refactor traefik configuration: clean up comments and adjust header trust settings
This commit is contained in:
parent
26fbca67ab
commit
4d07c78971
1 changed files with 36 additions and 29 deletions
|
|
@ -1,43 +1,50 @@
|
||||||
api:
|
api:
|
||||||
dashboard: true
|
dashboard: true
|
||||||
insecure: true # Zetten we UIT zodra je via https://traefik.stackbabber.nl kan
|
insecure: true # Blijft nog even aan voor testen
|
||||||
|
|
||||||
entryPoints:
|
entryPoints:
|
||||||
web:
|
web:
|
||||||
address: ":80"
|
address: ":80"
|
||||||
# Dwing iedereen automatisch naar HTTPS
|
# BELANGRIJK: Omdat NPM de SSL doet, zetten we de automatische redirect hier UIT.
|
||||||
http:
|
# Anders krijg je een "Too many redirects" loop.
|
||||||
redirections:
|
# http:
|
||||||
entryPoint:
|
# redirections:
|
||||||
to: websecure
|
# entryPoint:
|
||||||
scheme: https
|
# to: websecure
|
||||||
|
# scheme: https
|
||||||
|
|
||||||
|
# Hier vertellen we Traefik: "Vertrouw headers van de NAS"
|
||||||
|
forwardedHeaders:
|
||||||
|
trustedIPs:
|
||||||
|
- "127.0.0.1/32" # Localhost
|
||||||
|
- "10.0.0.0/8" # Intern netwerk (ruim)
|
||||||
|
- "192.168.0.0/16" # Intern netwerk (ruim)
|
||||||
|
- "172.16.0.0/12" # Docker intern
|
||||||
|
- "10.52.150.20/32" # <--- JOUW NAS IP (Cruciaal!)
|
||||||
|
|
||||||
websecure:
|
websecure:
|
||||||
address: ":443"
|
address: ":443"
|
||||||
# Gebruik standaard de Let's Encrypt resolver voor HTTPS
|
# Ook voor HTTPS poort (voor het geval NPM via 443 doorstuurt)
|
||||||
http:
|
forwardedHeaders:
|
||||||
tls:
|
trustedIPs:
|
||||||
certResolver: letsencrypt
|
- "127.0.0.1/32"
|
||||||
domains:
|
- "10.52.150.20/32" # <--- JOUW NAS IP
|
||||||
- main: "stackbabber.nl"
|
|
||||||
sans:
|
|
||||||
- "*.stackbabber.nl"
|
|
||||||
|
|
||||||
# Hier regelen we het certificaat
|
|
||||||
certificatesResolvers:
|
|
||||||
letsencrypt:
|
|
||||||
acme:
|
|
||||||
email: csteenbergen@stackbabber.nl # <--- PAS DIT AAN!
|
|
||||||
storage: acme.json
|
|
||||||
# We gebruiken DNS challenge (beste methode)
|
|
||||||
dnsChallenge:
|
|
||||||
provider: cloudflare
|
|
||||||
resolvers:
|
|
||||||
- "1.1.1.1:53"
|
|
||||||
- "8.8.8.8:53"
|
|
||||||
|
|
||||||
providers:
|
providers:
|
||||||
docker:
|
docker:
|
||||||
endpoint: "unix:///var/run/docker.sock"
|
endpoint: "unix:///var/run/docker.sock"
|
||||||
exposedByDefault: false
|
exposedByDefault: false
|
||||||
network: proxy
|
network: proxy
|
||||||
|
|
||||||
|
# We laten de certificaat-resolvers wel in de config staan voor de toekomst,
|
||||||
|
# maar Traefik gebruikt ze nu nog niet omdat NPM de certificaten regelt.
|
||||||
|
certificatesResolvers:
|
||||||
|
letsencrypt:
|
||||||
|
acme:
|
||||||
|
email: csteenbergen@stackbabber.nl
|
||||||
|
storage: acme.json
|
||||||
|
dnsChallenge:
|
||||||
|
provider: cloudflare
|
||||||
|
resolvers:
|
||||||
|
- "1.1.1.1:53"
|
||||||
|
- "8.8.8.8:53"
|
||||||
Loading…
Reference in a new issue