Initial: Traefik + cloudflared + Gitea auf dama.casa

2026-03-19 14:24:12 +00:00
commit b201d3a13e
12 changed files with 311 additions and 0 deletions
--- a/services/traefik/config/dynamic/middlewares.yaml
+++ b/services/traefik/config/dynamic/middlewares.yaml
@@ -0,0 +1,20 @@
+http:
+  middlewares:
+    # Basic Auth für Traefik Dashboard
+    # Generieren: echo $(htpasswd -nb user password) | sed -e 's/\$/\$\$/g'
+    traefik-auth:
+      basicAuth:
+        usersFile: /auth/traefik-users
+
+    # Sicherheits-Header für alle Services
+    secure-headers:
+      headers:
+        sslRedirect: true
+        forceSTSHeader: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+        contentTypeNosniff: true
+        browserXssFilter: true
+        referrerPolicy: "strict-origin-when-cross-origin"
+        customFrameOptionsValue: "SAMEORIGIN"
--- a/services/traefik/config/traefik.yaml.template
+++ b/services/traefik/config/traefik.yaml.template
@@ -0,0 +1,43 @@
+api:
+  dashboard: true
+
+entryPoints:
+  web:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+  websecure:
+    address: ":443"
+    http:
+      tls:
+        certResolver: cloudflare
+        domains:
+          - main: "${DOMAIN}"
+            sans:
+              - "*.${DOMAIN}"
+
+certificatesResolvers:
+  cloudflare:
+    acme:
+      email: "mail@dnlm.de"
+      storage: /acme.json
+      dnsChallenge:
+        provider: cloudflare
+        resolvers:
+          - "1.1.1.1:53"
+          - "1.0.0.1:53"
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    network: proxy
+  file:
+    directory: /dynamic
+    watch: true
+
+log:
+  level: INFO