diff --git a/servers/containers/conduwuit-testing.container b/servers/containers/conduwuit-testing.container index 363081f6..b4e23c14 100644 --- a/servers/containers/conduwuit-testing.container +++ b/servers/containers/conduwuit-testing.container @@ -24,9 +24,6 @@ Label="traefik.http.services.conduwuit-testing.loadbalancer.server.port=6167" Label="traefik.http.routers.conduwuit-testing.entrypoints=https,matrix" -Label="traefik.http.routers.conduwuit-testing.tls.certresolver=letsencrypt" -# Label="traefik.http.routers.conduwuit-testing.tls.options=intermediate@file" - Label="traefik.http.routers.conduwuit-testing.middlewares=default@file" Label="homepage.group=Public" diff --git a/servers/containers/conduwuit.container b/servers/containers/conduwuit.container index dcc1ee5c..f24641e9 100644 --- a/servers/containers/conduwuit.container +++ b/servers/containers/conduwuit.container @@ -24,9 +24,6 @@ Label="traefik.http.services.conduwuit.loadbalancer.server.port=6167" Label="traefik.http.routers.conduwuit.entrypoints=https,matrix" -Label="traefik.http.routers.conduwuit.tls.certresolver=letsencrypt" -# Label="traefik.http.routers.conduwuit.tls.options=intermediate@file" - Label="traefik.http.routers.conduwuit.middlewares=default@file" Label="homepage.group=Public" diff --git a/servers/containers/domain-redirects.container b/servers/containers/domain-redirects.container index 6fd29612..b026fcb3 100644 --- a/servers/containers/domain-redirects.container +++ b/servers/containers/domain-redirects.container @@ -27,7 +27,6 @@ Environment="REDIRECT_TYPE=redirect" Label="traefik.http.routers.domain-redirects.tls.certresolver=letsencrypt" Label="traefik.http.routers.domain-redirects.tls.domains[0].main=ellis.link" Label="traefik.http.routers.domain-redirects.tls.domains[0].sans=*.ellis.link" -# Label="traefik.http.routers.domain-redirects.tls.options=intermediate@file" Label="traefik.http.routers.domain-redirects.middlewares=default@file" # Label="traefik.http.routers.domain-redirects.middlewares=ellis-link-redirect,joel-ellis-link-redirect,default@file" diff --git a/servers/containers/element-web.container b/servers/containers/element-web.container index c5475077..bd7b18a9 100644 --- a/servers/containers/element-web.container +++ b/servers/containers/element-web.container @@ -22,9 +22,6 @@ Label="traefik.http.services.element-web.loadbalancer.server.port=80" Label="traefik.http.routers.element-web.entrypoints=https" -Label="traefik.http.routers.element-web.tls.certresolver=letsencrypt" -# Label="traefik.http.routers.element-web.tls.options=intermediate@file" - Label="traefik.http.routers.element-web.middlewares=default@file" Label="homepage.group=Services" diff --git a/servers/containers/homepage.container b/servers/containers/homepage.container index dd393ce7..a1803a68 100644 --- a/servers/containers/homepage.container +++ b/servers/containers/homepage.container @@ -19,9 +19,6 @@ Label="traefik.enable=true" Label="traefik.http.routers.homepage.rule=Host(`homepage.ellis.link`)" Label="traefik.http.routers.homepage.entrypoints=https" -Label="traefik.http.routers.homepage.tls.certresolver=letsencrypt" - - Label="traefik.http.middlewares.compress.compress=true" Label="traefik.http.middlewares.hsts.headers.stsincludesubdomains=false" diff --git a/servers/containers/jade-website-frontend.container b/servers/containers/jade-website-frontend.container index 714e3ea1..745e4dad 100644 --- a/servers/containers/jade-website-frontend.container +++ b/servers/containers/jade-website-frontend.container @@ -33,9 +33,6 @@ Label="traefik.http.routers.jade-website-frontend.rule=(Host(`jade.ellis.link`) Label="traefik.http.routers.jade-website-frontend.entrypoints=https" -Label="traefik.http.routers.jade-website-frontend.tls.certresolver=letsencrypt" -# Label="traefik.http.routers.jade-website-frontend.tls.options=intermediate@file" - Label="traefik.http.routers.jade-website-frontend.middlewares=default@file" Label="homepage.group=Public" diff --git a/servers/containers/kanidm.container b/servers/containers/kanidm.container index d11a3c5e..4eeaf3fa 100644 --- a/servers/containers/kanidm.container +++ b/servers/containers/kanidm.container @@ -33,8 +33,6 @@ Label="traefik.http.routers.kanidm.service=kanidm" # Label="traefik.tcp.routers.kanidm-tcp.rule=HostSNI(`idm.ellis.link`)" # Label="traefik.tcp.routers.kanidm-tcp.service=kanidm" -Label="traefik.http.routers.kanidm.tls.certresolver=letsencrypt" - # Kanidm is a bit odd here Label="traefik.http.services.kanidm.loadbalancer.server.port=8443" Label="traefik.http.services.kanidm.loadbalancer.server.scheme=https" diff --git a/servers/containers/maubot.container b/servers/containers/maubot.container index 8c94b27e..5608cfa7 100644 --- a/servers/containers/maubot.container +++ b/servers/containers/maubot.container @@ -22,9 +22,6 @@ Label="traefik.http.services.maubot.loadbalancer.server.port=29316" Label="traefik.http.routers.maubot.entrypoints=https" -Label="traefik.http.routers.maubot.tls.certresolver=letsencrypt" -# Label="traefik.http.routers.maubot.tls.options=intermediate@file" - Label="traefik.http.routers.maubot.middlewares=default@file" Label="homepage.group=Services" diff --git a/servers/containers/mautrix-discord.container b/servers/containers/mautrix-discord.container index 55d9a25f..a116b378 100644 --- a/servers/containers/mautrix-discord.container +++ b/servers/containers/mautrix-discord.container @@ -20,9 +20,6 @@ Label="traefik.http.routers.mautrix-discord.rule=Host(`mautrix-discord.ellis.lin Label="traefik.http.routers.mautrix-discord.entrypoints=https" Label="traefik.http.services.mautrix-discord.loadbalancer.server.port=29334" -Label="traefik.http.routers.mautrix-discord.tls.certresolver=letsencrypt" -# Label="traefik.http.routers.mautrix-discord.tls.options=intermediate@file" - Label="traefik.http.routers.mautrix-discord.middlewares=default@file" Label="homepage.group=Services" diff --git a/servers/containers/mautrix-gmessages.container b/servers/containers/mautrix-gmessages.container index 4752be55..cc4a2add 100644 --- a/servers/containers/mautrix-gmessages.container +++ b/servers/containers/mautrix-gmessages.container @@ -18,9 +18,6 @@ Label="traefik.http.routers.mautrix-gmessages.rule=Host(`mautrix-gmessages.ellis Label="traefik.http.routers.mautrix-gmessages.entrypoints=https" Label="traefik.http.services.mautrix-gmessages.loadbalancer.server.port=29334" -Label="traefik.http.routers.mautrix-gmessages.tls.certresolver=letsencrypt" -# Label="traefik.http.routers.mautrix-gmessages.tls.options=intermediate@file" - Label="traefik.http.routers.mautrix-gmessages.middlewares=default@file" Label="homepage.group=Services" diff --git a/servers/containers/sentry-relay.container b/servers/containers/sentry-relay.container index a220b9a1..2b9ccdaf 100644 --- a/servers/containers/sentry-relay.container +++ b/servers/containers/sentry-relay.container @@ -25,9 +25,6 @@ Label="traefik.http.routers.sentry-relay.rule=Host(`relay.ellis.link`)" Label="traefik.http.routers.sentry-relay.entrypoints=https" -Label="traefik.http.routers.sentry-relay.tls.certresolver=letsencrypt" -# Label="traefik.http.routers.sentry-relay.tls.options=intermediate@file" - Label="traefik.http.routers.sentry-relay.middlewares=default@file" diff --git a/servers/containers/thelounge.container b/servers/containers/thelounge.container index d5e1a247..b81e09fd 100644 --- a/servers/containers/thelounge.container +++ b/servers/containers/thelounge.container @@ -18,9 +18,6 @@ Label="traefik.http.routers.thelounge.rule=Host(`thelounge.ellis.link`)" Label="traefik.http.services.thelounge.loadbalancer.server.port=9000" Label="traefik.http.routers.thelounge.entrypoints=https" -Label="traefik.http.routers.thelounge.tls.certresolver=letsencrypt" - - Label="traefik.http.middlewares.compress.compress=true" Label="traefik.http.middlewares.hsts.headers.stsincludesubdomains=false" diff --git a/servers/containers/traefik.container b/servers/containers/traefik.container index f1661b73..75e63b93 100644 --- a/servers/containers/traefik.container +++ b/servers/containers/traefik.container @@ -19,10 +19,12 @@ IP6=fd76:6f6d:f45e:ea1a::15 # HTTP(S) PublishPort=0.0.0.0:80:80/tcp +PublishPort=0.0.0.0:80:80/udp PublishPort=0.0.0.0:443:443/tcp PublishPort=0.0.0.0:443:443/udp PublishPort=[::]:80:80/tcp +PublishPort=[::]:80:80/udp PublishPort=[::]:443:443/tcp PublishPort=[::]:443:443/udp @@ -34,21 +36,21 @@ PublishPort=[::]:8448:8448/udp # SMTP PublishPort=0.0.0.0:25:25/tcp -PublishPort=0.0.0.0:25:25/udp +# PublishPort=0.0.0.0:25:25/udp PublishPort=[::]:25:25/tcp -PublishPort=[::]:25:25/udp +# PublishPort=[::]:25:25/udp # SMTPS PublishPort=0.0.0.0:465:465/tcp -PublishPort=0.0.0.0:465:465/udp +# PublishPort=0.0.0.0:465:465/udp PublishPort=[::]:465:465/tcp -PublishPort=[::]:465:465/udp +# PublishPort=[::]:465:465/udp # IMAPS PublishPort=0.0.0.0:465:465/tcp -PublishPort=0.0.0.0:465:465/udp +# PublishPort=0.0.0.0:465:465/udp PublishPort=[::]:465:465/tcp -PublishPort=[::]:465:465/udp +# PublishPort=[::]:465:465/udp ReadOnly=true Volume=/run/podman/podman.sock:/var/run/docker.sock:z @@ -66,7 +68,7 @@ Network=web.network # IP=176.126.240.240 # IP6=fe80::9724:38eb:9b0f:df7c -Exec=traefik --configFile=/etc/traefik/config.toml +Exec=traefik --configFile=/etc/traefik/config.yml Environment="CF_DNS_API_TOKEN=OzdeI-Km-mI3_WlSOO83Zu0id7rmdd0k2QhOoGNE" diff --git a/servers/containers/web.network b/servers/containers/web.network index 98f954e4..d4a5508c 100644 --- a/servers/containers/web.network +++ b/servers/containers/web.network @@ -2,6 +2,7 @@ DisableDNS=false Internal=false IPv6=true -# Manual subnet to avoid issues with DNS resolution -# Subnet=10.89.1.0/24 -# Gateway=10.89.1.1 \ No newline at end of file +Subnet=10.89.0.0/24 +Gateway=10.89.0.1 +Subnet=fd76:6f6d:f45e:ea1a::/64 +Gateway=fd76:6f6d:f45e:ea1a::1 \ No newline at end of file diff --git a/servers/traefik/config.toml b/servers/traefik/config.toml deleted file mode 100644 index 37dc99dc..00000000 --- a/servers/traefik/config.toml +++ /dev/null @@ -1,70 +0,0 @@ -[log] -level = "INFO" -# [ping] - -[providers.docker] -exposedbydefault = false -[providers.file] -directory="/etc/traefik/additional/" -watch=true - -[entrypoints.http] -address = ":80" -[entrypoints.https] -address = ":443" -[entrypoints.https.http3] - -[entrypoints.matrix] -address = ":8448" -[entrypoints.matrix.http3] - -[entryPoints.http.proxyProtocol] -insecure = false -trustedIPs = [ ] - -[entryPoints.http.forwardedHeaders] -insecure = false -trustedIPs = [ ] - -[entryPoints.https.proxyProtocol] -insecure = false -trustedIPs = [ ] - -[entryPoints.https.forwardedHeaders] -insecure = false -trustedIPs = [ ] - -[entryPoints.matrix.proxyProtocol] -insecure = false -trustedIPs = [ ] - -[entryPoints.matrix.forwardedHeaders] -insecure = false -trustedIPs = [ ] - -[entrypoints.http.http.redirections.entryPoint] -to="https" -scheme = "https" - -[http.middlewares] -[http.middlewares.traefik-compress.compress] - -[http.routers.http] -middlewares = "traefik-compress" -[http.routers.https] -middlewares = "traefik-compress" -[http.routers.traefik] -middlewares = "traefik-compress" -# [entryPoints.traefik] -# address = ":9000" - - -[certificatesresolvers.letsencrypt.acme] -email = 'jade@ellis.link' -storage = "/certificates/acme.json" - -# - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" -# - "--certificatesresolvers.letsencrypt.acme.httpChallenge.entryPoint=http" -# tlschallenge = true -[certificatesresolvers.letsencrypt.acme.dnschallenge] -provider = "cloudflare" diff --git a/servers/traefik/config.yml b/servers/traefik/config.yml new file mode 100644 index 00000000..39f39922 --- /dev/null +++ b/servers/traefik/config.yml @@ -0,0 +1,82 @@ +global: + checkNewVersion: false +log: + level: INFO +providers: + docker: + exposedbydefault: false + file: + directory: /etc/traefik/additional/ + watch: true +entrypoints: + http: + address: :80 + http3: {} + http: + redirections: + entryPoint: + to: https + scheme: https + # proxyProtocol: + # insecure: false + # trustedIPs: [] + # forwardedHeaders: + # insecure: false + # trustedIPs: [] + https: + address: :443 + http3: {} + # proxyProtocol: + # insecure: false + # trustedIPs: [] + # forwardedHeaders: + # insecure: false + # trustedIPs: [] + http: + tls: + certResolver: letsencrypt + matrix: + address: :8448 + http3: {} + # proxyProtocol: + # insecure: false + # trustedIPs: [] + # forwardedHeaders: + # insecure: false + # trustedIPs: [] + smtp: + address: :25 + proxyProtocol: + trustedIPs: # Trust IPs from inside the "web" network + - 10.89.0.0/24 + - fd76:6f6d:f45e:ea1a::/64 + smtps: + address: :465 + proxyProtocol: + trustedIPs: + - 10.89.0.0/24 + - fd76:6f6d:f45e:ea1a::/64 + imaps: + address: :993 + proxyProtocol: + trustedIPs: + - 10.89.0.0/24 + - fd76:6f6d:f45e:ea1a::/64 +http: + middlewares: + traefik-compress: + compress: {} + routers: + http: + middlewares: traefik-compress + https: + middlewares: traefik-compress + traefik: + middlewares: traefik-compress +certificatesresolvers: + letsencrypt: + acme: + email: jade@ellis.link + storage: /certificates/acme.json + dnschallenge: + provider: cloudflare