LBP
/
ChristianLempa_Boilerplates
mirror of https://github.com/ChristianLempa/boilerplates.git


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
							---
kind: compose
metadata:
  name: Traefik
  description: >
    Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
    This template sets up Traefik with automatic HTTPS using Let's Encrypt and can be integrated with Authentik for SSO.


    Project: https://traefik.io/

    Documentation: https://doc.traefik.io/traefik/
  version: v3.2
  author: "Christian Lempa"
  date: "2025-10-02"
  tags:
    - traefik
    - reverse-proxy
    - load-balancer
    - edge-router
spec:
  general:
    title: "General"
    required: true
    vars:
      accesslog_enabled:
        type: "bool"
        description: "Enable Traefik access log"
        default: false
  traefik:
    title: "Traefik Settings"
    description: "Configure Traefik as a reverse proxy"
    required: true
  traefik_tls:
    title: "Traefik TLS Settings"
    description: "Configure TLS/SSL with Let's Encrypt ACME"
    needs: "traefik"
    vars:
      traefik_tls_enabled:
        type: "bool"
        description: "Enable HTTPS/TLS with ACME"
        default: false
      traefik_tls_acme_provider:
        type: "enum"
        description: "ACME DNS challenge provider"
        default: "cloudflare"
        options:
          - "cloudflare"
        extra: "DNS provider for domain validation"
      traefik_tls_acme_token:
        type: "str"
        description: "DNS provider API token"
        default: "your-api-token-here"
        sensitive: true
        extra: "For Cloudflare, create an API token with Zone:DNS:Edit permissions"
      traefik_tls_acme_email:
        type: "str"
        description: "Email address for ACME (Let's Encrypt) registration"
        default: "admin@example.com"
        extra: "Required for Let's Encrypt certificate requests"
      traefik_tls_redirect:
        type: "bool"
        description: "Redirect all HTTP traffic to HTTPS"
        default: true
  ports:
    name: "Ports"
    prompt: "Expose ports via 'ports' mapping?"
    toggle: "ports_enabled"
    vars:
      ports_enabled:
        type: "bool"
        description: "Expose ports via 'ports' mapping"
        default: true
      traefik_dashboard_enabled:
        type: "bool"
        description: "Enable Traefik dashboard (don't use in production)"
        default: false
        extra: "Exposes dashboard on port 8080 in insecure mode"
  network:
    vars:
      network_enabled:
        default: true
      network_name:
        default: "proxy"
  authentik:
    title: Authentik Middleware
    description: Enable Authentik SSO integration for Traefik
    vars:
      authentik_outpost_url:
        type: "url"
        description: "Authentik outpost URL (e.g., http://authentik-outpost:9000)"
        default: "http://authentik-outpost:9000"
      traefik_authentik_middleware_name:
        type: "str"
        description: "Name of the Authentik middleware"
        default: "authentik"
        extra: "Reference this in router labels as '{name}@file'"