skrd/server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualizando configuracion de stacks

Browse Source
This commit is contained in:
Daniel Cortés
2026-02-16 07:51:58 -03:00
parent e425b0c137
commit daccaf3819
49 changed files with 503 additions and 430 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
stacks/traefik/.env.example Normal file
View File

@@ -0,0 +1,6 @@
DATA_ROOT="./data"
DYNAMIC_DIR="./dynamic"
CF_API_EMAIL=email@example.com
CF_DNS_API_TOKEN=secret
CROWDSEC_LAPI_KEY="secret"

17
stacks/traefik/trafik.yml → stacks/traefik/compose.yml
View File

@@ -1,20 +1,30 @@
services:
traefik:
image: traefik:v3.5
restart: unless-stopped
command:
- "--log.level=DEBUG"
- "--accesslog=true"
- "--accesslog.filepath=/logs/traefik-access.log"
- "--accesslog.format=json"
- "--accesslog.filters.statusCodes=200-299, 400-599"
- "--accesslog.bufferingSize=0"
- "--accesslog.fields.headers.defaultMode=drop"
- "--accesslog.fields.headers.names.User-Agent=keep"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.directory=/dynamic"
- "--providers.file.watch=true"
- "--serversTransport.insecureSkipVerify=true"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.cf.acme.dnschallenge=true"
- "--certificatesresolvers.cf.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.cf.acme.email=tls@skrd.fun"
- "--certificatesresolvers.cf.acme.storage=/letsencrypt/acme.json"
- "--experimental.plugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
- "--experimental.plugins.bouncer.version=v1.4.6"
ports:
- "80:80"
- "443:443"
@@ -28,11 +38,12 @@ services:
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.dashboard.tls.certresolver=cf"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=local-only@file"
- "traefik.http.routers.dashboard.middlewares=local-only@file, crowdsec@file"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/letsencrypt:/letsencrypt"
- "/srv/dev-disk-by-uuid-1582b800-1f82-407a-a3aa-3460b3390127/docker/traefik/dynamic:/dynamic"
- "${DYNAMIC_DIR}:/dynamic"
- "${DATA_ROOT}/traefik/letsencrypt:/letsencrypt"
- "${DATA_ROOT}/traefik/logs:/logs"
environment:
CF_API_EMAIL: "${CF_API_EMAIL}"
CF_DNS_API_TOKEN: "${CF_DNS_API_TOKEN}"

41
stacks/traefik/dynamic/crafty.yml Normal file
View File

@@ -0,0 +1,41 @@
http:
routers:
crafty-web:
rule: Host(`crafty.skrd.fun`)
entryPoints:
- web
middlewares:
- redirect-to-https
service: noop
crafty:
rule: Host(`crafty.skrd.fun`)
entryPoints:
- websecure
service: crafty-svc
tls:
certResolver: cf
middlewares:
- crafty-headers
services:
crafty-svc:
loadBalancer:
servers:
- url: "https://192.168.3.3:8443"
serversTransport: crafty-transport
noop:
loadBalancer:
servers:
- url: "http://0.0.0.0"
middlewares:
crafty-headers:
headers:
customRequestHeaders:
X-Forwarded-Proto: https
serversTransports:
crafty-transport:
insecureSkipVerify: true

3
stacks/traefik/dynamic/home-assistant.yml
View File

@@ -5,7 +5,6 @@ http:
entryPoints:
- web
middlewares:
- local-only
- redirect-to-https
service: noop
home-assistant:
@@ -15,8 +14,6 @@ http:
service: home-assistant-svc
tls:
certResolver: cf
middlewares:
- local-only
services:
home-assistant-svc:
loadBalancer:

22
stacks/traefik/dynamic/middlewares.yml
View File

@@ -12,3 +12,25 @@ http:
replacePathRegex:
regex: ^/$
replacement: /admin/
crowdsec:
plugin:
bouncer:
enabled: true
defaultDecisionSeconds: 60
crowdsecMode: live
crowdsecAppsecEnabled: true
crowdsecAppsecHost: crowdsec:7422
crowdsecAppsecFailureBlock: true
crowdsecAppsecUnreachableBlock: true
crowdsecLapiKey: mvBM8BzhJ1/P8Lcb72gsIn5JNgQCzwsRSKNuBJqJ/0Q
crowdsecLapiHost: crowdsec:8080
crowdsecLapiScheme: http
crowdsecLapiTLSInsecureVerify: false
forwardedHeadersTrustedIPs:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
clientTrustedIPs:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16