swarm-production/conf/traefik-conf/.nfs002e00000006163d00000001

# Traefik Dynamic Configuration for External Services
# This file handles routing to services NOT managed by Docker Swarm

tls:
  certificates:
    - certFile: /certificates/local/cert.pem
      keyFile: /certificates/local/key.pem

http:
  #-----------------------------------------------------------------------------------    
  #                          EXTERNAL SERVICES SECTION
  #-----------------------------------------------------------------------------------     
  services:
    # Vaultwarden (running on external server 10.0.4.10)
    vaultwarden:
      loadBalancer:
        servers:
        - url: "http://10.0.4.10:4743"
    unraid:
      loadBalancer:
        servers:
        - url: "http://10.0.4.10:80"
    emby:
      loadBalancer:
        servers:
        - url: "http://10.0.4.10:8096"
  
  #-----------------------------------------------------------------------------------    
  #                          ROUTERS SECTION
  #-----------------------------------------------------------------------------------   
  routers:
    vaultwarden:
      rule: "Host(`vault.frostlabs.me`)"
      entryPoints:
      - websecure
      service: vaultwarden
      tls:
        certResolver: cloudflare
    unraid:
      rule: "Host(`frostlabs.me`)"
      entryPoints:
      - websecure
      service: unraid
      middlewares:
        - authentik@file
      tls:
        certResolver: cloudflare
    emby:
      rule: "Host(`movies.frostlabs.me`)"
      entryPoints:
      - websecure
      service: emby
      tls:
        certResolver: cloudflare
  
  #-----------------------------------------------------------------------------------    
  #                          MIDDLEWARES SECTION
  #-----------------------------------------------------------------------------------   
  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
        permanent: true
    
    authentik:
      forwardAuth:
        address: "http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
        trustForwardHeader: true
        authResponseHeaders:
          - X-authentik-username
          - X-authentik-groups
          - X-authentik-email
          - X-authentik-name
          - X-authentik-uid