Initial server configuration

traefik/compose.yml

@@ -0,0 +1,18 @@
+# /services/traefik/compose.yml
+
+services:
+  traefik:
+    image: traefik:3
+    container_name: traefik
+    restart: always
+    networks:
+      - traefik
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - ./:/etc/traefik
+
+networks:
+  traefik:
+    external: true

traefik/config/dashboard.yml

@@ -0,0 +1,9 @@
+# /services/traefik/config/dashboard.yml
+
+http:
+  routers:
+    traefik:
+      entryPoints:
+        - https
+      rule: Host(`traefik.eliasfink.de`)
+      service: api@internal

traefik/config/gitea.yml

@@ -0,0 +1,15 @@
+# /services/traefik/config/gitea.yml
+
+http:
+  routers:
+    git:
+      entryPoints:
+        - https
+      rule: Host(`git.eliasfink.de`)
+      service: gitea
+
+  services:
+    gitea:
+      loadBalancer:
+        servers:
+          - url: http://gitea:3000

traefik/config/home.yml

@@ -0,0 +1,18 @@
+# /services/traefik/config/home.yml
+
+http:
+  routers:
+    server:
+      entryPoints:
+        - https
+      rule: Host(`server.eliasfink.de`)
+      middlewares:
+        - home-redirect
+      service: noop@internal
+
+  middlewares:
+    home-redirect:
+      redirectRegex:
+        permanent: true
+        regex: ^.+$
+        replacement: https://eliasfink.de

traefik/config/nextcloud.yml

@@ -0,0 +1,15 @@
+# /services/traefik/config/nextcloud.yml
+
+http:
+  routers:
+    cloud:
+      entryPoints:
+        - https
+      rule: Host(`cloud.eliasfink.de`)
+      service: nextcloud
+
+  services:
+    nextcloud:
+      loadBalancer:
+        servers:
+          - url: http://nextcloud:80

traefik/config/portainer.yml

@@ -0,0 +1,15 @@
+# /services/traefik/config/portainer.yml
+
+http:
+  routers:
+    portainer:
+      entryPoints:
+        - https
+      rule: Host(`portainer.eliasfink.de`)
+      service: portainer
+
+  services:
+    portainer:
+      loadBalancer:
+        servers:
+          - url: http://portainer:9443

traefik/config/security.yml

@@ -0,0 +1,16 @@
+# /services/traefik/config/security.yml
+
+http:
+  middlewares:
+    default-security:
+      chain:
+        middlewares:
+          - secure-headers
+    secure-headers:
+      headers:
+        hostsProxyHeaders:
+          - X-Forwarded-Host
+        stsSeconds: 31536000
+        stsIncludeSubdomains: true
+        stsPreload: true
+        referrerPolicy: same-origin

traefik/traefik.yml

@@ -0,0 +1,34 @@
+# /services/traefik/traefik.yml
+
+global:
+  checkNewVersion: true
+  sendAnonymousUsage: false
+
+entryPoints:
+  http:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: https
+  https:
+    address: :443
+    http:
+      middlewares:
+        - default-security
+      tls:
+        certResolver: letsencrypt
+
+api: {}
+
+providers:
+  file:
+    directory: /etc/traefik/config
+    watch: true
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: mail@eliasfink.de
+    # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # use staging server instead of production
+      tlsChallenge: {}