From 2dc3fa2af1b382daea66fd768c1b61b65af92bf0 Mon Sep 17 00:00:00 2001 From: Joey Hafner Date: Wed, 6 Jul 2022 17:34:52 -0700 Subject: [PATCH] Switch Traefik dynamic config files from toml to yaml --- .../config/traefik/config/authentik.yaml | 18 -------- .../config/traefik/config/middlewares.yaml | 43 +++++++++++++++++++ homelab/server/config/traefik/config/nas.yaml | 16 +++++++ .../config/traefik/config/traefik_api.yaml | 8 ++++ .../traefik/config/traefik_config_dev.toml | 12 ------ .../config/traefik_config_dynamic.toml | 19 -------- .../traefik/config/traefik_config_nas.toml | 16 ------- 7 files changed, 67 insertions(+), 65 deletions(-) delete mode 100644 homelab/server/config/traefik/config/authentik.yaml create mode 100644 homelab/server/config/traefik/config/middlewares.yaml create mode 100644 homelab/server/config/traefik/config/nas.yaml create mode 100644 homelab/server/config/traefik/config/traefik_api.yaml delete mode 100644 homelab/server/config/traefik/config/traefik_config_dev.toml delete mode 100644 homelab/server/config/traefik/config/traefik_config_dynamic.toml delete mode 100644 homelab/server/config/traefik/config/traefik_config_nas.toml diff --git a/homelab/server/config/traefik/config/authentik.yaml b/homelab/server/config/traefik/config/authentik.yaml deleted file mode 100644 index f8a81c0b..00000000 --- a/homelab/server/config/traefik/config/authentik.yaml +++ /dev/null @@ -1,18 +0,0 @@ -http: - middlewares: - authentik: - forwardauth: - address: http://authentik:9000/outpost.goauthentik.io/auth/traefik - trustForwardHeader: true - authResponseHeaders: - - X-authentik-username - - X-authentik-groups - - X-authentik-email - - X-authentik-name - - X-authentik-uid - - X-authentik-jwt - - X-authentik-meta-jwks - - X-authentik-meta-outpost - - X-authentik-meta-provider - - X-authentik-meta-app - - X-authentik-meta-version \ No newline at end of file diff --git a/homelab/server/config/traefik/config/middlewares.yaml b/homelab/server/config/traefik/config/middlewares.yaml new file mode 100644 index 00000000..3b847edb --- /dev/null +++ b/homelab/server/config/traefik/config/middlewares.yaml @@ -0,0 +1,43 @@ +http: + middlewares: + lan-only: + ipWhiteList: + - "127.0.0.1/32" + - "192.168.1.1/24" + simple-auth: + basicAuth: + usersFile: "/.htpasswd" + authentik: + forwardauth: + address: http://authentik:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid + - X-authentik-jwt + - X-authentik-meta-jwks + - X-authentik-meta-outpost + - X-authentik-meta-provider + - X-authentik-meta-app + - X-authentik-meta-version + security-headers: + headers: + customResponseHeaders: + X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" + server: "" + sslProxyHeaders: + X-Forwarded-Proto: https + referrerPolicy: "same-origin" + hostsProxyHeaders: + - "X-Forwarded-Host" + customRequestHeaders: + X-Forwarded-Proto: "https" + contentTypeNosniff: true + browserXssFilter: true + forceSTSHeader: true + stsIncludeSubdomains: true + stsSeconds: 63072000 + stsPreload: true diff --git a/homelab/server/config/traefik/config/nas.yaml b/homelab/server/config/traefik/config/nas.yaml new file mode 100644 index 00000000..94c13d15 --- /dev/null +++ b/homelab/server/config/traefik/config/nas.yaml @@ -0,0 +1,16 @@ +http: + routers: + nas: + rule: "Host(`nas.jafner.net`)" + entryPoints: "websecure" + middlewares: "lan-only@file" + service: "nas@file" + tls: + certResolver: "lets-encrypt" + + services: + nas: + loadBalancer: + servers: + - url: "http://192.168.1.10/" + \ No newline at end of file diff --git a/homelab/server/config/traefik/config/traefik_api.yaml b/homelab/server/config/traefik/config/traefik_api.yaml new file mode 100644 index 00000000..dfaf88c1 --- /dev/null +++ b/homelab/server/config/traefik/config/traefik_api.yaml @@ -0,0 +1,8 @@ +http: + routers: + api: + rule: "Host(`traefik.jafner.net`)" + entryPoints: "websecure" + service: "api@internal" + tls: + certResolver: "lets-encrypt" \ No newline at end of file diff --git a/homelab/server/config/traefik/config/traefik_config_dev.toml b/homelab/server/config/traefik/config/traefik_config_dev.toml deleted file mode 100644 index d020bfd6..00000000 --- a/homelab/server/config/traefik/config/traefik_config_dev.toml +++ /dev/null @@ -1,12 +0,0 @@ -[http.routers] - [http.routers.dev] - rule = "Host(`*.jafner.dev`)" - entrypoints = ["websecure"] - middlewares = "lan-only@file" - service = "dev@file" - - -[http.services] - [http.services.dev.loadBalancer] - [[http.services.dev.loadBalancer.servers]] - url = "http://192.168.1.21/" \ No newline at end of file diff --git a/homelab/server/config/traefik/config/traefik_config_dynamic.toml b/homelab/server/config/traefik/config/traefik_config_dynamic.toml deleted file mode 100644 index 3cd221fe..00000000 --- a/homelab/server/config/traefik/config/traefik_config_dynamic.toml +++ /dev/null @@ -1,19 +0,0 @@ -[http] - [http.routers] - [http.routers.api] - rule = "Host(`traefik.jafner.net`)" - entryPoints = ["websecure"] - service = "api@internal" - [http.routers.api.tls] - certResolver = "lets-encrypt" - - [http.middlewares] - [http.middlewares.lan-only] - [http.middlewares.lan-only.ipWhiteList] - sourceRange = ["127.0.0.1/32", "192.168.1.1/24"] - [http.middlewares.simpleauth] - [http.middlewares.simpleauth.basicAuth] - usersFile = "/.htpasswd" - - - diff --git a/homelab/server/config/traefik/config/traefik_config_nas.toml b/homelab/server/config/traefik/config/traefik_config_nas.toml deleted file mode 100644 index 2a1ddf24..00000000 --- a/homelab/server/config/traefik/config/traefik_config_nas.toml +++ /dev/null @@ -1,16 +0,0 @@ -[http.routers] - [http.routers.nas] - rule = "Host(`nas.jafner.net`)" - entrypoints = ["websecure"] - middlewares = "lan-only@file" - service = "nas@file" - [http.routers.nas.tls] - certResolver = "lets-encrypt" - - -[http.services] - [http.services.nas.loadBalancer] - [[http.services.nas.loadBalancer.servers]] - url = "http://192.168.1.10/" - - \ No newline at end of file