Last active
April 11, 2022 17:32
-
-
Save cristianpb/1d77f178884569da6a3b904ef867a30a to your computer and use it in GitHub Desktop.
traefik static file config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http: | |
services: | |
snapcast: | |
loadBalancer: | |
servers: | |
- url: "http://192.168.12.142:1780/" | |
mopidy: | |
loadBalancer: | |
servers: | |
- url: "http://192.168.12.142:6680/" | |
raspicam: | |
loadBalancer: | |
servers: | |
- url: "http://192.168.12.94:80/" | |
routers: | |
snapcast: | |
rule: "Path(`/jsonrpc`)" | |
service: "snapcast" | |
entryPoints: ["websocket-snapcast"] | |
mopidy: | |
rule: "Host(`jetson.local`) || Host(`192.168.43.54`) || Host(`192.168.12.1`)" | |
service: "mopidy" | |
entryPoints: ["web", "websocket-mopidy"] | |
mopidy-secure: | |
rule: "Host(`jetson.local`) || Host(`192.168.43.54`) || Host(`192.168.12.1`)" | |
service: "mopidy" | |
#"traefik.http.routers.app-secure.tls.options=foo" | |
tls: | |
options: "foo" | |
#"traefik.http.routers.app-secure.entryPoints=web-secure" | |
#entryPoints: "web-secure" | |
raspicam: | |
rule: "(Host(`jetson.local`) || Host(`192.168.43.54`) || Host(`192.168.12.1`)) && PathPrefix(`/raspicam`)" | |
#rule: "PathPrefix(`/raspicam`)" | |
#rule: "Host(`cam.jetson.local`)" | |
service: "raspicam" | |
middlewares: | |
- "raspicam-replace" | |
middlewares: | |
raspicam-replace: | |
replacePathRegex: | |
regex: "^/(.*)" | |
replacement: "/raspicam/$1" | |
#tls: | |
# certificates: | |
# - certFile: /home/nano/traefik/jetson.cert | |
# keyFile: /home/nano/traefik/jetson.key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=traefik proxy | |
After=network-online.target | |
Wants=network-online.target systemd-networkd-wait-online.service | |
[Service] | |
Restart=on-abnormal | |
; User and group the process will run as. | |
User=traefik | |
Group=traefik | |
; Always set "-root" to something safe in case it gets forgotten in the traefikfile. | |
ExecStart=/usr/local/bin/traefik --configfile=/etc/traefik/traefik.yml | |
; Limit the number of file descriptors; see `man systemd.exec` for more limit settings. | |
LimitNOFILE=1048576 | |
; Use private /tmp and /var/tmp, which are discarded after traefik stops. | |
PrivateTmp=true | |
; Use a minimal /dev (May bring additional security if switched to 'true', but it may not work on Raspberry Pi's or other devices, so it has been disabled in this dist.) | |
PrivateDevices=false | |
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys. | |
ProtectHome=true | |
; Make /usr, /boot, /etc and possibly some more folders read-only. | |
ProtectSystem=full | |
; … except /etc/ssl/traefik, because we want Letsencrypt-certificates there. | |
; This merely retains r/w access rights, it does not add any new. Must still be writable on the host! | |
ReadWriteDirectories=/etc/traefik/acme | |
; The following additional security directives only work with systemd v229 or later. | |
; They further restrict privileges that can be gained by traefik. Uncomment if you like. | |
; Note that you may have to add capabilities required by any plugins in use. | |
CapabilityBoundingSet=CAP_NET_BIND_SERVICE | |
AmbientCapabilities=CAP_NET_BIND_SERVICE | |
NoNewPrivileges=true | |
[Install] | |
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Don't send external data | |
global: | |
checkNewVersion: false | |
sendAnonymousUsage: false | |
# Enable Traefik API at entrypoint 8080 | |
api: | |
insecure: true | |
dashboard: true | |
# Debug api for profilng | |
debug: true | |
# Log level, debug to have explicit logs | |
log: | |
level: debug | |
# File to get acces log | |
accessLog: | |
filePath: /var/log/traefik/access.log | |
# Tell Traefik where to find services | |
providers: | |
file: | |
watch: false | |
filename: /etc/traefik/provider.yml | |
# Define which ports Traefik should be listening to | |
entryPoints: | |
web: | |
address: ":80" | |
web-secure: | |
address: ":443" | |
websocket-mopidy: | |
address: ":6680" | |
proxyProtocol: | |
insecure: true | |
websocket-snapcast: | |
address: ":1780" | |
proxyProtocol: | |
insecure: true | |
# Encryption method | |
tls: | |
options: | |
foo: | |
minVersion: VersionTLS12 | |
cipherSuites: | |
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | |
- TLS_RSA_WITH_AES_256_GCM_SHA384 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment