| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 |
- ---
- kind: compose
- metadata:
- name: Traefik
- description: >
- Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
- This template sets up Traefik with automatic HTTPS using Let's Encrypt and can be integrated with Authentik for SSO.
- Project: https://traefik.io/
- Documentation: https://doc.traefik.io/traefik/
- version: v3.2
- author: "Christian Lempa"
- date: "2025-10-02"
- tags:
- - reverse-proxy
- - load-balancer
- spec:
- general:
- title: "General"
- required: true
- vars:
- service_name:
- default: "traefik"
- container_name:
- default: "traefik"
- accesslog_enabled:
- type: "bool"
- description: "Enable Traefik access log"
- default: false
- traefik:
- title: "Traefik Settings"
- description: "Configure Traefik as a reverse proxy"
- required: true
- traefik_tls:
- title: "Traefik TLS Settings"
- description: "Configure TLS/SSL with Let's Encrypt ACME"
- needs: "traefik"
- vars:
- traefik_tls_enabled:
- type: "bool"
- description: "Enable HTTPS/TLS with ACME"
- default: false
- traefik_tls_acme_provider:
- type: "enum"
- description: "ACME DNS challenge provider"
- default: "cloudflare"
- options:
- - "cloudflare"
- extra: "DNS provider for domain validation"
- traefik_tls_acme_token:
- type: "str"
- description: "DNS provider API token"
- default: "your-api-token-here"
- sensitive: true
- extra: "For Cloudflare, create an API token with Zone:DNS:Edit permissions"
- traefik_tls_acme_secret_name:
- type: "str"
- description: "Docker Swarm secret name for API token (swarm mode only)"
- default: "cloudflare_api_token"
- extra: "The secret name to use in Docker Swarm for storing the API token"
- traefik_tls_acme_email:
- type: "str"
- description: "Email address for ACME (Let's Encrypt) registration"
- default: "admin@example.com"
- extra: "Required for Let's Encrypt certificate requests"
- traefik_tls_redirect:
- type: "bool"
- description: "Redirect all HTTP traffic to HTTPS"
- default: true
- ports:
- toggle: "ports_enabled"
- vars:
- traefik_dashboard_enabled:
- type: "bool"
- description: "Enable Traefik dashboard (don't use in production)"
- default: false
- extra: "Exposes dashboard on port 8080 in insecure mode"
- network:
- vars:
- network_enabled:
- default: true
- network_name:
- default: "proxy"
- swarm:
- vars:
- swarm_placement_mode:
- default: "global"
- swarm_placement_host:
- type: str
- description: "Placement constraint for node selection (optional)"
- default: ""
- authentik:
- title: Authentik Middleware
- description: Enable Authentik SSO integration for Traefik
- vars:
- authentik_outpost_url:
- type: "url"
- description: "Authentik outpost URL (e.g., http://authentik-outpost:9000)"
- default: "http://authentik-outpost:9000"
- traefik_authentik_middleware_name:
- type: "str"
- description: "Name of the Authentik middleware"
- default: "authentik"
- extra: "Reference this in router labels as '{name}@file'"
|
