traefik/.env.sample

TYPE=traefik
#TIMEOUT=300
ENABLE_AUTO_UPDATE=true
ENABLE_BACKUPS=true

DOMAIN=traefik.example.com
LETS_ENCRYPT_ENV=production

LETS_ENCRYPT_EMAIL=certs@example.com
# DASHBOARD_ENABLED=true
# WARN, INFO etc.
LOG_LEVEL=WARN
LOG_MAX_AGE=1

# This is here so later lines can extend it; you likely don't wanna edit
COMPOSE_FILE="compose.yml"

#####################################################################
# General settings                                                  #
#####################################################################

## Ingress-mode port publishing for ports 80 and 443
##
## /!\ Using this prevents the use of any compose override adding
##     published ports to the traefik_app service (almost all of them)
##     and it prevents the use of IPv6 for ingress traffic.
##     Do not uncomment unless you know exactly what you are doing
##
#COMPOSE_FILE="$COMPOSE_FILE:compose.no-host.yml"

## "Headless mode" (no domain configured)
#COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"

#####################################################################
# Automatic DNS set-up for Letsencrypt                              #
#####################################################################

## Enable dns challenge (for wildcard domains)
##   https://go-acme.github.io/lego/dns/#dns-providers
#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
## *Currently* one of ovh, gandi, gandiv5, digitalocean, azure, porkbun, and cloudflare.
## Uncomment the corresponding provider below to insert your secret token/key.
#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh

## OVH, https://ovh.com
#COMPOSE_FILE="$COMPOSE_FILE:compose.ovh.yml"
#OVH_ENABLED=1
#OVH_APPLICATION_KEY=
#OVH_ENDPOINT=
#SECRET_OVH_APP_SECRET_VERSION=v1 # generate=false
#SECRET_OVH_CONSUMER_KEY=v1 # generate=false

## Gandi, https://gandi.net
## note(3wc): only "V5" (new) API is supported, so far
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"
#GANDI_API_KEY_ENABLED=1
#SECRET_GANDIV5_API_KEY_VERSION=v1 # generate=false

## Gandi, https://gandi.net
## note: uses GandiV5 Personal Access Token
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"
#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1
#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1 # generate=false

## DigitalOcean, https://digitalocean.com
#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
#DIGITALOCEAN_ENABLED=1
#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1 # generate=false

## Azure, https://azure.com
## To insert your Azure client secret:
## abra app secret insert {myapp.example.coop} azure_secret v1 "<CLIENT_SECRET>"
#COMPOSE_FILE="$COMPOSE_FILE:compose.azure.yml"
#AZURE_ENABLED=1
#AZURE_TENANT_ID=
#AZURE_CLIENT_ID=
#AZURE_SUBSCRIPTION_ID=
#AZURE_RESOURCE_GROUP=
#SECRET_AZURE_SECRET_VERSION=v1 # generate=false

## Porkbun, https://porkbun.com
## To insert your secrets:
## abra app secret insert 1312.net pb_api_key v1 pk1_413
## abra app secret insert 1312.net pb_s_api_key v1 sk1_612
#COMPOSE_FILE="$COMPOSE_FILE:compose.porkbun.yml"
#SECRET_PORKBUN_API_KEY_VERSION=v1 # generate=false
#SECRET_PORKBUN_SECRET_API_KEY_VERSION=v1 # generate=false

## Cloudflare, htps://cloudflare.com
## To insert your secrets:
## abra app secret insert {myapp.example.coop} cf_dns_token v1 "<CLOUDFLARE_DNS_API_TOKEN>"
## abra app secret insert {myapp.example.coop} cf_zone_token v1 "<CLOUDFLARE_ZONE_API_TOKEN>"
## These can be the same token or different tokens
## cf_dns_token needs DNS edit access, cf_zone_token needs zone edit access
## See LEGO docs for more info: https://go-acme.github.io/lego/dns/cloudflare/index.html
#COMPOSE_FILE="$COMPOSE_FILE:compose.cloudflare.yml"
#SECRET_CLOUDFLARE_DNS_API_TOKEN_VERSION=v1 # generate=false
#SECRET_CLOUDFLARE_ZONE_API_TOKEN_VERSION=v1 # generate=false

#####################################################################
# Manual wildcard certificate insertion                             #
#####################################################################

# Set wildcards = 1, and uncomment compose_file to enable.
# Create your certs elsewhere and add them like:
# abra app secret insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
# abra app secret insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
#WILDCARDS_ENABLED=1
#SECRET_WILDCARD_CERT_VERSION=v1
#SECRET_WILDCARD_KEY_VERSION=v1
#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"

#####################################################################
# Authentication                                                    #
#####################################################################

## Enable Keycloak
#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
#KEYCLOAK_MIDDLEWARE_ENABLED=1
#KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app

## BASIC_AUTH
## Use httpasswd to generate the secret
#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"
#BASIC_AUTH=1
#SECRET_USERSFILE_VERSION=v1

#####################################################################
# Prometheus metrics                                                #
#####################################################################

## Enable prometheus metrics collection
## used used by the coop-cloud monitoring stack
## BASIC_AUTH should also be enabled
#COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
#METRICS_ENABLED=1
#METRICS_FQDN=metrics.traefik.example.com

#####################################################################
# File provider directory configuration                             #
# (Route bare metal and non-docker services on the machine!)        #
#####################################################################
#FILE_PROVIDER_DIRECTORY_ENABLED=1

#####################################################################
# Additional services                                               #
#####################################################################

## SMTP port 587
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
#SMTP_ENABLED=1

## Compy
#COMPOSE_FILE="$COMPOSE_FILE:compose.compy.yml"
#COMPY_ENABLED=1

## Gitea SSH
# COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
# GITEA_SSH_ENABLED=1

## P2Panda UDP
# COMPOSE_FILE="$COMPOSE_FILE:compose.p2panda.yml"
# P2PANDA_ENABLED=1

## Foodsoft SMTP
# COMPOSE_FILE="$COMPOSE_FILE:compose.foodsoft.yml"
# FOODSOFT_SMTP_ENABLED=1

## Peertube RTMP
#COMPOSE_FILE="$COMPOSE_FILE:compose.peertube.yml"
#PEERTUBE_RTMP_ENABLED=1

## Secure Scuttlebutt MUXRPC
#COMPOSE_FILE="$COMPOSE_FILE:compose.ssb.yml"
#SSB_MUXRPC_ENABLED=1

## MSSQL
#COMPOSE_FILE="$COMPOSE_FILE:compose.mssql.yml"
#MSSQL_ENABLED=1

## Mumble
#COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"
#MUMBLE_ENABLED=1

## Matrix
#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
#MATRIX_FEDERATION_ENABLED=1

## "Web alt", an alternative web port
# NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this
#COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml"
#WEB_ALT_ENABLED=1

## Matrix
#COMPOSE_FILE="$COMPOSE_FILE:compose.irc.yml"
#IRC_ENABLED=1

## Garage
#COMPOSE_FILE="$COMPOSE_FILE:compose.garage.yml"
#GARAGE_RPC_ENABLED=1

## Nextcloud Talk HPB
#COMPOSE_FILE="$COMPOSE_FILE:compose.nextcloud-talk-hpb.yml"
#NEXTCLOUD_TALK_HPB_ENABLED=1

## Anubis
#COMPOSE_FILE="$COMPOSE_FILE:compose.anubis.yml"
#ANUBIS_COOKIE_DOMAIN=example.com
#ANUBIS_DOMAIN=anubis.example.com
#ANUBIS_REDIRECT_DOMAINS=
#ANUBIS_OG_PASSTHROUGH=true
#ANUBIS_OG_EXPIRY_TIME=1h
#ANUBIS_OG_CACHE_CONSIDER_HOST=true
#ANUBIS_SERVE_ROBOTS_TXT=true
#ANUBIS_SLOG_LEVEL=INFO

## Enable onion service support
#ONION_ENABLED=1