67 lines
1.5 KiB
YAML
67 lines
1.5 KiB
YAML
http:
|
|
#region routers
|
|
routers:
|
|
homeassistant:
|
|
entryPoints:
|
|
- "https"
|
|
rule: "Host(`hass.YOURDOMAIN.com`)"
|
|
middlewares:
|
|
- default-headers
|
|
tls: {}
|
|
service: homeassistant
|
|
|
|
|
|
#region services
|
|
services:
|
|
homeassistant:
|
|
loadBalancer:
|
|
servers:
|
|
- url: "http://IP_ADDRESS_OF_HOMEASSISTANT_SERVER:PORT_OF_HOMEASSISTANT"
|
|
passHostHeader: true
|
|
|
|
|
|
#endregion
|
|
middlewares:
|
|
https-redirect:
|
|
redirectScheme:
|
|
scheme: https
|
|
|
|
default-headers:
|
|
headers:
|
|
frameDeny: true
|
|
sslRedirect: true
|
|
browserXssFilter: true
|
|
contentTypeNosniff: true
|
|
forceSTSHeader: true
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
stsSeconds: 15552000
|
|
customFrameOptionsValue: SAMEORIGIN
|
|
customRequestHeaders:
|
|
X-Forwarded-Proto: https
|
|
|
|
default-whitelist:
|
|
ipWhiteList:
|
|
sourceRange:
|
|
- "10.0.0.0/8"
|
|
- "192.168.0.0/16"
|
|
- "172.16.0.0/12"
|
|
|
|
secured:
|
|
chain:
|
|
middlewares:
|
|
- default-whitelist
|
|
- default-headers
|
|
|
|
#crowdsec-bouncer: # Uncomment this section after you set up crowdsec traefik-bouncer
|
|
#forwardauth:
|
|
#address: http://bouncer-traefik:8080/api/v1/forwardAuth
|
|
#trustForwardHeader: true
|
|
|
|
cloudflarewarp:
|
|
plugin:
|
|
cloudflarewarp:
|
|
disableDefault: false
|
|
trustip: # Trust IPS not required if disableDefault is false - we will allocate Cloud Flare IPs automatically
|
|
|