updated traefik config

2025-11-06 20:24:42 +00:00
parent c87db2c40b
commit fcf5751b70
2 changed files with 75 additions and 0 deletions
--- a/conf/traefik-conf/.nfs002e00000006163d00000001
+++ b/conf/traefik-conf/.nfs002e00000006163d00000001
@@ -0,0 +1,74 @@
+# Traefik Dynamic Configuration for External Services
+# This file handles routing to services NOT managed by Docker Swarm
+
+tls:
+  certificates:
+    - certFile: /certificates/local/cert.pem
+      keyFile: /certificates/local/key.pem
+
+http:
+  #-----------------------------------------------------------------------------------    
+  #                          EXTERNAL SERVICES SECTION
+  #-----------------------------------------------------------------------------------     
+  services:
+    # Vaultwarden (running on external server 10.0.4.10)
+    vaultwarden:
+      loadBalancer:
+        servers:
+        - url: "http://10.0.4.10:4743"
+    unraid:
+      loadBalancer:
+        servers:
+        - url: "http://10.0.4.10:80"
+    emby:
+      loadBalancer:
+        servers:
+        - url: "http://10.0.4.10:8096"
+  
+  #-----------------------------------------------------------------------------------    
+  #                          ROUTERS SECTION
+  #-----------------------------------------------------------------------------------   
+  routers:
+    vaultwarden:
+      rule: "Host(`vault.frostlabs.me`)"
+      entryPoints:
+      - websecure
+      service: vaultwarden
+      tls:
+        certResolver: cloudflare
+    unraid:
+      rule: "Host(`frostlabs.me`)"
+      entryPoints:
+      - websecure
+      service: unraid
+      middlewares:
+        - authentik@file
+      tls:
+        certResolver: cloudflare
+    emby:
+      rule: "Host(`movies.frostlabs.me`)"
+      entryPoints:
+      - websecure
+      service: emby
+      tls:
+        certResolver: cloudflare
+  
+  #-----------------------------------------------------------------------------------    
+  #                          MIDDLEWARES SECTION
+  #-----------------------------------------------------------------------------------   
+  middlewares:
+    https-redirect:
+      redirectScheme:
+        scheme: https
+        permanent: true
+    
+    authentik:
+      forwardAuth:
+        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-authentik-username
+          - X-authentik-groups
+          - X-authentik-email
+          - X-authentik-name
+          - X-authentik-uid
--- a/stacks/apps/adminer/stack.yml
+++ b/stacks/apps/adminer/stack.yml
@@ -25,6 +25,7 @@ services:
      - traefik.http.routers.adminer.rule=Host(`miner.frostlabs.me`)
      - traefik.http.routers.adminer.entrypoints=websecure
      - traefik.http.routers.adminer.tls.certresolver=cloudflare
+      - traefik.http.routers.adminer.middlewares=tailscale-whitelist@file
      - traefik.http.services.adminer.loadbalancer.server.port=8080
      - traefik.swarm.network=homelab
 networks: