This comprehensive tutorial demonstrates how to implement headscale (self-hosted tailscale control server) and tailscale clients using NixOS configuration. L...
GNUnano7.2/config/traefik/traefik.yamlglobal:checkNewVersion:falsesendAnonymousUsage:falseentryPoints:web:address::80proxyProtocol:insecure:falsetrustedIPs:-172.32.0.0/16-192.168.1.0/24forwardedHeaders:insecure:falsetrustedIPs:-172.32.0.0/16-192.168.1.0/24http:redirections:entryPoint:to:websecurescheme:httpspermanent:truewebsecure:address::443proxyProtocol:insecure:falsetrustedIPs:-172.32.0.0/16-192.168.1.0/24forwardedHeaders:insecure:falsetrustedIPs:-172.32.0.0/16-192.168.1.0/24http:tls:options:modern@filecertResolver:letsencryptdomains:-main:"example.com"sans:-"*.example.com"providers:docker:exposedByDefault:falsenetwork:compose_proxiedallowEmptyServices:trueendpoint:"http://socket:2375/"defaultRule:"Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)"file:directory:/config/dynamicwatch:trueapi:insecure:falsedashboard:truecertificatesResolvers:letsencrypt:acme:email:acme@example.comstorage:/certificates/acme.jsondnsChallenge:provider:cloudflareresolvers:-"1.1.1.1:53"-"1.0.0.1:53"log:level:DEBUGfilePath:/config/logs/traefik.logformat:jsonaccesslog:filepath:/config/logs/access.logbufferingSize:100format:json
I can share my traefik setup - note I am doing this on my phone at work, so I might miss something
compose.yaml labels: - "traefik.enable=true" - "traefik.http.routers.traefik.middlewares=authwares@file"GNU nano 7.2 /config/traefik/dynamic/middlewares.yaml http: middlewares: limit: buffering: memRequestBodyBytes: 5000000000 memResponseBodyBytes: 5000000000 maxRequestBodyBytes: 5000000000 maxResponseBodyBytes: 5000000000 authwares: chain: middlewares: - default-headers - authelia - limit default-headers: headers: accessControlAllowHeaders: "content-type,authorization" accessControlAllowMethods: - GET - OPTIONS - PUT - POST - DELETE frameDeny: true accessControlAllowOriginList: "*" accessControlMaxAge: 100 addVaryHeader: true browserXssFilter: true contentTypeNosniff: true forceSTSHeader: true stsIncludeSubdomains: true stsPreload: true stsSeconds: 15552000 customFrameOptionsValue: SAMEORIGIN referrerPolicy: "strict-origin-when-cross-origin" customRequestHeaders: X-Forwarded-Proto: https customResponseHeaders: X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex" server: "" X-Forwarded-Proto: "https,wss" hostsProxyHeaders: - "X-Forwarded-Host" authelia: forwardAuth: address: http://auth/api/verify?rd=https%3A%2F%2Fauth.example.com%2F trustForwardHeader: true authResponseHeaders: - "Remote-User" - "Remote-Groups" - "Remote-Email" - "Remote-Name"GNU nano 7.2 /config/traefik/traefik.yaml global: checkNewVersion: false sendAnonymousUsage: false entryPoints: web: address: :80 proxyProtocol: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 forwardedHeaders: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 http: redirections: entryPoint: to: websecure scheme: https permanent: true websecure: address: :443 proxyProtocol: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 forwardedHeaders: insecure: false trustedIPs: - 172.32.0.0/16 - 192.168.1.0/24 http: tls: options: modern@file certResolver: letsencrypt domains: - main: "example.com" sans: - "*.example.com" providers: docker: exposedByDefault: false network: compose_proxied allowEmptyServices: true endpoint: "http://socket:2375/" defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.example.com`)" file: directory: /config/dynamic watch: true api: insecure: false dashboard: true certificatesResolvers: letsencrypt: acme: email: acme@example.com storage: /certificates/acme.json dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "1.0.0.1:53" log: level: DEBUG filePath: /config/logs/traefik.log format: json accesslog: filepath: /config/logs/access.log bufferingSize: 100 format: json