kelin
f0a3907002
- Automate Traefik email substitution in deploy script - Auto-generate Authelia admin password (saved to ADMIN_PASSWORD.txt) - Standardize all volume paths to use relative paths (./service/config) - Switch Traefik to HTTP challenge by default (DNS challenge optional) - Update documentation with improved setup instructions - Enhance troubleshooting guide - Update AGENT_INSTRUCTIONS with new conventions - Simplify .env.example with clearer guidance These changes reduce manual configuration steps and improve deployment reliability.
61 lines
1.4 KiB
YAML
61 lines
1.4 KiB
YAML
# Traefik Static Configuration
|
|
# Copy to /opt/stacks/traefik/traefik.yml
|
|
|
|
global:
|
|
checkNewVersion: true
|
|
sendAnonymousUsage: false
|
|
|
|
api:
|
|
dashboard: true
|
|
insecure: false # Dashboard accessible via Traefik route with Authelia
|
|
|
|
entryPoints:
|
|
web:
|
|
address: ":80"
|
|
http:
|
|
redirections:
|
|
entryPoint:
|
|
to: websecure
|
|
scheme: https
|
|
|
|
websecure:
|
|
address: ":443"
|
|
http:
|
|
tls:
|
|
certResolver: letsencrypt
|
|
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
acme:
|
|
email: ACME_EMAIL_PLACEHOLDER # Will be replaced by deploy script
|
|
storage: /acme.json
|
|
# HTTP challenge - Simple setup, port 80 must be accessible
|
|
# Works for individual domain certificates
|
|
httpChallenge:
|
|
entryPoint: web
|
|
# DNS challenge - For wildcard certificates (advanced)
|
|
# Uncomment and comment out httpChallenge to use:
|
|
# dnsChallenge:
|
|
# provider: duckdns
|
|
# resolvers:
|
|
# - "1.1.1.1:53"
|
|
# - "8.8.8.8:53"
|
|
|
|
providers:
|
|
docker:
|
|
endpoint: "unix:///var/run/docker.sock"
|
|
exposedByDefault: false # Only expose services with traefik.enable=true
|
|
network: traefik-network
|
|
|
|
file:
|
|
directory: /dynamic
|
|
watch: true
|
|
|
|
log:
|
|
level: INFO # DEBUG, INFO, WARN, ERROR
|
|
filePath: /var/log/traefik/traefik.log
|
|
|
|
accessLog:
|
|
filePath: /var/log/traefik/access.log
|
|
bufferingSize: 100
|