From d1c4cb462ad26973f3e8eca7f1a3f4d9564cdc15 Mon Sep 17 00:00:00 2001
From: meftimes <all.content@slmail.me>
Date: Sun, 6 Aug 2023 11:15:39 -0400
Subject: [PATCH] added traefik

---
 traefik/.env                |  2 ++
 traefik/config/acme.json    |  0
 traefik/config/dynamic.yaml | 22 ++++++++++++++++++++
 traefik/config/traefik.yaml | 41 +++++++++++++++++++++++++++++++++++++
 traefik/traefik.yml         | 35 +++++++++++++++++++++++++++++++
 5 files changed, 100 insertions(+)
 create mode 100644 traefik/.env
 create mode 100644 traefik/config/acme.json
 create mode 100644 traefik/config/dynamic.yaml
 create mode 100644 traefik/config/traefik.yaml
 create mode 100644 traefik/traefik.yml

diff --git a/traefik/.env b/traefik/.env
new file mode 100644
index 0000000..d8f17fd
--- /dev/null
+++ b/traefik/.env
@@ -0,0 +1,2 @@
+CF_API_EMAIL=email_goes_here
+CF_DNS_API_TOKEN=token_goes_here
diff --git a/traefik/config/acme.json b/traefik/config/acme.json
new file mode 100644
index 0000000..e69de29
diff --git a/traefik/config/dynamic.yaml b/traefik/config/dynamic.yaml
new file mode 100644
index 0000000..b32ebdb
--- /dev/null
+++ b/traefik/config/dynamic.yaml
@@ -0,0 +1,22 @@
+http:
+  middlewares:
+    authelia:
+      forwardAuth:
+        address: "http://authelia:9091/api/verify?rd=https://authelia.meftimes.com"
+    user-auth:
+      basicAuth:
+        users:
+          - "admin:{SHA}XIaqHrLff+jBeOIUMhwcdUxMxjA="
+
+tls:
+  options:
+    default:
+      minVersion: "VersionTLS12"
+      cipherSuites:
+        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+        - TLS_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_RSA_WITH_AES_256_CBC_SHA
diff --git a/traefik/config/traefik.yaml b/traefik/config/traefik.yaml
new file mode 100644
index 0000000..8211674
--- /dev/null
+++ b/traefik/config/traefik.yaml
@@ -0,0 +1,41 @@
+api:
+  dashboard: true
+
+entryPoints:
+  web:
+    address: :80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true
+
+  websecure:
+    address: :443
+    http:
+      tls:
+        certResolver: letsencrypt
+        domains:
+          - main: meftimes.com
+            sans: 
+          - "*.meftimes.com"
+
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    exposedByDefault: false
+    watch: true
+    network: proxy
+      #defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.meftimes.com`)" # would be nice to get working
+  file:
+    filename: /config/dynamic.yaml
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      email: all.other@slmail.me
+      storage: acme.json
+      keyType: EC384
+      dnsChallenge:
+        provider: cloudflare
diff --git a/traefik/traefik.yml b/traefik/traefik.yml
new file mode 100644
index 0000000..0591e85
--- /dev/null
+++ b/traefik/traefik.yml
@@ -0,0 +1,35 @@
+version: "3"
+
+services:
+  traefik:
+    image: traefik:latest
+    container_name: traefik
+    restart: unless-stopped
+    env_file:
+      - .env
+    security_opt:
+      - no-new-privileges:true
+    networks:
+      - proxy
+      - monitoring
+    ports:
+      - 80:80
+      - 443:443
+    volumes:
+      - /etc/localtime:/etc/localtime:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./config/traefik.yaml:/traefik.yml:ro
+      - ./config/acme.json:/acme.json
+      - ./config:/config
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.traefik.entrypoints=websecure"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.meftimes.com`)" 
+      - "traefik.http.routers.traefik.middlewares=authelia@docker" 
+      - "traefik.http.routers.traefik.service=api@internal"
+
+networks:
+  proxy:
+    external: true
+  monitoring:
+    external: true