72 lines
1.8 KiB
YAML
72 lines
1.8 KiB
YAML
global:
|
|
checkNewVersion: true
|
|
sendAnonymousUsage: false
|
|
|
|
# 1. EntryPoints Definition
|
|
# We define the ports Traefik listens on.
|
|
# HTTP (80) automatically redirects to HTTPS (443).
|
|
# SMTP (25) is passthrough for Mailman.
|
|
entryPoints:
|
|
web:
|
|
address: ":80"
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: websecure
|
|
scheme: https
|
|
permanent: true
|
|
|
|
websecure:
|
|
address: ":443"
|
|
http:
|
|
tls:
|
|
certResolver: letsencrypt
|
|
|
|
# 2. Providers
|
|
# Traefik watches the Docker socket to discover services.
|
|
providers:
|
|
docker:
|
|
endpoint: "unix:///var/run/docker.sock"
|
|
exposedByDefault: false # Containers are ignored unless they have "traefik.enable=true"
|
|
network: proxy_net # Must match the network name in docker-compose.yml
|
|
|
|
# # Optional: Watch a directory for dynamic config files (good for custom TLS certs or middlewares)
|
|
# file:
|
|
# directory: /etc/traefik/dynamic
|
|
# watch: true
|
|
|
|
# 3. API & Dashboard
|
|
# The dashboard is enabled but "insecure" mode is OFF.
|
|
# Access is protected by the Basic Auth middleware defined in docker-compose.yml.
|
|
api:
|
|
dashboard: true
|
|
insecure: false
|
|
debug: false
|
|
|
|
# Health check ping endpoint
|
|
ping:
|
|
entryPoint: web
|
|
|
|
# 4. Certificate Resolver (Let's Encrypt)
|
|
# Uses the HTTP Challenge, which requires Port 80 to be open.
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
acme:
|
|
email: info@jmpgames.it
|
|
storage: /acme.json # This file is persisted via Docker volume
|
|
httpChallenge:
|
|
entryPoint: web
|
|
|
|
# 5. Logging
|
|
# Access logs are written to a file that Fail2Ban on the host will monitor.
|
|
accessLog:
|
|
filePath: "/var/log/traefik/access.log"
|
|
bufferingSize: 100 # Buffer lines slightly to reduce I/O, but keep low for Fail2Ban responsiveness
|
|
filters:
|
|
statusCodes:
|
|
- "400-499"
|
|
- "500-599"
|
|
|
|
log:
|
|
level: INFO
|