From 2f5050bc676fe1cf072b4f0875fafb5d7629c460 Mon Sep 17 00:00:00 2001 From: kovagoadi Date: Thu, 27 Nov 2025 12:48:20 +0100 Subject: [PATCH] Moved config --- asd.yaml | 21 +++++++++++++ docker-compose.yaml | 73 ++++++++++++++++++++++++--------------------- 2 files changed, 60 insertions(+), 34 deletions(-) create mode 100644 asd.yaml diff --git a/asd.yaml b/asd.yaml new file mode 100644 index 0000000..4bb72ea --- /dev/null +++ b/asd.yaml @@ -0,0 +1,21 @@ +# ./traefik/dynamic_conf.yml + +tcp: + routers: + # Router for HTTPS (Passthrough) + nginx-secure-router: + rule: "HostSNI(`*`)" + service: nginx-secure-service + # Passthrough must be true for SSL to reach Nginx encrypted + tls: + passthrough: true + entryPoints: + - "https" + + services: + # Service defining the external IP + nginx-secure-service: + loadBalancer: + servers: + # This is the actual external IP and Port of your Nginx + - address: "192.168.1.85:443" diff --git a/docker-compose.yaml b/docker-compose.yaml index e1db4fb..2d2cd1c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -19,6 +19,8 @@ services: - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web - --certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json + - "--providers.file.filename=/etc/traefik/dynamic_conf.yml" + - "--providers.file.watch=true" ports: - "${PORT}:80" - "4443:443" @@ -26,6 +28,7 @@ services: volumes: - "/var/run/docker.sock:/var/run/docker.sock:ro" - "./data/letsencrypt:/letsencrypt" + - ./asd.yaml:/etc/traefik/dynamic_conf.yml whoami: image: "traefik/whoami@sha256:200689790a0a0ea48ca45992e0450bc26ccab5307375b41c84dfc4f2475937ab" @@ -41,49 +44,51 @@ services: - traefik.http.routers.https.entrypoints=https - traefik.http.routers.https.tls=true - traefik.http.routers.https.tls.certresolver=letsencrypt - catchall-shim: - image: traefik/whoami - labels: - - "traefik.enable=true" + # catchall-shim: + # image: traefik/whoami + # networks: + # - proxy + # labels: + # - "traefik.enable=true" - # ------------------------------------------------------- - # 1. HTTPS Handling (TCP Passthrough) -> Port 443 - # ------------------------------------------------------- + # # ------------------------------------------------------- + # # 1. HTTPS Handling (TCP Passthrough) -> Port 443 + # # ------------------------------------------------------- - # Use a TCP Router for Port 443 - - "traefik.tcp.routers.catchall-https.entrypoints=https" + # # Use a TCP Router for Port 443 + # - "traefik.tcp.routers.https.entrypoints=https" - # Match Any Domain (Wildcard SNI) - - "traefik.tcp.routers.catchall-https.rule=HostSNI(`*`)" + # # Match Any Domain (Wildcard SNI) + # - "traefik.tcp.routers.https.rule=HostSNI(`*`)" - # CRITICAL: Passthrough = true - # Traefik will NOT decrypt. It passes the encrypted stream to Nginx. - - "traefik.tcp.routers.catchall-https.tls.passthrough=true" + # # CRITICAL: Passthrough = true + # # Traefik will NOT decrypt. It passes the encrypted stream to Nginx. + # - "traefik.tcp.routers.https.tls.passthrough=true" - # Low priority so other specific routes in Traefik override this - # - "traefik.tcp.routers.catchall-https.priority=1" + # # Low priority so other specific routes in Traefik override this + # - "traefik.tcp.routers.catchall-https.priority=1" - # Point to the Nginx service - - "traefik.tcp.routers.catchall-https.service=nginx-backend-secure" + # # Point to the Nginx service + # - "traefik.tcp.routers.https.service=nginx-backend-secure" - # Define the destination IP for HTTPS (Note: 'server.address', not 'url') - # Replace 192.168.1.100 with your Nginx IP - - "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.address=192.168.1.85:443" - - "env=${ENV}" + # # Define the destination IP for HTTPS (Note: 'server.address', not 'url') + # # Replace 192.168.1.100 with your Nginx IP + # - "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.address=192.168.1.85" + # - "traefik.tcp.services.nginx-backend-secure.loadbalancer.server.port=443" + # - "env=${ENV}" + # # ------------------------------------------------------- + # # 2. HTTP Handling (Standard Proxy) -> Port 80 + # # ------------------------------------------------------- + # # Since HTTP is unencrypted, we can use a standard HTTP router. + # # This forwards the request to Nginx port 80 (for Certbot challenges/redirects). - # ------------------------------------------------------- - # 2. HTTP Handling (Standard Proxy) -> Port 80 - # ------------------------------------------------------- - # Since HTTP is unencrypted, we can use a standard HTTP router. - # This forwards the request to Nginx port 80 (for Certbot challenges/redirects). + # # - "traefik.http.routers.catchall-http.entrypoints=web" + # # - "traefik.http.routers.catchall-http.rule=PathPrefix(`/`)" + # # # - "traefik.http.routers.catchall-http.priority=1" + # # - "traefik.http.routers.catchall-http.service=nginx-backend-plain" - - "traefik.http.routers.catchall-http.entrypoints=web" - - "traefik.http.routers.catchall-http.rule=PathPrefix(`/`)" - # - "traefik.http.routers.catchall-http.priority=1" - - "traefik.http.routers.catchall-http.service=nginx-backend-plain" - - # Define the destination IP for HTTP - - "traefik.http.services.nginx-backend-plain.loadbalancer.server.url=http://192.168.1.85:80" + # # # Define the destination IP for HTTP + # # - "traefik.http.services.nginx-backend-plain.loadbalancer.server.url=http://192.168.1.85:80" networks: proxy: