traefik/.env.sample

TYPE=traefik
TIMEOUT=300
ENABLE_AUTO_UPDATE=true

DOMAIN=traefik.example.com
LETS_ENCRYPT_ENV=production

LETS_ENCRYPT_EMAIL=certs@example.com
# DASHBOARD_ENABLED=true
# WARN, INFO etc.
LOG_LEVEL=WARN

# This is here so later lines can extend it; you likely don't wanna edit
COMPOSE_FILE="compose.yml"

#####################################################################
# General settings                                                  #
#####################################################################

## Host-mode networking
#COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"

## "Headless mode" (no domain configured)
#COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"

#####################################################################
# Automatic DNS set-up for Letsencrypt                              #
#####################################################################

## Enable dns challenge (for wildcard domains)
##   https://doc.traefik.io/traefik/https/acme/#dnschallenge
#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1
#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh

## OVH, https://ovh.com
#COMPOSE_FILE="$COMPOSE_FILE:compose.ovh.yml"
#OVH_ENABLED=1
#OVH_APPLICATION_KEY=
#OVH_ENDPOINT=
#SECRET_OVH_APP_SECRET_VERSION=v1
#SECRET_OVH_CONSUMER_KEY=v1

## Gandi, https://gandi.net
## note(3wc): only "V5" (new) API is supported, so far
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"
#GANDI_API_KEY_ENABLED=1
#SECRET_GANDIV5_API_KEY_VERSION=v1

## Gandi, https://gandi.net
## note: uses GandiV5 Personal Access Token
#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"
#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1
#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1

## DigitalOcean, https://digitalocean.com
#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"
#DIGITALOCEAN_ENABLED=1
#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1

#####################################################################
# Manual wildcard certificate insertion                             #
#####################################################################

# Set wildcards = 1, and uncomment compose_file to enable.
# Create your certs elsewhere and add them like:
# abra app secret insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
# abra app secret insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
#WILDCARDS_ENABLED=1
#SECRET_WILDCARD_CERT_VERSION=v1
#SECRET_WILDCARD_KEY_VERSION=v1
#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"

#####################################################################
# Authentication                                                    #
#####################################################################

## Enable Keycloak
#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
#KEYCLOAK_MIDDLEWARE_ENABLED=1
#KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app
#KEYCLOAK_MIDDLEWARE_2_ENABLED=1
#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app

## BASIC_AUTH
## Use httpasswd to generate the secret
#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"
#BASIC_AUTH=1
#SECRET_USERSFILE_VERSION=v1

#####################################################################
# Prometheus metrics                                                #
#####################################################################

## Enable prometheus metrics collection
## used used by the coop-cloud monitoring stack
#COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"
#METRICS_ENABLED=1

#####################################################################
# File provider directory configuration                             #
# (Route bare metal and non-docker services on the machine!)        #
#####################################################################
#FILE_PROVIDER_DIRECTORY_ENABLED=1

#####################################################################
# Additional services                                               #
#####################################################################

## SMTP port 587
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
#SMTP_ENABLED=1

## Compy
#COMPOSE_FILE="$COMPOSE_FILE:compose.compy.yml"
#COMPY_ENABLED=1

## Gitea SSH
# COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"
# GITEA_SSH_ENABLED=1

## Foodsoft SMTP
# COMPOSE_FILE="$COMPOSE_FILE:compose.foodsoft.yml"
# FOODSOFT_SMTP_ENABLED=1

## Peertube RTMP
#COMPOSE_FILE="$COMPOSE_FILE:compose.peertube.yml"
#PEERTUBE_RTMP_ENABLED=1

## Secure Scuttlebutt MUXRPC
#COMPOSE_FILE="$COMPOSE_FILE:compose.ssb.yml"
#SSB_MUXRPC_ENABLED=1

## MSSQL
#COMPOSE_FILE="$COMPOSE_FILE:compose.mssql.yml"
#MSSQL_ENABLED=1

## Mumble
#COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"
#MUMBLE_ENABLED=1

## Matrix
#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"
#MATRIX_FEDERATION_ENABLED=1

## "Web alt", an alternative web port
# NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this
#COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml"
#WEB_ALT_ENABLED=1
Use type 2020-12-31 12:23:13 +00:00			`TYPE=traefik`
add auto update and timeout env 2023-04-18 16:26:15 +00:00			`TIMEOUT=300`
			`ENABLE_AUTO_UPDATE=true`
Switch from envrc → env format Ref coop-cloud/abra#40 2020-12-30 11:19:35 +00:00
Revert to traefik.example.com templating 2022-11-17 04:35:34 +00:00			`DOMAIN=traefik.example.com`
Switch from envrc → env format Ref coop-cloud/abra#40 2020-12-30 11:19:35 +00:00			`LETS_ENCRYPT_ENV=production`

			`LETS_ENCRYPT_EMAIL=certs@example.com`
			`# DASHBOARD_ENABLED=true`
			`# WARN, INFO etc.`
			`LOG_LEVEL=WARN`

Minuscule .env tweak 2021-08-19 21:54:51 +00:00			`# This is here so later lines can extend it; you likely don't wanna edit`
Add default COMPOSE_FILE 2021-08-07 17:49:29 +00:00			`COMPOSE_FILE="compose.yml"`

`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#####################################################################`
			`# General settings #`
			`#####################################################################`

			`## Host-mode networking`
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.host.yml"`

			`## "Headless mode" (no domain configured)`
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.headless.yml"`

			`#####################################################################`
			`# Automatic DNS set-up for Letsencrypt #`
			`#####################################################################`

add support for Let's Encrypt DNS-01 challenge (for wildcard domains) start with support for OVH provider, but in a way for others to be added in the future: https://doc.traefik.io/traefik/https/acme/#dnschallenge 2021-06-10 02:53:17 +00:00			`## Enable dns challenge (for wildcard domains)`
			`## https://doc.traefik.io/traefik/https/acme/#dnschallenge`
			`#LETS_ENCRYPT_DNS_CHALLENGE_ENABLED=1`
			`#LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER=ovh`

`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`## OVH, https://ovh.com`
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.ovh.yml"`
			`#OVH_ENABLED=1`
			`#OVH_APPLICATION_KEY=`
			`#OVH_ENDPOINT=`
			`#SECRET_OVH_APP_SECRET_VERSION=v1`
			`#SECRET_OVH_CONSUMER_KEY=v1`
Support OVH configuration See https://github.com/Autonomic-Cooperative/traefik/pull/1. 2021-06-10 10:36:54 +00:00
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`## Gandi, https://gandi.net`
			`## note(3wc): only "V5" (new) API is supported, so far`
Remove abbreviation 'pat' for consistency. 2024-10-03 16:30:23 +00:00			`#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-api-key.yml"`
			`#GANDI_API_KEY_ENABLED=1`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#SECRET_GANDIV5_API_KEY_VERSION=v1`
Add preliminary DigitalOcean DNS support 2021-11-19 20:42:41 +00:00
Remove abbreviation 'pat' for consistency. 2024-10-03 16:30:23 +00:00			`## Gandi, https://gandi.net`
			`## note: uses GandiV5 Personal Access Token`
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.gandi-personal-access-token.yml"`
			`#GANDI_PERSONAL_ACCESS_TOKEN_ENABLED=1`
			`#SECRET_GANDIV5_PERSONAL_ACCESS_TOKEN_VERSION=v1`

Add preliminary DigitalOcean DNS support 2021-11-19 20:42:41 +00:00			`## DigitalOcean, https://digitalocean.com`
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.digitalocean.yml"`
			`#DIGITALOCEAN_ENABLED=1`
			`#SECRET_DIGITALOCEAN_AUTH_TOKEN_VERSION=v1`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00
feat: add support for wildcard certs via secrets 2023-12-10 04:17:37 +00:00			`#####################################################################`
			`# Manual wildcard certificate insertion #`
			`#####################################################################`
docs: correct secret insertion examples 2023-12-10 04:29:17 +00:00
feat: add support for wildcard certs via secrets 2023-12-10 04:17:37 +00:00			`# Set wildcards = 1, and uncomment compose_file to enable.`
			`# Create your certs elsewhere and add them like:`
fix: the command is "secret" 2024-06-01 16:54:50 +00:00			`# abra app secret insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"`
			`# abra app secret insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"`
feat: add support for wildcard certs via secrets 2023-12-10 04:17:37 +00:00			`#WILDCARDS_ENABLED=1`
			`#SECRET_WILDCARD_CERT_VERSION=v1`
feat: add distinct version for wildcard key secret 2024-01-12 02:38:44 +00:00			`#SECRET_WILDCARD_KEY_VERSION=v1`
feat: add support for wildcard certs via secrets 2023-12-10 04:17:37 +00:00			`#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"`

`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#####################################################################`
Add "web-alt" entrypoint (mostly for Icecast) 2024-04-01 22:49:23 +00:00			`# Authentication #`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#####################################################################`
Enable Gandi DNS challenge for Letsencrypt 2021-06-19 00:47:25 +00:00
Switch from envrc → env format Ref coop-cloud/abra#40 2020-12-30 11:19:35 +00:00			`## Enable Keycloak`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"`
Switch from envrc → env format Ref coop-cloud/abra#40 2020-12-30 11:19:35 +00:00			`#KEYCLOAK_MIDDLEWARE_ENABLED=1`
fix: support configurable tfa service 2021-10-13 22:43:38 +00:00			`#KEYCLOAK_TFA_SERVICE=traefik-forward-auth_app`
Add a slot for a second traefik-forward-auth instance 2021-11-16 14:08:04 +00:00			`#KEYCLOAK_MIDDLEWARE_2_ENABLED=1`
Align traefik-forward-auth 2nd var name with existing 2021-11-16 14:10:28 +00:00			`#KEYCLOAK_TFA_SERVICE_2=traefik-forward-auth_app`
Switch from envrc → env format Ref coop-cloud/abra#40 2020-12-30 11:19:35 +00:00
Add "web-alt" entrypoint (mostly for Icecast) 2024-04-01 22:49:23 +00:00			`## BASIC_AUTH`
			`## Use httpasswd to generate the secret`
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.basicauth.yml"`
			`#BASIC_AUTH=1`
			`#SECRET_USERSFILE_VERSION=v1`

Allow prometheus metrics collection This patch adds a METRICS_ENABLED configuration variables which, when switched on, defines a metrics entrypoint and enables the built-in prometheus metrics exporter. This allows the monitoring stack to collect and show traefik metrics 2021-08-09 23:28:15 +00:00			`#####################################################################`
			`# Prometheus metrics #`
			`#####################################################################`

			`## Enable prometheus metrics collection`
			`## used used by the coop-cloud monitoring stack`
feat: enable public facing metrics 2023-05-11 13:08:07 +00:00			`#COMPOSE_FILE="$COMPOSE_FILE:compose.metrics.yml"`
Allow prometheus metrics collection This patch adds a METRICS_ENABLED configuration variables which, when switched on, defines a metrics entrypoint and enables the built-in prometheus metrics exporter. This allows the monitoring stack to collect and show traefik metrics 2021-08-09 23:28:15 +00:00			`#METRICS_ENABLED=1`

feat: routing bare metal 2023-04-20 19:19:47 +00:00			`#####################################################################`
			`# File provider directory configuration #`
			`# (Route bare metal and non-docker services on the machine!) #`
			`#####################################################################`
			`#FILE_PROVIDER_DIRECTORY_ENABLED=1`

`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#####################################################################`
			`# Additional services #`
			`#####################################################################`

Switch from envrc → env format Ref coop-cloud/abra#40 2020-12-30 11:19:35 +00:00			`## SMTP port 587`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"`
Switch from envrc → env format Ref coop-cloud/abra#40 2020-12-30 11:19:35 +00:00			`#SMTP_ENABLED=1`

Add compy support 2022-03-26 21:49:10 +00:00			`## Compy`
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.compy.yml"`
			`#COMPY_ENABLED=1`

Thread port routers through the env 2021-03-09 08:28:38 +00:00			`## Gitea SSH`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`# COMPOSE_FILE="$COMPOSE_FILE:compose.gitea.yml"`
Thread port routers through the env 2021-03-09 08:28:38 +00:00			`# GITEA_SSH_ENABLED=1`

			`## Foodsoft SMTP`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`# COMPOSE_FILE="$COMPOSE_FILE:compose.foodsoft.yml"`
Thread port routers through the env 2021-03-09 08:28:38 +00:00			`# FOODSOFT_SMTP_ENABLED=1`

Add RTMP optional port setup 2021-05-10 10:58:10 +00:00			`## Peertube RTMP`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#COMPOSE_FILE="$COMPOSE_FILE:compose.peertube.yml"`
			`#PEERTUBE_RTMP_ENABLED=1`
Add RTMP optional port setup 2021-05-10 10:58:10 +00:00
Entrypoint for SSB MUXRPC 2021-06-05 12:19:59 +00:00			`## Secure Scuttlebutt MUXRPC`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#COMPOSE_FILE="$COMPOSE_FILE:compose.ssb.yml"`
			`#SSB_MUXRPC_ENABLED=1`
Entrypoint for SSB MUXRPC 2021-06-05 12:19:59 +00:00
Support mssql host mode connections 2021-06-07 07:42:50 +00:00			`## MSSQL`
`COMPOSE_FILE=$COMPOSE_FILE:`, to combine 'em easier Thanks, @mirsal 2021-08-07 15:03:52 +00:00			`#COMPOSE_FILE="$COMPOSE_FILE:compose.mssql.yml"`
			`#MSSQL_ENABLED=1`
Support mssql host mode connections 2021-06-07 07:42:50 +00:00
Add missing Mumble vars to .env.sample 2021-08-07 15:03:20 +00:00			`## Mumble`
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.mumble.yml"`
			`#MUMBLE_ENABLED=1`
feat: matrix federation 2021-12-13 12:56:36 +00:00
			`## Matrix`
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.matrix.yml"`
			`#MATRIX_FEDERATION_ENABLED=1`
feat: adds basic auth middleware 2023-02-07 12:00:27 +00:00
Add "web-alt" entrypoint (mostly for Icecast) 2024-04-01 22:49:23 +00:00			`## "Web alt", an alternative web port`
			# NOTE(3wc): as of 2024-04-01 only the `icecast` recipe uses this
			`#COMPOSE_FILE="$COMPOSE_FILE:compose.web-alt.yml"`
			`#WEB_ALT_ENABLED=1`