traefik.yml

Agora vamos criar o nosso ficheiro estático de configuração do Traefik. Utilizem o vaosso editor preferido para adicionar/editar o ficheiro e colar a configuração a baixo. Neste exemplo vou usar o vim. Certifiquem-se que onde virem TEU_DOMINIO.TDL , TUA_REDE_DOCKER ou [email protected], alteram com os vossos dados.

vi /mnt/user/appdata/traefik/traefik.yml

traefik.yml
global:
  checkNewVersion: true
  sendAnonymousUsage: false

serversTransport:
  insecureSkipVerify: true

entryPoints:
  # Not used in apps, but redirect everything from HTTP to HTTPS
  http:
    address: :80
    forwardedHeaders:
      trustedIPs: &trustedIps
        # Start of Clouflare public IP list for HTTP requests, remove this if you don't use it
        - 173.245.48.0/20
        - 103.21.244.0/22
        - 103.22.200.0/22
        - 103.31.4.0/22
        - 141.101.64.0/18
        - 108.162.192.0/18
        - 190.93.240.0/20
        - 188.114.96.0/20
        - 197.234.240.0/22
        - 198.41.128.0/17
        - 162.158.0.0/15
        - 104.16.0.0/13
        - 104.24.0.0/14
        - 172.64.0.0/13
        - 131.0.72.0/22
        - 2400:cb00::/32
        - 2606:4700::/32
        - 2803:f800::/32
        - 2405:b500::/32
        - 2405:8100::/32
        - 2a06:98c0::/29
        - 2c0f:f248::/32
        # End of Cloudlare public IP list
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https

  # HTTPS endpoint, with domain wildcard
  https:
    address: :443
    forwardedHeaders:
      # Reuse list of Cloudflare Trusted IP's above for HTTPS requests
      trustedIPs: *trustedIps
    http:
      tls:
        # Generate a wildcard domain certificate
        # certResolver: letsencrypt
        certResolver: dnschallenge
        domains:
          - main: "TEU_DOMINIO.TDL"
            sans:
              - "*.TEU_DOMINIO.TDL"
      middlewares:
        - securityHeaders@file

providers:
  providersThrottleDuration: 2s

  # File provider for connecting things that are outside of docker / defining middleware
  file:
    filename: /etc/traefik/dynamic/fileConfig.yml
    watch: true

  # Docker provider for connecting all apps that are inside of the docker network
  docker:
    watch: true
    network: TUA_REDE_DOCKER    # Add Your Docker Network Name Here
    # Default host rule to containername.domain.example
    defaultRule: "Host(`{{ lower (trimPrefix `/` .Name )}}.TEU_DOMINIO.TDL`)" # Replace with your domain
    exposedByDefault: false
    endpoint: "tcp://dockersocket:2375" # Uncomment if you are using docker socket proxy

# Enable traefik ui
api:
  dashboard: true
  insecure: true

# Log level INFO|DEBUG|ERROR
log:
  level: INFO

# Use letsencrypt to generate ssl cerficiates
certificatesResolvers:
  dnschallenge:
    acme:
      email: [email protected]
      storage: /etc/traefik/letsencrypt/acme.json
      dnsChallenge:
        provider: cloudflare
        # Used to make sure the dns challenge is propagated to the rights dns servers
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

NOTA - IPs Cloudflare

Os IPs da Cloudflare na config a cima podem não estar atualizados. É da vossa responsabilidade garantir que estão corretos.

Para evitar intervenção manual podem utilizar um plugin para gerir os IPs da Cloudflare:

Se quiserem obter os IPs de forma manual, podem tentar executar(créditos salty):

curl https://api.cloudflare.com/client/v4/ips | sed 's/\\//g' | yq '.result.ipv4_cidrs + .result.
PreviousFicheiros necessáriosNextfileConfig.yml

Last updated