colin/nas-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refresh repository to match reality (Part1)

Browse Source
This commit is contained in:
Colin Hebert
2024-09-23 17:03:36 +02:00
parent 61020cae89
commit 1d52e2ac75
15 changed files with 218 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
reverse-proxy/configs/dynamic/authelia.yml
View File

@@ -2,18 +2,11 @@ http:
middlewares:
authelia:
forwardAuth:
address: 'http://authelia:9091/api/verify?rd=https%3A%2F%2Fauthelia.{{ env `NASCOMPOSE_DOMAIN` }}%2F'
trustForwardHeader: true
authResponseHeaders:
- Remote-User
- Remote-Groups
- Remote-Name
- Remote-Email
authelia-basic:
forwardAuth:
address: http://authelia:9091/api/verify?auth=basic
address: http://authelia:9091/api/authz/forward-auth
trustForwardHeader: true
authResponseHeaders:
- Authorization
- Proxy-Authorization
- Remote-User
- Remote-Groups
- Remote-Name

39
reverse-proxy/configs/dynamic/compress.yml Normal file
View File

@@ -0,0 +1,39 @@
http:
middlewares:
compress:
compress:
includedContentTypes:
- application/atom+xml
- application/geo+json
- application/javascript
- application/x-javascript
- application/json
- application/ld+json
- application/manifest+json
- application/rdf+xml
- application/rss+xml
- application/vnd.ms-fontobject
- application/wasm
- application/x-web-app-manifest+json
- application/xhtml+xml
- application/xml
- font/eot
- font/otf
- font/ttf
- image/bmp
- image/svg+xml
- image/vnd.microsoft.icon
- image/x-icon
- text/cache-manifest
- text/calendar
- text/css
- text/html
- text/javascript
- text/markdown
- text/plain
- text/xml
- text/vcard
- text/vnd.rim.location.xloc
- text/vtt
- text/x-component
- text/x-cross-domain-policy

2
reverse-proxy/configs/dynamic/hsts.yml
View File

@@ -2,7 +2,7 @@ http:
middlewares:
hsts:
headers:
frameDeny: true
customFrameOptionsValue: SAMEORIGIN
browserXssFilter: true
stsSeconds: 31536000 # 1 year
stsPreload: true

7
reverse-proxy/configs/dynamic/qbittorrent-api.yml
View File

@@ -1,7 +0,0 @@
http:
routers:
qbittorrent-api:
rule: 'Host(`qbittorrent-api.{{ env `NASCOMPOSE_DOMAIN` }}`)'
service: qbittorrent@docker
middlewares:
- authelia-basic@file

8
reverse-proxy/configs/dynamic/traefik.yml
View File

@@ -1,8 +0,0 @@
http:
#TODO: Convert to inline configuration for traefik
# Allows internal services to use `http://traefik/` to use the traefik interface.
# Useful for tools like Heimdall which use the traefik API.
routers:
traefik-internal:
rule: Host(`traefik`)
service: api@internal

43
reverse-proxy/configs/traefik.yml
View File

@@ -9,33 +9,60 @@ providers:
serverstransport:
insecureskipverify: true
api: {}
accessLog: {}
api:
dashboard: true
insecure: true
accessLog:
filePath: /var/log/traefik/access.log
format: json
fields:
defaultMode: keep
names:
StartLocal: drop
ClientAddr: drop
headers:
defaultMode: drop
names:
Remote-User: keep
metrics:
prometheus:
addRoutersLabels: true
entryPoint: metrics
certificatesResolvers:
defaultResolver:
acme:
storage: /etc/traefik/acme/acme.json
dnsChallenge:
provider: cloudflare
tlsChallenge: {}
entryPoints:
web:
address: :80
address: :8080
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
permanent: true
websecure:
address: :8443
asDefault: true
http:
tls:
certResolver: defaultResolver
middlewares:
- hsts@file
- compress@file
http3:
advertisedPort: 443
ssh:
address: :22
address: :8022
ssh-tarpit:
address: :8222
metrics:
address: :9982
traefik:
address: :8081
global:
sendAnonymousUsage: false