From 27b3e1b24b3b816ecdbedf75759951fcc65ad84c Mon Sep 17 00:00:00 2001 From: Elizabeth Hunt Date: Wed, 10 Apr 2024 12:33:43 -0600 Subject: init --- .gitignore | 3 +++ dynamic.yml | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ roots.pem | 12 ++++++++++++ traefik.yml | 28 ++++++++++++++++++++++++++++ 4 files changed, 104 insertions(+) create mode 100644 .gitignore create mode 100644 dynamic.yml create mode 100644 roots.pem create mode 100644 traefik.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7a9d8d0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*.log +acme.json +acmedns.json diff --git a/dynamic.yml b/dynamic.yml new file mode 100644 index 0000000..27aeec3 --- /dev/null +++ b/dynamic.yml @@ -0,0 +1,61 @@ +http: + routers: + dashboard: + rule: "Host(`traefik.armin.internal.simponic.xyz`)" + service: "noop@internal" + entryPoints: + - "http" + middlewares: + - "secured-redirect" + dashboard-secured: + entryPoints: + - "https" + rule: "Host(`traefik.armin.internal.simponic.xyz`)" + service: "api@internal" + tls: + certResolver: "local" + domains: + - main: "traefik.armin.internal.simponic.xyz" + + karan: + rule: "Host(`dev.armin.internal.simponic.xyz`)" + service: "noop@internal" + entryPoints: + - "http" + middlewares: + - "secured-redirect" + karan-secured: + entryPoints: + - "https" + rule: "Host(`dev.armin.internal.simponic.xyz`)" + service: "example-service" + tls: + certResolver: "local" + options: acmeClient + domains: + - main: "dev.armin.internal.simponic.xyz" + + middlewares: + secured-redirect: + redirectscheme: + scheme: https + permanent: true + + services: + example-service: + loadBalancer: + passHostHeader: true + servers: + - url: "http://localhost:8080/" + +tls: + options: + acmeClient: + clientAuth: + caFiles: + - /Users/lizzy/armin/roots.pem + clientAuthType: RequireAndVerifyClientCert + +log: + filePath: log-file.log # relative to current location, will be created + level: DEBUG diff --git a/roots.pem b/roots.pem new file mode 100644 index 0000000..66cea19 --- /dev/null +++ b/roots.pem @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB0DCCAXagAwIBAgIRAJILGnfk9SxqwU6whcoOw2kwCgYIKoZIzj0EAwIwRjEd +MBsGA1UEChMUU2ltcG9uaWMgSW50ZXJuYWwgQ0ExJTAjBgNVBAMTHFNpbXBvbmlj +IEludGVybmFsIENBIFJvb3QgQ0EwHhcNMjQwMTA1MTkyMzMwWhcNMzQwMTAyMTky +MzMwWjBGMR0wGwYDVQQKExRTaW1wb25pYyBJbnRlcm5hbCBDQTElMCMGA1UEAxMc +U2ltcG9uaWMgSW50ZXJuYWwgQ0EgUm9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABIwzVefhKFFat/YxfXyl7aAFN5Cf/4YFmwXRcLk2z1Dkg7NGy+a99whk +cU1rXO77ur5v5ZxO9/SZuXCg4RHAqkmjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNV +HRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBQgyFJ0jQPXUD/TfsoJMosGwhTZbzAK +BggqhkjOPQQDAgNIADBFAiAdzKgxH4rvhaBeZXRfUCKf9hA9j0aVvs97QjpfOaL7 +7gIhAOIncypopVzTEko8f6lSrrwJgGd1EW1oCVAMGw9hje3f +-----END CERTIFICATE----- diff --git a/traefik.yml b/traefik.yml new file mode 100644 index 0000000..2ee3550 --- /dev/null +++ b/traefik.yml @@ -0,0 +1,28 @@ +accessLog: + bufferingSize: 100 + filePath: log-access.log +api: + dashboard: true + debug: true +entryPoints: + http: + address: ":80" + forwardedHeaders: + insecure: true + https: + address: ":443" +log: + filePath: log-file.log + level: DEBUG +providers: + file: + filename: /Users/lizzy/armin/dynamic.yml +serversTransport: + insecureSkipVerify: true +certificatesResolvers: + local: + acme: + caserver: https://ca.internal.simponic.xyz/acme/ACME/directory + storage: /Users/lizzy/armin/acme.json + httpChallenge: + entryPoint: http -- cgit v1.2.3-70-g09d2