fix(traefik): Update middleware configuration for HTTPS and routing rules
Some checks failed
/ validate-docker-compose (push) Has been cancelled
Some checks failed
/ validate-docker-compose (push) Has been cancelled
This commit is contained in:
parent
191d25e281
commit
db968ba5ca
@ -16,7 +16,6 @@ services:
|
||||
- --providers.docker.network=docker-compose-nas
|
||||
- --providers.docker.endpoint=unix:///var/run/docker.sock
|
||||
- --log.level=DEBUG
|
||||
- --entrypoints.web.http.middlewares=set-x-forwarded-proto@docker
|
||||
network_mode: service:tailscale
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
@ -25,7 +24,12 @@ services:
|
||||
interval: 30s
|
||||
retries: 10
|
||||
labels:
|
||||
- traefik.http.middlewares.set-x-forwarded-proto.headers.customRequestHeaders.X-Forwarded-Proto=https
|
||||
- traefik.enable=true
|
||||
# Global middleware to set X-Forwarded-Proto header
|
||||
- traefik.http.middlewares.https-proto.headers.customrequestheaders.X-Forwarded-Proto=https
|
||||
- traefik.http.routers.catchall.rule=PathPrefix(`/`)
|
||||
- traefik.http.routers.catchall.middlewares=https-proto@docker
|
||||
- traefik.http.routers.catchall.entrypoints=web
|
||||
redis:
|
||||
image: redis:alpine
|
||||
container_name: redis
|
||||
@ -60,6 +64,7 @@ services:
|
||||
# - traefik.http.routers.authelia.priority=100 # Removed priority
|
||||
- traefik.http.services.authelia.loadbalancer.server.port=9091
|
||||
- traefik.http.middlewares.authelia-auth.forwardAuth.address=http://authelia:9091/api/verify # Simplified forwardAuth address
|
||||
- traefik.http.routers.authelia.middlewares=https-proto@docker
|
||||
- traefik.http.middlewares.authelia-auth.forwardAuth.trustForwardHeader=true
|
||||
- traefik.http.middlewares.authelia-auth.forwardAuth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email
|
||||
- homepage.group=Security
|
||||
@ -86,7 +91,7 @@ services:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.sonarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/sonarr`) # Added Host check
|
||||
- traefik.http.routers.sonarr.entrypoints=web
|
||||
- traefik.http.routers.sonarr.middlewares=authelia-auth@docker
|
||||
- traefik.http.routers.sonarr.middlewares=https-proto@docker,authelia-auth@docker
|
||||
- traefik.http.services.sonarr.loadbalancer.server.port=8989
|
||||
- homepage.group=Media
|
||||
- homepage.name=Sonarr
|
||||
@ -116,7 +121,7 @@ services:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.radarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/radarr`) # Added Host check
|
||||
- traefik.http.routers.radarr.entrypoints=web
|
||||
- traefik.http.routers.radarr.middlewares=authelia-auth@docker
|
||||
- traefik.http.routers.radarr.middlewares=https-proto@docker,authelia-auth@docker
|
||||
- traefik.http.services.radarr.loadbalancer.server.port=7878
|
||||
- homepage.group=Media
|
||||
- homepage.name=Radarr
|
||||
@ -146,7 +151,7 @@ services:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.lidarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/lidarr`) # Added Host check
|
||||
- traefik.http.routers.lidarr.entrypoints=web
|
||||
- traefik.http.routers.lidarr.middlewares=authelia-auth@docker
|
||||
- traefik.http.routers.lidarr.middlewares=https-proto@docker,authelia-auth@docker
|
||||
- traefik.http.services.lidarr.loadbalancer.server.port=8686
|
||||
- homepage.group=Media
|
||||
- homepage.name=Lidarr
|
||||
@ -178,7 +183,7 @@ services:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.bazarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/bazarr`) # Added Host check
|
||||
- traefik.http.routers.bazarr.entrypoints=web
|
||||
- traefik.http.routers.bazarr.middlewares=authelia-auth@docker
|
||||
- traefik.http.routers.bazarr.middlewares=https-proto@docker,authelia-auth@docker
|
||||
- traefik.http.services.bazarr.loadbalancer.server.port=6767
|
||||
- homepage.group=Download
|
||||
- homepage.name=Bazarr
|
||||
@ -214,7 +219,7 @@ services:
|
||||
- traefik.http.routers.jellyseerr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/jellyseerr`) # Added Host check
|
||||
- traefik.http.routers.jellyseerr.entrypoints=web
|
||||
- traefik.http.services.jellyseerr.loadbalancer.server.port=5055
|
||||
- traefik.http.routers.jellyseerr.middlewares=jellyseerr-stripprefix,jellyseerr-rewrite,jellyseerr-rewriteHeaders,authelia-auth@docker
|
||||
- traefik.http.routers.jellyseerr.middlewares=https-proto@docker,jellyseerr-stripprefix,jellyseerr-rewrite,jellyseerr-rewriteHeaders,authelia-auth@docker
|
||||
- traefik.http.middlewares.jellyseerr-stripprefix.stripPrefix.prefixes=/jellyseerr
|
||||
- traefik.http.middlewares.jellyseerr-rewriteHeaders.plugin.rewriteHeaders.rewrites[0].header=location
|
||||
- traefik.http.middlewares.jellyseerr-rewriteHeaders.plugin.rewriteHeaders.rewrites[0].regex=^/(.+)$
|
||||
@ -287,7 +292,7 @@ services:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.prowlarr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/prowlarr`) # Added Host check
|
||||
- traefik.http.routers.prowlarr.entrypoints=web
|
||||
- traefik.http.routers.prowlarr.middlewares=authelia-auth@docker
|
||||
- traefik.http.routers.prowlarr.middlewares=https-proto@docker,authelia-auth@docker
|
||||
- traefik.http.services.prowlarr.loadbalancer.server.port=9696
|
||||
- homepage.group=Download
|
||||
- homepage.name=Prowlarr
|
||||
@ -311,7 +316,7 @@ services:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.flaresolverr.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/flaresolverr`) # Added Host check
|
||||
- traefik.http.routers.flaresolverr.entrypoints=web
|
||||
- traefik.http.routers.flaresolverr.middlewares=authelia-auth@docker
|
||||
- traefik.http.routers.flaresolverr.middlewares=https-proto@docker,authelia-auth@docker
|
||||
- traefik.http.services.flaresolverr.loadbalancer.server.port=8191
|
||||
profiles:
|
||||
- flaresolverr
|
||||
@ -338,7 +343,7 @@ services:
|
||||
- traefik.http.routers.qbittorrent.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/qbittorrent`) # Added Host check
|
||||
- traefik.http.routers.qbittorrent.entrypoints=web
|
||||
- traefik.http.services.qbittorrent.loadbalancer.server.port=8080
|
||||
- traefik.http.routers.qbittorrent.middlewares=qbittorrent-strip-slash,qbittorrent-stripprefix,authelia-auth@docker
|
||||
- traefik.http.routers.qbittorrent.middlewares=https-proto@docker,qbittorrent-strip-slash,qbittorrent-stripprefix,authelia-auth@docker
|
||||
- traefik.http.middlewares.qbittorrent-stripprefix.stripPrefix.prefixes=/qbittorrent
|
||||
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.regex=(^.*\/qbittorrent$$)
|
||||
- traefik.http.middlewares.qbittorrent-strip-slash.redirectregex.replacement=$$1/
|
||||
@ -383,7 +388,7 @@ services:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.sabnzbd.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/sabnzbd`) # Added Host check
|
||||
- traefik.http.routers.sabnzbd.entrypoints=web
|
||||
- traefik.http.routers.sabnzbd.middlewares=authelia-auth@docker
|
||||
- traefik.http.routers.sabnzbd.middlewares=https-proto@docker,authelia-auth@docker
|
||||
- traefik.http.services.sabnzbd.loadbalancer.server.port=8080
|
||||
- homepage.group=Download
|
||||
- homepage.name=Sabnzbd
|
||||
@ -419,7 +424,7 @@ services:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.jellyfin.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/jellyfin`) # Added Host check
|
||||
- traefik.http.routers.jellyfin.entrypoints=web
|
||||
- traefik.http.routers.jellyfin.middlewares= # Ensure this remains empty for no auth
|
||||
- traefik.http.routers.jellyfin.middlewares=https-proto@docker # Only HTTPS, no auth
|
||||
- traefik.http.services.jellyfin.loadbalancer.server.port=8096
|
||||
- homepage.group=Media
|
||||
- homepage.name=Jellyfin
|
||||
@ -448,7 +453,7 @@ services:
|
||||
- traefik.http.middlewares.calibre-headers.headers.customRequestHeaders.X-Scheme=https
|
||||
- traefik.http.middlewares.calibre-headers.headers.customRequestHeaders.X-Script-Name=/calibre
|
||||
- traefik.http.middlewares.calibre-stripprefixregex.stripPrefixRegex.regex=/calibre
|
||||
- traefik.http.routers.calibre.middlewares=calibre-headers,calibre-stripprefixregex,authelia-auth@docker
|
||||
- traefik.http.routers.calibre.middlewares=https-proto@docker,calibre-headers,calibre-stripprefixregex,authelia-auth@docker
|
||||
- traefik.http.routers.calibre.rule=Host(`${APP_HOSTNAME}`) && PathPrefix(`/calibre`) # Added Host check
|
||||
- traefik.http.routers.calibre.entrypoints=web
|
||||
- traefik.http.services.calibre.loadbalancer.server.port=8083
|
||||
@ -526,7 +531,7 @@ services:
|
||||
- traefik.http.routers.homepage.entrypoints=web
|
||||
# - traefik.http.routers.homepage.priority=10 # Removed priority
|
||||
# - traefik.http.middlewares.homepage-stripprefix.stripPrefix.prefixes=/home # Removed stripPrefix middleware definition
|
||||
- traefik.http.routers.homepage.middlewares=authelia-auth@docker # Removed stripPrefix middleware usage
|
||||
- traefik.http.routers.homepage.middlewares=https-proto@docker,authelia-auth@docker
|
||||
- homepage.group=Dashboard
|
||||
- homepage.name=Homepage
|
||||
- homepage.icon=homepage.png
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user