traefik/traefik.yml.tmpl

---
core:
  defaultRuleSyntax: v2

log:
  level: {{ env "LOG_LEVEL" }}
  maxAge: {{ env "LOG_MAX_AGE" }}

providers:
  swarm:
    endpoint: "tcp://socket-proxy:2375"
    exposedByDefault: false
    network: proxy
  {{- if eq (env "FILE_PROVIDER_DIRECTORY_ENABLED") "1" }}
  file:
    directory: /etc/traefik/file-providers
    watch: true
  {{- else }}
  file:
    filename: /etc/traefik/file-provider.yml
  {{- end }}

api:
  dashboard: {{ env "DASHBOARD_ENABLED" }}
  debug: false

entrypoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: web-secure
  web-secure:
    address: ":443"
    http:
      encodedCharacters:
        allowEncodedSlash: true
        allowEncodedBackSlash: true
        allowEncodedNullCharacter: true
        allowEncodedSemicolon: true
        allowEncodedPercent: true
        allowEncodedQuestionMark: true
        allowEncodedHash: true
  {{- if eq (env "GITEA_SSH_ENABLED") "1" }}
  gitea-ssh:
    address: ":2222"
  {{- end }}
  {{- if eq (env "P2PANDA_ENABLED") "1" }}
  p2panda-udp-v4:
    address: ":2022/udp"
  p2panda-udp-v6:
    address: ":2023/udp"
  {{- end }}
  {{- if eq (env "GARAGE_RPC_ENABLED") "1" }}
  garage-rpc:
    address: ":3901"
  {{- end }}
  {{- if eq (env "FOODSOFT_SMTP_ENABLED") "1" }}
  foodsoft-smtp:
    address: ":2525"
  {{- end }}
  {{- if eq (env "SMTP_ENABLED") "1" }}
  smtp-submission:
    address: ":587"
  {{- end }}
  {{- if eq (env "PEERTUBE_RTMP_ENABLED") "1" }}
  peertube-rtmp:
    address: ":1935"
  {{- end }}
  {{- if eq (env "WEB_ALT_ENABLED") "1" }}
  web-alt:
    address: ":8000"
  {{- end }}
  {{- if eq (env "SSB_MUXRPC_ENABLED") "1" }}
  ssb-muxrpc:
    address: ":8008"
  {{- end }}
  {{- if eq (env "MSSQL_ENABLED") "1" }}
  mssql:
    address: ":1433"
  {{- end }}
  {{- if eq (env "MUMBLE_ENABLED") "1" }}
  mumble:
    address: ":64738"
  mumble-udp:
    address: ":64738/udp"
  {{- end }}
  {{- if eq (env "COMPY_ENABLED") "1" }}
  compy:
    address: ":9999"
  {{- end }}
  {{- if eq (env "IRC_ENABLED") "1" }}
  irc:
    address: ":6697"
  {{- end }}
  {{- if eq (env "MATRIX_FEDERATION_ENABLED") "1" }}
  matrix-federation:
    address: ":9001"
  {{- end }}
  {{- if eq (env "NEXTCLOUD_TALK_HPB_ENABLED") "1" }}
  nextcloud-talk-hpb:
    address: ":3478"
  nextcloud-talk-hpb-udp:
    address: ":3478/udp"
  {{- end }}
  {{- if eq (env "ONION_ENABLED") "1" }}
  onion:
    address: ":9052"
  {{- end }}

ping:
  entryPoint: web

{{- if eq (env "METRICS_ENABLED") "1" }}
metrics:
  prometheus:
    entryPoint: web-secure
    manualRouting: true
    addRoutersLabels: true
    addServicesLabels: true
{{- end }}

certificatesResolvers:
  staging:
    acme:
      email: {{ env "LETS_ENCRYPT_EMAIL" }}
      storage: /etc/letsencrypt/staging-acme.json
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web
      {{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
      dnsChallenge:
        provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
      {{- end }}
  production:
    acme:
      email: {{ env "LETS_ENCRYPT_EMAIL" }}
      storage: /etc/letsencrypt/production-acme.json
      httpChallenge:
        entryPoint: web
      {{- if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
      dnsChallenge:
        provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
        resolvers:
          - "1.1.1.1:53"
          - "9.9.9.9:53"
      {{- end }}