# Traefik Dynamic Configuration for External Services # This file handles routing to services NOT managed by Docker Swarm tls: certificates: - certFile: /certificates/local/cert.pem keyFile: /certificates/local/key.pem http: #----------------------------------------------------------------------------------- # EXTERNAL SERVICES SECTION #----------------------------------------------------------------------------------- services: # Vaultwarden (running on external server 10.0.4.10) vaultwarden: loadBalancer: servers: - url: "http://10.0.4.10:4743" unraid: loadBalancer: servers: - url: "http://10.0.4.10:80" emby: loadBalancer: servers: - url: "http://10.0.4.10:8096" #----------------------------------------------------------------------------------- # ROUTERS SECTION #----------------------------------------------------------------------------------- routers: vaultwarden: rule: "Host(`vault.frostlabs.me`)" entryPoints: - websecure service: vaultwarden tls: certResolver: cloudflare unraid: rule: "Host(`frostlabs.me`)" entryPoints: - websecure service: unraid middlewares: - authentik@file tls: certResolver: cloudflare emby: rule: "Host(`movies.frostlabs.me`)" entryPoints: - websecure service: emby tls: certResolver: cloudflare #----------------------------------------------------------------------------------- # MIDDLEWARES SECTION #----------------------------------------------------------------------------------- middlewares: https-redirect: redirectScheme: scheme: https permanent: true authentik: forwardAuth: address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik" trustForwardHeader: true authResponseHeaders: - X-authentik-username - X-authentik-groups - X-authentik-email - X-authentik-name - X-authentik-uid