141 lines
3.5 KiB
YAML
141 lines
3.5 KiB
YAML
http:
|
|
routers:
|
|
auth:
|
|
rule: Host(`auth.paccoco.com`)
|
|
entryPoints: [web]
|
|
service: authelia
|
|
middlewares:
|
|
- security-headers
|
|
|
|
gitea-authentik-outpost:
|
|
rule: Host(`gitea.paccoco.com`) && PathPrefix(`/outpost.goauthentik.io/`)
|
|
priority: 15
|
|
entryPoints: [web]
|
|
service: authentik-outpost
|
|
middlewares:
|
|
- security-headers
|
|
|
|
gitea:
|
|
rule: Host(`gitea.paccoco.com`)
|
|
entryPoints: [web]
|
|
service: gitea
|
|
middlewares:
|
|
- security-headers
|
|
|
|
grafana:
|
|
rule: Host(`grafana.paccoco.com`)
|
|
entryPoints: [web]
|
|
service: grafana
|
|
middlewares:
|
|
- security-headers
|
|
|
|
technitium:
|
|
rule: Host(`dns.paccoco.com`)
|
|
entryPoints: [web]
|
|
service: technitium
|
|
middlewares:
|
|
- security-headers
|
|
|
|
traefik-dashboard-authentik-outpost:
|
|
rule: Host(`traefik.paccoco.com`) && PathPrefix(`/outpost.goauthentik.io/`)
|
|
priority: 20
|
|
entryPoints: [web]
|
|
service: authentik-outpost
|
|
middlewares:
|
|
- security-headers
|
|
|
|
traefik-dashboard-root:
|
|
rule: Host(`traefik.paccoco.com`) && Path(`/`)
|
|
priority: 15
|
|
entryPoints: [web]
|
|
service: api@internal
|
|
middlewares:
|
|
- security-headers
|
|
- traefik-dashboard-root-redirect
|
|
|
|
traefik-dashboard:
|
|
rule: Host(`traefik.paccoco.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
|
|
priority: 10
|
|
entryPoints: [web]
|
|
service: api@internal
|
|
middlewares:
|
|
- security-headers
|
|
- authentik-forwardauth
|
|
|
|
services:
|
|
authelia:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://authelia:9091
|
|
|
|
authentik-outpost:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://authentik-server:9000
|
|
|
|
gitea:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://gitea:3000
|
|
|
|
grafana:
|
|
loadBalancer:
|
|
servers:
|
|
- url: http://grafana:3000
|
|
|
|
technitium:
|
|
loadBalancer:
|
|
passHostHeader: true
|
|
serversTransport: technitium-selfsigned
|
|
servers:
|
|
- url: https://technitium-dns-pilot:443
|
|
|
|
middlewares:
|
|
authelia-forwardauth:
|
|
forwardAuth:
|
|
address: http://authelia:9091/api/authz/forward-auth
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- Remote-User
|
|
- Remote-Groups
|
|
- Remote-Name
|
|
- Remote-Email
|
|
|
|
authentik-forwardauth:
|
|
forwardAuth:
|
|
address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik
|
|
trustForwardHeader: true
|
|
authResponseHeaders:
|
|
- X-authentik-username
|
|
- X-authentik-groups
|
|
- X-authentik-email
|
|
- X-authentik-name
|
|
- X-authentik-uid
|
|
- X-authentik-jwt
|
|
- X-authentik-meta-jwks
|
|
- X-authentik-meta-outpost
|
|
- X-authentik-meta-provider
|
|
- X-authentik-meta-app
|
|
- X-authentik-entitlements
|
|
|
|
traefik-dashboard-root-redirect:
|
|
redirectRegex:
|
|
regex: ^https?://([^/]+)/?$
|
|
replacement: https://${1}/dashboard/
|
|
permanent: false
|
|
|
|
security-headers:
|
|
headers:
|
|
frameDeny: true
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
referrerPolicy: same-origin
|
|
customRequestHeaders:
|
|
X-Forwarded-Proto: https
|
|
customResponseHeaders:
|
|
X-Robots-Tag: noindex, nofollow, noarchive, nosnippet
|
|
|
|
serversTransports:
|
|
technitium-selfsigned:
|
|
insecureSkipVerify: true
|