first sync

configs/dynamic/dashboard.yml

@@ -0,0 +1,23 @@
+http:
+  routers:
+    traefik:
+      rule: Host(`dashboard.tips-of-mine.com`)
+      entryPoints:
+        - https
+      service: api@internal
+      middlewares:
+        - dashboardauth
+      tls:
+        certResolver: letsencrypt
+    traefik-http-redirect:
+      rule: Host(`dashboard.tips-of-mine.com`)
+      entryPoints:
+        - http
+      service: api@internal
+      middlewares:
+        - "redirect-to-https"
+  middlewares:
+    dashboardauth:
+      basicAuth:
+        users:
+          - "admin:$2y$10$GXOzS6L1s3gwQb8zO90LKOGuvZfurIXCBgJjZ5ib9/p5l3cy1sid6"

configs/dynamic/global-middlewares.yml

@@ -0,0 +1,105 @@
+http:
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+        permanent: true
+    hsts-minimal:
+      headers:
+        stsSeconds: 31536000
+        stsIncludeSubdomains: false
+        stsPreload: false
+        forceSTSHeader: true
+    hsts-standard:
+      headers:
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        stsPreload: false
+        forceSTSHeader: true
+    hsts-full:
+      headers:
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        forceSTSHeader: true
+
+    # Redirect non-www URLs to their www equivalent
+    # Use with traefik.http.routers.myRouter.middlewares: "redirect-non-www-to-www@file"
+    # Source: https://www.benjaminrancourt.ca/how-to-redirect-from-non-www-to-www-with-traefik/
+    redirect-non-www-to-www:
+      # Redirect a request from an url to another with regex matching and replacement
+      redirectregex:
+        # Apply a permanent redirection (HTTP 301)
+        permanent: true
+        # The regular expression to match and capture elements from the request URL
+        regex: "^https?://(?:www\\.)?(.+)"
+        # How to modify the URL to have the new target URL
+        replacement: "https://www.${1}"
+
+    # Redirect www URLs to their non-www equivalent
+    # Use with traefik.http.routers.myRouter.middlewares: "redirect-www-to-non-www@file"
+    # Source: https://www.benjaminrancourt.ca/how-to-redirect-from-non-www-to-www-with-traefik/
+    redirect-www-to-non-www:
+      # Redirect a request from an url to another with regex matching and replacement
+      redirectregex:
+        # Apply a permanent redirection (HTTP 301)
+        permanent: true
+        # The regular expression to match and capture elements from the request URL
+        regex: "^https?://www\\.(.+)"
+        # How to modify the URL to have the new target URL
+        replacement: "https://${1}"
+
+#    default-headers:
+#      headers:
+#        frameDeny: true
+#        browserXssFilter: true
+#        contentTypeNosniff: true
+#        forceSTSHeader: true
+#        stsIncludeSubdomains: true
+#        stsPreload: true
+#        stsSeconds: 15552000
+#        customFrameOptionsValue: SAMEORIGIN
+#        customRequestHeaders:
+#          X-Forwarded-Proto: https
+
+#    crowdsec:
+#      plugin:
+#        bouncer:
+#          enabled: true
+#          logLevel: INFO
+#          updateIntervalSeconds: 15
+#          updateMaxFailure: 0
+#          defaultDecisionSeconds: 15
+#          httpTimeoutSeconds: 10
+#          crowdsecMode: stream
+#          crowdsecAppsecEnabled: true
+#          crowdsecAppsecHost: crowdsec:7422
+#          crowdsecAppsecFailureBlock: true
+#          crowdsecAppsecUnreachableBlock: true
+#          crowdsecLapiKey: #####REPLACE_API_KEY#####                                    # Replace CrowdSec API key (docker exec crowdsec cscli bouncers add crowdsecBouncer)
+#          crowdsecLapiKeyFile: /etc/traefik/cs-privateKey-foo
+#          crowdsecLapiHost: crowdsec:8080
+#          crowdsecLapiScheme: http
+#          forwardedHeadersTrustedIPs:
+#            - 10.0.35.4/32                                                              # Cloudflare tunnel IP address
+#            - 172.30.0.0/24                                                            # Reverse Proxy IP address 
+#          clientTrustedIPs:
+#            - 10.0.1.0/24                                                              # Internal LAN IP addresses 
+#            - 10.0.2.0/24                                                              # Internal LAN IP addresses
+#            - 10.0.3.0/24                                                              # Internal LAN IP addresses
+#            - 10.0.4.0/24                                                              # Internal LAN IP addresses
+#            - 10.0.5.0/24                                                              # Internal LAN IP addresses
+#          forwardedHeadersCustomName: CF-Connecting-IP                                 # Cloudflare IP address header
+
+#    default-whitelist:
+#      ipWhiteList:
+#        sourceRange:
+#        - "10.0.4.0/24"
+#        - "192.168.0.0/16"
+#        - "172.16.0.0/12"
+
+#    secured:
+#      chain:
+#        middlewares:
+#        - default-whitelist
+#        - default-headers

configs/dynamic/harbor.yml.old

@@ -0,0 +1,13 @@
+http:
+  routers:
+    harbor:
+      service: harbor
+      rule: "Host(`registry.tips-of-mine.com`)"
+      tls:
+        certResolver: production
+
+  services:
+    harbor:
+      loadBalancer:
+        servers:
+          - url: "http://172.27.0.1:8880"

configs/dynamic/registry.yml

@@ -0,0 +1,13 @@
+http:
+  routers:
+    harbor:
+      service: harbor
+      rule: "Host(`registry.tips-of-mine.com`)"
+      tls:
+        certResolver: production
+
+  services:
+    harbor:
+      loadBalancer:
+        servers:
+          - url: "http://10.0.4.133:8083"

configs/dynamic/tls.yml

@@ -0,0 +1,14 @@
+tls:
+  stores:
+    default:
+      defaultCertificate:
+        certFile: /etc/traefik/ssl/cert.pem
+        keyFile: /etc/traefik/ssl/privkey.pem
+  certificates:
+    - certFile: /etc/traefik/ssl/cert.pem
+      keyFile: /etc/traefik/ssl/privkey.pem
+  options:
+    default:
+      minVersion: VersionTLS12
+    mintls13:
+      minVersion: VersionTLS1