Kubernetes.K3s.installLog/ingress/Traefik2.x/configMap-Traefik.yml

121 lines
3.1 KiB
YAML

apiVersion: v1
kind: ConfigMap
metadata:
name: traefik-configmap
namespace: kube-system
data:
traefik.yml: |
global:
checkNewVersion: true
sendAnonymousUsage: true
entryPoints:
rtmp:
address: :1935
web:
address: :8000
websecure:
address: :8443
forwardedHeaders:
insecure: true
http:
tls:
options: defaults@file
certResolver: default
domains:
- main: '*.spamasaurus.com'
sans:
- 'spamasaurus.com'
- main: '*.chat.spamasaurus.com'
- main: '*.bessems.com'
sans:
- 'bessems.com'
- main: '*.bessems.eu'
sans:
- 'bessems.eu'
- main: '*.gabaldon.eu'
sans:
- 'gabaldon.eu'
- main: '*.gabaldon.nl'
sans:
- 'gabaldon.nl'
- main: '*.itch.fyi'
sans:
- 'itch.fyi'
# trustedIPs:
# - "127.0.0.0/8"
# - "192.168.5.0/24"
# - "192.168.11.0/24"
traefik:
address: :9000
providers:
file:
filename: /etc/traefik/dynamic.yml
kubernetesCRD:
allowCrossNamespace: true
api:
dashboard: true
ping: {}
#accessLog: {}
log:
level: INFO
# level: DEBUG
certificatesResolvers:
default:
acme:
email: letsencrypt.org.danny@spamasaurus.com
storage: /data/acme.json
dnsChallenge:
provider: cloudflare
delayBeforeCheck: 5m0s
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
pilot:
dashboard: false
serversTransport:
insecureSkipVerify: true
dynamic.yml: |
http:
middlewares:
force-tls:
redirectScheme:
scheme: https
2fa-authentication:
forwardAuth:
address: "https://auth.spamasaurus.com/api/verify?rd=https://auth.spamasaurus.com/"
trustForwardHeader: true
security-headers:
headers:
forceSTSHeader: true
stsSeconds: 315360000
stsIncludeSubdomains: true
stsPreload: true
compression:
compress: {}
routers:
force-tls:
entryPoints:
- "web"
rule: "HostRegexp(`{any:.+}`)"
middlewares:
- "force-tls"
service: noop@internal
tls:
options:
defaults:
minVersion: VersionTLS12
sniStrict: true
curvePreferences:
- secp521r1
- secp384r1
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_FALLBACK_SCSV