sntxrr · September 14, 2025 22:49
diff --git a/docker-compose.yaml b/docker-compose.yaml
 ---
 services:
  reverse-proxy:
    image: traefik:v3.3.6
    environment:
      AWS_ACCESS_KEY_ID: ""
      AWS_SECRET_ACCESS_KEY: ""
      DUCKDNS_TOKEN: ""
      NAMECHEAP_API_USER: "namecheapusername"
      NAMECHEAP_API_KEY: "123456789abcdef123456789abcdef"
      DO_AUTH_TOKEN: ""
      # TRACING
      TRAEFIK_TRACING: true                                                # Enable tracing
      #TRAEFIK_TRACING_JAEGER_SAMPLINGPARAM: 0                              # Set the Jaeger sampling parameter
      #TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME: X-Request-ID          # Set the header to use for the X-Request-ID
    command:
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.network=traefik_default
      - --providers.docker.exposedbydefault=false
      - --accesslog=true
      - --accesslog.filepath=access.log
      - --log.level=INFO
      - --log.filePath=traefik.log
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http3
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --certificatesresolvers.myresolver.acme.dnschallenge=true
      - --certificatesresolvers.myresolver.acme.dnschallenge.provider=namecheap
      - --certificatesresolvers.myresolver.acme.email=your+email@example.com
      - --certificatesresolvers.myresolver.acme.storage=/etc/traefik/acme.json
      - --global.checknewversion=false
      - --global.sendanonymoususage=false
    ports:
      - "80:80"
      - "443:443/tcp"
      - "443:443/udp"
    volumes:
      # So that Traefik can listen to Docker events and auto-configure.
      # This has security implications.
      # See https://doc.traefik.io/traefik/providers/docker/#docker-api-access
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # For storing Let's Encrypt cert
      - /data/traefik/etc:/etc/traefik:rw
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard-https.entrypoints=websecure"
      - "traefik.http.routers.dashboard-https.rule=Host(`traefik.yourdomain.tld`)"
      - "traefik.http.routers.dashboard-https.service=api@internal"
      - "traefik.http.routers.dashboard-https.tls.certresolver=myresolver"
      - "traefik.http.routers.dashboard-https.tls.domains[0].main=yourdomain.tld"
      - "traefik.http.routers.dashboard-https.tls.domains[0].sans=*.yourdomain.tld"
      - "traefik.http.routers.dashboard-https.middlewares=lan-only"
      - "traefik.http.middlewares.lan-only.ipallowlist.sourcerange=12.34.56.78/32"
      # pulled from https://github.com/brokenscripts/authentik_traefik
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.address=http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.trustForwardHeader=true"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-username"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-groups"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-email"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-name"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-uid"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-jwt"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-jwks"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-outpost"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-provider"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-app"
      - "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-version"
    restart: unless-stopped
	---
	services:
	reverse-proxy:
	image: traefik:v3.3.6
	environment:
	AWS_ACCESS_KEY_ID: ""
	AWS_SECRET_ACCESS_KEY: ""
	DUCKDNS_TOKEN: ""
	NAMECHEAP_API_USER: "namecheapusername"
	NAMECHEAP_API_KEY: "123456789abcdef123456789abcdef"
	DO_AUTH_TOKEN: ""
	# TRACING
	TRAEFIK_TRACING: true # Enable tracing
	#TRAEFIK_TRACING_JAEGER_SAMPLINGPARAM: 0 # Set the Jaeger sampling parameter
	#TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME: X-Request-ID # Set the header to use for the X-Request-ID
	command:
	- --api.insecure=true
	- --providers.docker=true
	- --providers.docker.network=traefik_default
	- --providers.docker.exposedbydefault=false
	- --accesslog=true
	- --accesslog.filepath=access.log
	- --log.level=INFO
	- --log.filePath=traefik.log
	- --entrypoints.web.address=:80
	- --entrypoints.websecure.address=:443
	- --entrypoints.websecure.http3
	- --entrypoints.web.http.redirections.entrypoint.scheme=https
	- --entrypoints.web.http.redirections.entrypoint.to=websecure
	- --certificatesresolvers.myresolver.acme.dnschallenge=true
	- --certificatesresolvers.myresolver.acme.dnschallenge.provider=namecheap
	- --certificatesresolvers.myresolver.acme.email=your+email@example.com
	- --certificatesresolvers.myresolver.acme.storage=/etc/traefik/acme.json
	- --global.checknewversion=false
	- --global.sendanonymoususage=false
	ports:
	- "80:80"
	- "443:443/tcp"
	- "443:443/udp"
	volumes:
	# So that Traefik can listen to Docker events and auto-configure.
	# This has security implications.
	# See https://doc.traefik.io/traefik/providers/docker/#docker-api-access
	- /var/run/docker.sock:/var/run/docker.sock:ro
	# For storing Let's Encrypt cert
	- /data/traefik/etc:/etc/traefik:rw
	labels:
	- "traefik.enable=true"
	- "traefik.http.routers.dashboard-https.entrypoints=websecure"
	- "traefik.http.routers.dashboard-https.rule=Host(`traefik.yourdomain.tld`)"
	- "traefik.http.routers.dashboard-https.service=api@internal"
	- "traefik.http.routers.dashboard-https.tls.certresolver=myresolver"
	- "traefik.http.routers.dashboard-https.tls.domains[0].main=yourdomain.tld"
	- "traefik.http.routers.dashboard-https.tls.domains[0].sans=*.yourdomain.tld"
	- "traefik.http.routers.dashboard-https.middlewares=lan-only"
	- "traefik.http.middlewares.lan-only.ipallowlist.sourcerange=12.34.56.78/32"
	# pulled from https://github.com/brokenscripts/authentik_traefik
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.address=http://authentik_server:9000/outpost.goauthentik.io/auth/traefik"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.trustForwardHeader=true"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-username"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-groups"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-email"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-name"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-uid"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-jwt"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-jwks"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-outpost"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-provider"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-app"
	- "traefik.http.middlewares.middlewares-authentik.forwardAuth.authResponseHeaders=X-authentik-meta-version"
	restart: unless-stopped
No results found