Главная Обзор Помощь
Вход
LBP
/
ChristianLempa_Boilerplates
зеркало из https://github.com/ChristianLempa/boilerplates.git
4
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: 928cdd2704
Ветки Метки
ChristianLempa_...
/
library
/
compose
/
traefik
/
template.yaml

template.yaml 4.7 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 
  1. ---
    2. 

  2. kind: compose
    3. 

  3. schema: "1.1"
    4. 

  4. metadata:
    5. 

  5.   name: Traefik
    6. 

  6.   description: >
    7. 

  7.     Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
    8. 

  8.     This template sets up Traefik with automatic HTTPS using Let's Encrypt and can be integrated with Authentik for SSO.
    9. 

  9. 

  10. 

  11.     Project: https://traefik.io/
    12. 

  12. 

  13.     Documentation: https://doc.traefik.io/traefik/
    14. 

  14.   version: v3.5.3
    15. 

  15.   author: "Christian Lempa"
    16. 

  16.   date: "2025-10-02"
    17. 

  17.   tags:
    18. 

  18.     - reverse-proxy
    19. 

  19.     - load-balancer
    20. 

  20.   next_steps: |
    21. 

  21.     1. Start Traefik:
    22. 

  22.        docker compose up -d
    23. 

  23. spec:
    24. 

  24.   general:
    25. 

  25.     title: "General"
    26. 

  26.     required: true
    27. 

  27.     vars:
    28. 

  28.       service_name:
    29. 

  29.         default: "traefik"
    30. 

  30.       container_name:
    31. 

  31.         default: "traefik"
    32. 

  32.       container_hostname:
    33. 

  33.         default: "traefik"
    34. 

  34.   ports:
    35. 

  35.     needs: []
    36. 

  36.     vars:
    37. 

  37.       ports_http:
    38. 

  38.         type: "int"
    39. 

  39.         description: "HTTP port (external)"
    40. 

  40.         default: 80
    41. 

  41.         extra: "Maps to entrypoint 'web' (port 80)"
    42. 

  42.       ports_https:
    43. 

  43.         type: "int"
    44. 

  44.         description: "HTTPS port (external)"
    45. 

  45.         default: 443
    46. 

  46.         extra: "Maps to entrypoint 'websecure' (port 443)"
    47. 

  47.       ports_dashboard:
    48. 

  48.         type: "int"
    49. 

  49.         description: "Dashboard port (external)"
    50. 

  50.         default: 8080
    51. 

  51.         extra: "Only used when dashboard is enabled"
    52. 

  52.   traefik:
    53. 

  53.     title: "Settings"
    54. 

  54.     needs: []
    55. 

  55.     vars:
    56. 

  56.       traefik_network:
    57. 

  57.         type: "str"
    58. 

  58.         description: "Traefik network name"
    59. 

  59.         default: "traefik"
    60. 

  60.         extra: "Network that Traefik uses to connect to services"
    61. 

  61.       traefik_network_external:
    62. 

  62.         type: "bool"
    63. 

  63.         description: "Use existing Docker network (external)"
    64. 

  64.         default: false
    65. 

  65.       traefik_entrypoint:
    66. 

  66.         type: "str"
    67. 

  67.         description: "HTTP entrypoint (non-TLS)"
    68. 

  68.         default: "web"
    69. 

  69.       dashboard_enabled:
    70. 

  70.         type: "bool"
    71. 

  71.         description: "Enable Traefik dashboard"
    72. 

  72.         default: false
    73. 

  73.         extra: "WARNING: Don't use in production!"
    74. 

  74.       accesslog_enabled:
    75. 

  75.         type: "bool"
    76. 

  76.         description: "Enable Traefik access log"
    77. 

  77.         default: false
    78. 

  78.       prometheus_enabled:
    79. 

  79.         type: "bool"
    80. 

  80.         description: "Enable Prometheus metrics"
    81. 

  81.         default: false
    82. 

  82.         extra: "Exposes metrics on internal port 9090 (not publicly exposed)"
    83. 

  83.   traefik_tls:
    84. 

  84.     title: "TLS Settings"
    85. 

  85.     needs: []
    86. 

  86.     vars:
    87. 

  87.       traefik_tls_enabled:
    88. 

  88.         type: "bool"
    89. 

  89.         description: "Enable HTTPS/TLS with ACME"
    90. 

  90.         default: false
    91. 

  91.       traefik_tls_entrypoint:
    92. 

  92.         type: "str"
    93. 

  93.         description: "TLS entrypoint"
    94. 

  94.         default: "websecure"
    95. 

  95.       traefik_tls_certresolver:
    96. 

  96.         type: "str"
    97. 

  97.         description: "Traefik certificate resolver name"
    98. 

  98.         default: "cloudflare"
    99. 

  99.       traefik_tls_acme_provider:
    100. 

  100.         type: "enum"
    101. 

  101.         description: "ACME DNS challenge provider"
    102. 

  102.         default: "cloudflare"
    103. 

  103.         options:
    104. 

  104.           - "cloudflare"
    105. 

  105.         extra: "DNS provider for domain validation"
    106. 

  106.       traefik_tls_acme_token:
    107. 

  107.         type: "str"
    108. 

  108.         description: "DNS provider API token"
    109. 

  109.         sensitive: true
    110. 

  110.       traefik_tls_acme_email:
    111. 

  111.         type: "str"
    112. 

  112.         description: "Email address for ACME (Let's Encrypt) registration"
    113. 

  113.         default: "admin@example.com"
    114. 

  114.         extra: "Required for Let's Encrypt certificate requests"
    115. 

  115.       traefik_tls_redirect:
    116. 

  116.         type: "bool"
    117. 

  117.         description: "Redirect all HTTP traffic to HTTPS"
    118. 

  118.         default: true
    119. 

  119.       traefik_tls_min_version:
    120. 

  120.         type: "enum"
    121. 

  121.         description: "Minimum TLS version"
    122. 

  122.         default: "VersionTLS12"
    123. 

  123.         options:
    124. 

  124.           - "VersionTLS12"
    125. 

  125.           - "VersionTLS13"
    126. 

  126.         extra: "TLS 1.2 is recommended for compatibility, TLS 1.3 for maximum security"
    127. 

  127.       traefik_tls_secure_ciphers:
    128. 

  128.         type: "bool"
    129. 

  129.         description: "Enable strict cipher suites (recommended)"
    130. 

  130.         default: true
    131. 

  131.         extra: "Enforces modern, secure cipher suites"
    132. 

  132.       traefik_tls_skipverify:
    133. 

  133.         type: "bool"
    134. 

  134.         description: "Skip TLS verification for backend servers"
    135. 

  135.         default: false
    136. 

  136.         extra: "WARNING: Only enable for self-signed certificates in trusted environments"
    137. 

  137.   swarm:
    138. 

  138.     needs: []
    139. 

  139.     vars:
    140. 

  140.       traefik_tls_acme_secret_name:
    141. 

  141.         type: "str"
    142. 

  142.         description: "Docker Swarm secret name for API token"
    143. 

  143.         default: "cloudflare_api_token"
    144. 

  144.   authentik:
    145. 

  145.     title: Authentik Middleware
    146. 

  146.     description: Enable Authentik SSO integration for Traefik
    147. 

  147.     vars:
    148. 

  148.       authentik_outpost_url:
    149. 

  149.         type: "url"
    150. 

  150.         description: "Authentik outpost URL (e.g., http://authentik-outpost:9000)"
    151. 

  151.         default: "http://authentik-outpost:9000"
    152. 

  152.       traefik_authentik_middleware_name:
    153. 

  153.         type: "str"
    154. 

  154.         description: "Name of the Authentik middleware"
    155. 

  155.         default: "authentik"
    156. 

  156.         extra: "Reference this in router labels as '{name}@file'"
    157.