Configuration cleanup

2020-01-27 12:45:53 +01:00
parent 834f7d0f2b
commit 1e275fea5b
6 changed files with 110 additions and 137 deletions
--- a/traefik/config/network.yaml
+++ b/traefik/config/network.yaml
@@ -0,0 +1,29 @@
+# This file contains routing rules for netwok services that are not running on the same host as traefik
+
+http:
+  services:
+    pfsense:
+      loadBalancer:
+        servers:
+          - url: http://192.168.0.1:80
+    proxmox:
+      loadBalancer:
+        servers:
+          - url: http://192.168.0.10:8006
+
+  routers:
+    pfsense:
+      service: pfsense
+      rule: Host(`pfsense.{{ env "PRIVATE_DOMAIN" }}`)
+      middlewares:
+        - auth
+      tls:
+        certResolver: le
+    proxmox:
+      service: proxmox
+      rule: Host(`proxmox.{{ env "PRIVATE_DOMAIN" }}`)
+      middlewares:
+        - auth
+      tls:
+        certResolver: le
+
--- a/traefik/config/security.yaml
+++ b/traefik/config/security.yaml
@@ -0,0 +1,35 @@
+# This file contains services for security and authorization
+
+http:
+  services:
+    http-catchall:
+      # A dummy service for the http-catchall rule
+      loadBalancer:
+        servers:
+          - url: http://dummy-url
+
+  routers:
+    http-catchall:
+      # Catch all requests to the http entrypoint and redirect them to https
+      service: http-catchall
+      rule: hostregexp(`{host:.+}`)
+      entrypoint: web
+      middlewares:
+        - redir
+
+  middlewares:
+    redir:
+      # Redirect to https
+      redirectScheme:
+        scheme: https
+        permanent: true
+
+    auth:
+      # Go through authelia for authorization
+      forwardAuth:
+        address: http://authelia:9091/api/verify?rd=https://auth.{{ env "PRIVATE_DOMAIN" }}/%23/
+        trustForwardHeader: true
+        authResponseHeaders:
+          - X-Forwarded-User
+        insecureSkipVerify: true
+