rohrschacht/netcup-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
fe3a62c6a5
netcup-setup/ansible/roles/traefik/files/dynamic.yml
Tobias Petrich fe3a62c6a5
add silverbullet with authentik forward proxy
2026-04-30 18:50:07 +02:00

250 lines
6.4 KiB
YAML
Raw Blame History

http:
middlewares:
authentik:
forwardAuth:
address: http://localhost:9100/outpost.goauthentik.io/auth/traefik
trustForwardHeader: true
authResponseHeaders:
- X-authentik-username
- X-authentik-groups
- X-authentik-entitlements
- X-authentik-email
- X-authentik-name
- X-authentik-uid
- X-authentik-jwt
- X-authentik-meta-jwks
- X-authentik-meta-outpost
- X-authentik-meta-provider
- X-authentik-meta-app
- X-authentik-meta-version
routers:
# Router for wekan.rohrschacht.de
wekan-router:
rule: "Host(`wekan.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: wekan-service
# Router for wekantesting.rohrschacht.de
wekantesting-router:
rule: "Host(`wekantesting.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: wekantesting-service
# Router for git.rohrschacht.de
git-router:
rule: "Host(`git.rohrschacht.de`) || Host(`gitea.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: gitea-service
# Router for vault.rohrschacht.de
vault-router:
rule: "Host(`vault.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: vault-service
# Router for actual.rohrschacht.de
actual-router:
rule: "Host(`actual.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: actual-service
# Router for nextcloud.rohrschacht.de
nextcloud-router:
rule: "Host(`nextcloud.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: nextcloud-service
# Router for paperless.rohrschacht.de
paperless-router:
rule: "Host(`paperless.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: paperless-service
# Router for bookstack.rohrschacht.de
bookstack-router:
rule: "Host(`bookstack.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: bookstack-service
# Router for languagetool.rohrschacht.de
languagetool-router:
rule: "Host(`languagetool.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: languagetool-service
# Router for sgnarva.petrich.work
sgnarva-router:
rule: "Host(`sg-narva.petrich.work`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: sgnarva-service
# Router for auth.rohrschacht.de
authentik-router:
rule: "Host(`auth.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: authentik-serivce
# Router for tandoor.rohrschacht.de
tandoor-router:
rule: "Host(`tandoor.rohrschacht.de`)"
entryPoints:
- websecure
tls:
certResolver: letsencrypt
service: tandoor-service
# Router for silverbullet.rohrschacht.de
silverbullet-router-service-worker:
rule: "Host(`silverbullet.rohrschacht.de`) && PathPrefix(`/service_worker.js`)"
entryPoints:
- websecure
priority: 20
tls:
certResolver: letsencrypt
service: silverbullet-service
# Router for silverbullet.rohrschacht.de static client assets
silverbullet-router-client:
rule: "Host(`silverbullet.rohrschacht.de`) && PathPrefix(`/.client`)"
entryPoints:
- websecure
priority: 20
tls:
certResolver: letsencrypt
service: silverbullet-service
# Router for silverbullet.rohrschacht.de
silverbullet-router:
rule: "Host(`silverbullet.rohrschacht.de`)"
# rule: "Host(`silverbullet.rohrschacht.de`) && !PathPrefix(`/service_worker.js`) && !PathPrefix(`/.client`) && !PathPrefix(`/outpost.goauthentik.io/`)"
entryPoints:
- websecure
middlewares:
- authentik
priority: 10
tls:
certResolver: letsencrypt
service: silverbullet-service
# Router for silverbullet.rohrschacht.de authentik outpost path
silverbullet-router-auth:
rule: "Host(`silverbullet.rohrschacht.de`) && PathPrefix(`/outpost.goauthentik.io/`)"
entryPoints:
- websecure
priority: 15
tls:
certResolver: letsencrypt
service: authentik-service
services:
# Service for wekan.rohrschacht.de
wekan-service:
loadBalancer:
servers:
- url: "http://localhost:8100"
# Service for wekantesting.rohrschacht.de
wekantesting-service:
loadBalancer:
servers:
- url: "http://localhost:8200"
# Service for gitea.rohrschacht.de
gitea-service:
loadBalancer:
servers:
- url: "http://localhost:8300"
# Service for vault.rohrschacht.de
vault-service:
loadBalancer:
servers:
- url: "http://localhost:8400"
# Service for vault.rohrschacht.de
actual-service:
loadBalancer:
servers:
- url: "http://localhost:8500"
# Service for nextcloud.rohrschacht.de
nextcloud-service:
loadBalancer:
servers:
- url: "http://localhost:8600"
# Service for paperless.rohrschacht.de
paperless-service:
loadBalancer:
servers:
- url: "http://localhost:8700"
# Service for bookstack.rohrschacht.de
bookstack-service:
loadBalancer:
servers:
- url: "http://localhost:8800"
# Service for languagetool.rohrschacht.de
languagetool-service:
loadBalancer:
servers:
- url: "http://localhost:8900"
# Service for sgnarva.petrich.work
sgnarva-service:
loadBalancer:
servers:
- url: "http://localhost:9000"
# Service for auth.rohrschacht.de
authentik-serivce:
loadBalancer:
servers:
- url: "http://localhost:9100"
# Service for tandoor.rohrschacht.de
tandoor-service:
loadBalancer:
servers:
- url: "http://localhost:9200"
# Service for silverbullet.rohrschacht.de
silverbullet-service:
loadBalancer:
servers:
- url: "http://localhost:9300"
Reference in New Issue View Git Blame Copy Permalink