karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix traefik/authelia bugs

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-03-12 20:12:45 +00:00
parent 6ed4c4917a
commit e55135163d
4 changed files with 32 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
View File

@@ -58,24 +58,25 @@ in
"--providers.docker=true"
"--providers.docker.exposedbydefault=false"
"--providers.docker.network=systemd-traefik"
"--entryPoints.web.address=:80"
"--entrypoints.web.http.redirections.entryPoint.to=websecure"
"--entrypoints.web.http.redirections.entryPoint.scheme=https"
"--entryPoints.web.http3"
"--entrypoints.web.forwardedHeaders.insecure=true"
"--entryPoints.http.address=:80"
"--entrypoints.http.http.redirections.entryPoint.to=https"
"--entrypoints.http.http.redirections.entryPoint.scheme=https"
"--entryPoints.http.http3"
"--entrypoints.http.forwardedHeaders.insecure=true"
"--entryPoints.websecure.address=:443"
"--entryPoints.websecure.asDefault=true"
"--entrypoints.websecure.http.tls=true"
"--entrypoints.websecure.http.tls.certResolver=letsencrypt"
"--entrypoints.websecure.http.tls.domains[0].main=karaolidis.com"
"--entrypoints.websecure.http.tls.domains[0].sans=*.karaolidis.com"
"--entrypoints.websecure.http.tls.domains[1].main=krlds.com"
"--entrypoints.websecure.http.tls.domains[1].sans=*.krlds.com"
"--entrypoints.websecure.http.middlewares=compress@docker"
"--entryPoints.websecure.http3"
"--entrypoints.websecure.forwardedHeaders.insecure=true"
"--entryPoints.https.address=:443"
"--entryPoints.https.asDefault=true"
"--entrypoints.https.http.tls=true"
"--entrypoints.https.http.tls.certResolver=letsencrypt"
"--entrypoints.https.http.tls.domains[0].main=karaolidis.com"
"--entrypoints.https.http.tls.domains[0].sans=*.karaolidis.com"
"--entrypoints.https.http.tls.domains[1].main=krlds.com"
"--entrypoints.https.http.tls.domains[1].sans=*.krlds.com"
"--entrypoints.https.http.middlewares=compress@docker"
"--entryPoints.https.http3"
"--entrypoints.https.forwardedHeaders.insecure=true"
"--certificatesresolvers.letsencrypt.acme.dnschallenge=true"
"--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare"
@@ -84,10 +85,14 @@ in
];
labels = [
"traefik.enable=true"
"traefik.http.routers.traefik.rule=Host(`proxy.karaolidis.com`)"
"traefik.http.routers.traefik.tls.certresolver=letsencrypt"
"traefik.http.routers.traefik.service: 'api@internal'"
"traefik.http.routers.traefik.middlewares: 'authelia@docker'"
"traefik.http.routers.traefik-dashboard.rule=Host(`proxy.karaolidis.com`)"
"traefik.http.routers.traefik-dashboard.service=dashboard@internal"
"traefik.http.routers.traefik-dashboard.middlewares=authelia@docker"
"traefik.http.routers.traefik-api.rule='Host(`proxy.karaolidis.com`) && PathPrefix(`/api`)'"
"traefik.http.routers.traefik-api.service=api@internal"
"traefik.http.routers.traefik-api.middlewares=authelia@docker"
"traefik.http.middlewares.compress.compress=true"
# TODO: Middlewares: Headers
@@ -104,6 +109,7 @@ in
After = [
"traefik-http.socket"
"traefik-https.socket"
"${containers.authelia._serviceName}.service"
"sops-nix.service"
];
@@ -137,7 +143,7 @@ in
"traefik-http" = {
Socket = {
ListenStream = "0.0.0.0:80";
FileDescriptorName = "web";
FileDescriptorName = "http";
Service = "${containers.traefik._serviceName}.service";
};
@@ -149,7 +155,7 @@ in
"traefik-https" = {
Socket = {
ListenStream = "0.0.0.0:443";
FileDescriptorName = "websecure";
FileDescriptorName = "https";
Service = "${containers.traefik._serviceName}.service";
};