http: routers: auth: rule: Host(`auth.paccoco.com`) entryPoints: [web] service: authelia middlewares: - security-headers gitea: rule: Host(`gitea.paccoco.com`) entryPoints: [web] service: gitea middlewares: - security-headers - authelia-forwardauth grafana: rule: Host(`grafana.paccoco.com`) entryPoints: [web] service: grafana middlewares: - security-headers technitium: rule: Host(`dns.paccoco.com`) entryPoints: [web] service: technitium middlewares: - security-headers - authelia-forwardauth traefik-dashboard: rule: Host(`traefik.paccoco.com`) entryPoints: [web] service: api@internal middlewares: - security-headers - authelia-forwardauth services: authelia: loadBalancer: servers: - url: http://authelia:9091 gitea: loadBalancer: servers: - url: http://gitea:3000 grafana: loadBalancer: servers: - url: http://grafana:3000 technitium: loadBalancer: passHostHeader: true serversTransport: technitium-selfsigned servers: - url: https://technitium-dns-pilot:443 middlewares: authelia-forwardauth: forwardAuth: address: http://authelia:9091/api/authz/forward-auth trustForwardHeader: true authResponseHeaders: - Remote-User - Remote-Groups - Remote-Name - Remote-Email security-headers: headers: frameDeny: true browserXssFilter: true contentTypeNosniff: true referrerPolicy: same-origin customRequestHeaders: X-Forwarded-Proto: https customResponseHeaders: X-Robots-Tag: noindex, nofollow, noarchive, nosnippet serversTransports: technitium-selfsigned: insecureSkipVerify: true