traefik/traefik.yml.tmpl

---
log:
  level: {{ env "LOG_LEVEL" }}

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: proxy
    swarmMode: true
  file:
    filename: /etc/traefik/file-provider.yml

api:
  dashboard: {{ env "DASHBOARD_ENABLED" }}
  debug: false

entrypoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: web-secure
  web-secure:
    address: ":443"
  {{ if eq (env "GITEA_SSH_ENABLED") "1" }}
  gitea-ssh:
    address: ":2222"
  {{ end }}
  {{ if eq (env "FOODSOFT_SMTP_ENABLED") "1" }}
  foodsoft-smtp:
    address: ":2525"
  {{ end }}
  {{ if eq (env "SMTP_ENABLED") "1" }}
  smtp-submission:
    address: ":587"
  {{ end }}
  {{ if eq (env "PEERTUBE_RTMP_ENABLED") "1" }}
  peertube-rtmp:
    address: ":1935"
  {{ end }}
  {{ if eq (env "SSB_MUXRPC_ENABLED") "1" }}
  ssb-muxrpc:
    address: ":8008"
  {{ end }}
  {{ if eq (env "MSSQL_ENABLED") "1" }}
  mssql:
    address: ":1433"
  {{ end }}

ping:
  entryPoint: web

certificatesResolvers:
  staging:
    acme:
      email: {{ env "LETS_ENCRYPT_EMAIL" }}
      storage: /etc/letsencrypt/staging-acme.json
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web
  production:
    acme:
      email: {{ env "LETS_ENCRYPT_EMAIL" }}
      storage: /etc/letsencrypt/production-acme.json
      httpChallenge:
        entryPoint: web
        {{ if eq (env "LETS_ENCRYPT_DNS_CHALLENGE_ENABLED") "1" }}
        dnsChallenge:
          provider: {{ (env "LETS_ENCRYPT_DNS_CHALLENGE_PROVIDER") }}
        {{ end }}