jpallison0625/swarm-production
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-11-16. You can view files and clone it, but cannot push or open issues or pull requests.
Files
3871e30abdfc9cc007f2e52bdf29a66a219c953b
swarm-production/conf/traefik-conf/dynamic.yml
John 3871e30abd Configure Traefik for public-facing access with frostlabs.me domains 
- Fixed certificatesResolvers configuration in static.yml (moved out of tls section)
- Added DNS resolvers to Cloudflare ACME challenge configuration
- Added persistent volume mount for Let's Encrypt certificates
- Updated Outline service labels to use flow.frostlabs.me with proper cert resolver
- Updated Authentik service labels to use auth.frostlabs.me with proper cert resolver
- Added security headers and rate limiting middlewares to dynamic.yml
- Added example templates for public-facing service configuration

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-10 11:27:47 +00:00

84 lines
2.5 KiB
YAML
Raw Blame History

# Traefik Dynamic Configuration for External Services
# This file handles routing to services NOT managed by Docker Swarm
http:
#-----------------------------------------------------------------------------------
# EXTERNAL SERVICES SECTION
#-----------------------------------------------------------------------------------
services:
unraid:
loadBalancer:
servers:
- url: "http://10.0.4.10:80"
# emby:
# loadBalancer:
# servers:
# - url: "http://10.0.4.10:8096"
#-----------------------------------------------------------------------------------
# ROUTERS SECTION
#-----------------------------------------------------------------------------------
routers:
# Local VPN-only services (*.swarm.home)
unraid-local:
rule: "Host(`unraid.swarm.home`)"
entryPoints:
- web
- websecure
service: unraid
tls: {}
# Public-facing services (*.frostlabs.me)
# Example: To add a public service, uncomment and customize:
# my-public-service:
# rule: "Host(`myapp.frostlabs.me`)"
# entryPoints:
# - websecure
# service: my-service-name
# tls:
# certResolver: cloudflare
# middlewares:
# - authentik # Optional: Add authentication
# emby:
# rule: "Host(`movies.swarm.home`)"
# entryPoints:
# - web
# - websecure
# service: emby
# tls: {}
#-----------------------------------------------------------------------------------
# MIDDLEWARES SECTION
#-----------------------------------------------------------------------------------
middlewares:
# Authentik forward auth for protecting services
authentik:
forwardAuth:
address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-email
- X-authentik-name
- X-authentik-uid
# Security headers for public-facing services
security-headers:
headers:
frameDeny: true
browserXssFilter: true
contentTypeNosniff: true
sslRedirect: true
forceSTSHeader: true
stsSeconds: 31536000
stsIncludeSubdomains: true
stsPreload: true
# Rate limiting for public services
rate-limit:
rateLimit:
average: 100
period: 1s
burst: 50
Reference in New Issue View Git Blame Copy Permalink