik_dashboard.tls.certresolver=cloudflare
|
||||||
# - traefik.http.routers.traefik-secure.tls.domains[0].main=${DOMAIN_NAME}
|
|
||||||
# - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${DOMAIN_NAME}
|
|
||||||
# - traefik.http.middlewares.myauth.redirectscheme.scheme=https
|
|
||||||
- traefik.http.services.traefik_dashboard.loadbalancer.server.port=80
|
- traefik.http.services.traefik_dashboard.loadbalancer.server.port=80
|
||||||
# - "traefik.http.middlewares.cloudflare-ips.ipallowlist.sourcerange=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
|
# - "traefik.http.middlewares.cloudflare-ips.ipallowlist.sourcerange=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32"
|
||||||
|
- traefik.http.middlewares.traefik_dashboard.headers.SSLRedirect=true
|
||||||
|
- traefik.http.middlewares.traefik_dashboard.headers.STSSeconds=315360000
|
||||||
|
- traefik.http.middlewares.traefik_dashboard.headers.browserXSSFilter=true
|
||||||
|
- traefik.http.middlewares.traefik_dashboard.headers.contentTypeNosniff=true
|
||||||
|
- traefik.http.middlewares.traefik_dashboard.headers.forceSTSHeader=true
|
||||||
|
- traefik.http.middlewares.traefik_dashboard.headers.SSLHost=${DOMAIN_NAME}
|
||||||
|
- traefik.http.middlewares.traefik_dashboard.headers.STSIncludeSubdomains=true
|
||||||
|
- traefik.http.middlewares.traefik_dashboard.headers.STSPreload=true
|
||||||
|
- traefik.http.middlewares.traefik_dashboard.headers.frameDeny=true
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
secrets:
|
secrets:
|
||||||
|
|||||||
Reference in New Issue
Block a user