53 lines
1.6 KiB
YAML
53 lines
1.6 KiB
YAML
# HTTP routers for the web dashboards — Traefik TERMINATES TLS here and
|
|
# auto-issues Let's Encrypt certs (resolver "le"). These hosts have no
|
|
# Windows-Integrated auth, so termination is fine.
|
|
#
|
|
# ACME http-01 requires each Host below to be publicly resolvable and reachable
|
|
# on :80 through the edge. For internal-only dashboards, use a dnsChallenge or a
|
|
# default cert instead (see traefik.yml).
|
|
|
|
http:
|
|
routers:
|
|
flame:
|
|
entryPoints: ["websecure"]
|
|
rule: "Host(`start.osk.team`)"
|
|
service: flame
|
|
tls:
|
|
certResolver: le
|
|
|
|
portainer:
|
|
entryPoints: ["websecure"]
|
|
rule: "Host(`portainer.osk.team`)"
|
|
service: portainer
|
|
tls:
|
|
certResolver: le
|
|
|
|
traefik-dashboard:
|
|
entryPoints: ["websecure"]
|
|
rule: "Host(`traefik.osk.team`)"
|
|
service: api@internal
|
|
middlewares: ["dash-auth"]
|
|
tls:
|
|
certResolver: le
|
|
|
|
services:
|
|
flame:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://flame:5005"
|
|
portainer:
|
|
# Portainer must share a network with Traefik. Either add the portainer
|
|
# container to reverseproxy-nw, or point this at the host IP instead:
|
|
# - url: "https://192.168.0.8:9443" (+ serversTransport insecureSkipVerify)
|
|
loadBalancer:
|
|
servers:
|
|
- url: "https://192.168.0.8:9443"
|
|
|
|
middlewares:
|
|
dash-auth:
|
|
basicAuth:
|
|
# Generate: htpasswd -nbB admin 'yourpassword' (escape $ as $$ only in
|
|
# docker-compose labels — in this YAML file use the raw single-$ hash).
|
|
users:
|
|
- "admin:$2y$05$HjhBPjFYOxYTWS37DScedenZRiRZ.qbxMsf10XQVujzCljE9VbQfG"
|