# ---------------------- # TCP (SSH) Routers # ---------------------- tcp: routers: gitea-ssh: entryPoints: - ssh service: gitea-ssh rule: "HostSNI(`*`)" # SSH does not use SNI tls: false services: gitea-ssh: loadBalancer: servers: - address: "private-pi:222" # ---------------------- # HTTP Routers & Middlewares # ---------------------- http: middlewares: basic-auth: basicAuth: usersFile: /auth/htpasswd redirect-to-https: redirectScheme: scheme: https permanent: true websocket-headers: headers: customRequestHeaders: Connection: "Upgrade" Upgrade: "websocket" # # Preserve auth headers for WS # accessControlAllowHeaders: # - Authorization # - Sec-Websocket-Protocol # - Sec-Websocket-Key dcr-cors: headers: accessControlAllowOriginList: - "http://registry.aetoskia.com" accessControlAllowMethods: - GET - POST - PUT - DELETE - OPTIONS accessControlAllowHeaders: - Authorization - Content-Type accessControlMaxAge: 1728000 nakama-cors: headers: accessControlAllowOriginList: - "https://games.aetoskia.com" accessControlAllowMethods: - GET - POST - PUT - DELETE - OPTIONS accessControlAllowHeaders: - Authorization - Content-Type accessControlMaxAge: 1728000 blog-api-strip: stripPrefix: prefixes: - "/blogs" coverage-api-strip: stripPrefix: prefixes: - "/coverage" routers: # ---------------------- # HTTP routers for redirect # ---------------------- www-http: rule: "Host(`www.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal blog-http: rule: "Host(`blog.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal games-http: rule: "Host(`games.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal # Dashboard traefik-dashboard-http: rule: "Host(`traefik.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal plex-http: rule: "Host(`plex.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal sonarr-http: rule: "Host(`sonarr.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal radarr-http: rule: "Host(`radarr.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal bazarr-http: rule: "Host(`bazarr.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal prowlarr-http: rule: "Host(`prowlarr.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal jellyseerr-http: rule: "Host(`jellyseerr.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal ombi-http: rule: "Host(`ombi.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal qbit-http: rule: "Host(`qbit.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal gitea-http: rule: "Host(`git.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal docs-http: rule: "Host(`docs.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal drone-http: rule: "Host(`drone.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal dcr-http: rule: "Host(`dcr.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal registry-http: rule: "Host(`registry.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal pypiserver-http: rule: "Host(`pip.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal netdata-http: rule: "Host(`netdata.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal portainer-http: rule: "Host(`portainer.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal mongo-express-http: rule: "Host(`mongo.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal pgadmin-http: rule: "Host(`postgres.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal api-http: rule: "Host(`api.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal nakama-http: rule: "Host(`nakama.aetoskia.com`)" entryPoints: - web middlewares: - redirect-to-https service: noop@internal # ---------------------- # HTTPS routers # ---------------------- # Landing Page www-https: rule: "Host(`www.aetoskia.com`)" entryPoints: - websecure service: www-svc tls: certResolver: aetoskia middlewares: # - basic-auth - websocket-headers blog: rule: "Host(`blog.aetoskia.com`)" entryPoints: - websecure service: blog-svc tls: certResolver: aetoskia games: rule: "Host(`games.aetoskia.com`)" entryPoints: - websecure service: games-svc tls: certResolver: aetoskia # Dashboard traefik-dashboard: rule: "Host(`traefik.aetoskia.com`)" entryPoints: - websecure service: api@internal tls: certResolver: aetoskia middlewares: - basic-auth # Media plex: rule: "Host(`plex.aetoskia.com`)" entryPoints: - websecure service: plex-svc tls: certResolver: aetoskia sonarr: rule: "Host(`sonarr.aetoskia.com`)" entryPoints: - websecure service: sonarr-svc tls: certResolver: aetoskia radarr: rule: "Host(`radarr.aetoskia.com`)" entryPoints: - websecure service: radarr-svc tls: certResolver: aetoskia bazarr: rule: "Host(`bazarr.aetoskia.com`)" entryPoints: - websecure service: bazarr-svc tls: certResolver: aetoskia prowlarr: rule: "Host(`prowlarr.aetoskia.com`)" entryPoints: - websecure service: prowlarr-svc tls: certResolver: aetoskia jellyseerr: rule: "Host(`jellyseerr.aetoskia.com`)" entryPoints: - websecure service: jellyseerr-svc tls: certResolver: aetoskia ombi: rule: "Host(`ombi.aetoskia.com`)" entryPoints: - websecure service: ombi-svc tls: certResolver: aetoskia qbit: rule: "Host(`qbit.aetoskia.com`)" entryPoints: - websecure service: qbit-svc tls: certResolver: aetoskia middlewares: - websocket-headers # Codebase gitea: rule: "Host(`git.aetoskia.com`)" entryPoints: - websecure service: gitea-svc tls: certResolver: aetoskia middlewares: - websocket-headers docs: rule: "Host(`docs.aetoskia.com`)" entryPoints: - websecure service: docs-svc tls: certResolver: aetoskia middlewares: - websocket-headers drone: rule: "Host(`drone.aetoskia.com`)" entryPoints: - websecure service: drone-svc tls: certResolver: aetoskia middlewares: - websocket-headers dcr: rule: "Host(`dcr.aetoskia.com`)" entryPoints: - websecure service: dcr-svc tls: certResolver: aetoskia middlewares: - dcr-cors registry: rule: "Host(`registry.aetoskia.com`)" entryPoints: - websecure service: registry-svc tls: certResolver: aetoskia pypiserver: rule: "Host(`pip.aetoskia.com`)" entryPoints: - websecure service: pypiserver-svc tls: certResolver: aetoskia # Monitoring netdata: rule: "Host(`netdata.aetoskia.com`)" entryPoints: - websecure service: netdata-svc tls: certResolver: aetoskia middlewares: - basic-auth portainer: rule: "Host(`portainer.aetoskia.com`)" entryPoints: - websecure service: portainer-svc tls: certResolver: aetoskia mongo-express: rule: "Host(`mongo.aetoskia.com`)" entryPoints: - websecure service: mongo-express-svc tls: certResolver: aetoskia pgadmin: rule: "Host(`postgres.aetoskia.com`)" entryPoints: - websecure service: pgadmin-svc tls: certResolver: aetoskia blog-api: rule: "Host(`api.aetoskia.com`) && PathPrefix(`/blogs`)" entryPoints: - websecure service: blog-api-svc tls: certResolver: aetoskia middlewares: - blog-api-strip coverage-api: rule: "Host(`api.aetoskia.com`) && PathPrefix(`/coverage`)" entryPoints: - websecure service: coverage-api-svc tls: certResolver: aetoskia middlewares: - coverage-api-strip nakama: rule: "Host(`nakama.aetoskia.com`)" # rule: "Host(`nakama.aetoskia.com`) && !PathPrefix(`/ws`)" entryPoints: - websecure service: nakama-svc tls: certResolver: aetoskia middlewares: - nakama-cors # nakama-ws: # rule: "Host(`nakama.aetoskia.com`) && PathPrefix(`/ws`)" # entryPoints: # - websecure # service: nakama-svc # tls: # certResolver: aetoskia # middlewares: - websocket-headers services: # ---------------------- # HTTP Services # ---------------------- # Landing Page www-svc: loadBalancer: servers: - url: "http://server-pi:3001" # Blog blog-svc: loadBalancer: servers: - url: "http://server-pi:3002" # Games games-svc: loadBalancer: servers: - url: "http://server-pi:3003" # Media plex-svc: loadBalancer: servers: - url: "http://server-pi:32400" sonarr-svc: loadBalancer: servers: - url: "http://server-pi:8989" radarr-svc: loadBalancer: servers: - url: "http://server-pi:7878" bazarr-svc: loadBalancer: servers: - url: "http://server-pi:6767" prowlarr-svc: loadBalancer: servers: - url: "http://server-pi:9696" jellyseerr-svc: loadBalancer: servers: - url: "http://server-pi:5055" ombi-svc: loadBalancer: servers: - url: "http://server-pi:3579" qbit-svc: loadBalancer: servers: - url: "http://server-pi:8080" # Codebase gitea-svc: loadBalancer: servers: - url: "http://private-pi:6002" docs-svc: loadBalancer: servers: - url: "http://server-pi:6007" drone-svc: loadBalancer: servers: - url: "http://server-pi:6003" dcr-svc: loadBalancer: servers: - url: "http://server-pi:6005" registry-svc: loadBalancer: servers: - url: "http://server-pi:6001" pypiserver-svc: loadBalancer: servers: - url: "http://server-pi:6006" # Monitoring netdata-svc: loadBalancer: servers: - url: "http://private-pi:7001" portainer-svc: loadBalancer: servers: - url: "http://private-pi:7002" mongo-express-svc: loadBalancer: servers: - url: "http://private-pi:8001" pgadmin-svc: loadBalancer: servers: - url: "http://private-pi:8002" # ---------------------- # API # ---------------------- blog-api-svc: loadBalancer: servers: - url: "http://server-pi:9001" coverage-api-svc: loadBalancer: servers: - url: "http://server-pi:9002" nakama-svc: loadBalancer: servers: - url: "http://server-pi:7350"