## static configuration

global:
  # Send anonymous usage data
  sendAnonymousUsage: false
  checkNewVersion: true

entryPoints:
#  ftp:
#    address: ":21"
  ssh:
    address: ":22"
#  smtp:
#    address: ":25"
#  dns:
#    address: ":53"
  http:
    address: ":80"
    forwardedHeaders:
      insecure: true
      trustedIPs: &trustedIps
        - 10.0.4.0/24
    http:
#      middlewares:                                                                   # CHANGE MADE HERE (BOUNCER ENABLED) !!!
#        - "crowdsec@file"                                                            # CHANGE MADE HERE (BOUNCER ENABLED) !!!
#        - "cloudflarewarp@file"                                                      # CHANGE MADE HERE (BOUNCER ENABLED) !!!
      redirections:
        entryPoint:
          to: https
          scheme: https
#  ssh:
#    address: ":22"
#  pop3:
#    address: ":110"
#  imap:
#    address: ":143"
  https:
    address: ":443"
    forwardedHeaders:
      insecure: true
      trustedIPs: &trustedIps
#    http:
#      middlewares:
#        - crowdsec-bouncer@file
#        - cloudflarewarp@file"                                                      # CHANGE MADE HERE (BOUNCER ENABLED) !!!
#        - secureHeaders@file
#      tls:
#        certResolver: letsencrypt
#  smtp-ssl:
#    address: ":465"
#  starttls:
#    address: ":587"
#  imap-ssl:
#    address: ":993"
#  pop3-ssl:
#    address: ":995"
#  openvpn:
#    address: ":1194/udp"
#  mysql:
#    address: ":3306"
#  elasticsearch:
#    address: ":9200"
  metrics:
    address: ":8181"

serversTransport:
  insecureSkipVerify: true

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    watch: true
  file:
    directory: /etc/traefik/dynamic
    watch: true
  providersThrottleDuration: 10
  swarmMode: false

certificatesResolvers:
  letsencrypt:
    acme:
      email: admin@tips-of-mine.com
      storage: /var/traefik/certs/acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      keyType: EC256
      dnsChallenge:
        provider: letsencrypt
        resolvers:
          - "8.8.8.8:53"
          - "1.1.1.1:53"
          - "1.0.0.1:53"
        delaybeforecheck: 300
      tlschallenge: true
#      httpchallenge:
#        entrypoint: http

api:
  insecure: true
  dashboard: true

log:
  level: ${LOG_LEVEL:-INFO}"
  filepath: "/var/log/traefik/traefik.log"
  format: json
#  default: "common"

accesslog:
  filepath: "/var/log/traefik/access.log"
  format: json
  bufferingSize: 100
#  format: common

# Ajout de la partie métrique qui concerne Prometheus
metrics:
  prometheus:
    # Nom du point d'entrée défini au dessus
    entryPoint: metrics
    # On configure la latence des métriques
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0
    # Ajout des métriques sur les points d'entrée
    addEntryPointsLabels: true
    # Ajout des services
    addServicesLabels: true
    addRoutersLabels: true

experimental:
  plugins:
    crowdsec-bouncer-traefik-plugin:
      moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
      version: "v1.3.3"

    traefik-maintenance:
      moduleName: "github.com/TRIMM/traefik-maintenance"
      version: "v1.0.1"

    fail2ban:
      moduleName: "github.com/tomMoulard/fail2ban"
      version: "v0.8.3"

    sablier:
      moduleName: "github.com/acouvreur/sablier"
      version: "v1.8.0-beta.22"