updated structure

docker-compose/traefik/compose.yaml

@@ -11,14 +11,14 @@ services:
       # <--
     volumes:
       - /run/docker.sock:/run/docker.sock:ro
-      - ./config/traefik.yaml:/etc/traefik/traefik.yaml:ro
+      - ./config/:/etc/traefik/:ro
-      - ./data/certs/:/var/traefik/certs/:rw
+      - ./certs/:/var/traefik/certs/:rw
-      - ./config/conf.d/:/etc/traefik/conf.d/:ro
     environment:
       - CF_DNS_API_TOKEN=your-cloudflare-api-token  # <-- Change this to your Cloudflare API Token
     networks:
       - frontend
     restart: unless-stopped
+
 networks:
   frontend:
     external: true  # <-- (Optional) Change this to false if you want to create a new network

docker-compose/traefik/config/conf.d/externalservice.yaml

@@ -1,20 +0,0 @@
----
-http:
-  # -- Change Router Configuration here...
-  routers:
-    your-local-router:
-      rule: "Host(`your-local-service.your-domain.com`)"  # <-- Change Rules here...
-      service: your-local-service  # <-- Change Service Name here...
-      priority: 1000  # <-- (Optional) Change Routing Priority here...
-      entryPoints:
-        - web
-        - websecure
-      tls:
-        certResolver: cloudflare
-
-  # -- Change Service Configuration here...
-  services:
-    your-local-service:  # <-- Change Service Name here...
-      loadBalancer:
-        servers:
-          - url: "http://your-local-service:port"  # <-- Change Target Service URL here...

docker-compose/traefik/config/conf.d/tls.yaml

@@ -1,18 +0,0 @@
----
-# -- Change TLS Configuration here...
-tls:
-  options:
-    default:
-      minVersion: VersionTLS12
-      sniStrict: true
-      curvePreferences:
-        - CurveP256
-        - CurveP384
-        - CurveP521
-      cipherSuites:
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

docker-compose/traefik/config/example.externalservice.yaml

@@ -0,0 +1,21 @@
+# --> (Example) Expose an external service using Traefik...
+# http:
+#   # -- Change Router Configuration here...
+#   routers:
+#     your-local-router:
+#       rule: "Host(`your-local-service.your-domain.com`)"  # <-- Change Rules here...
+#       service: your-local-service  # <-- Change Service Name here...
+#       priority: 1000  # <-- (Optional) Change Routing Priority here...
+#       entryPoints:
+#         - web
+#         - websecure
+#       tls:
+#         certResolver: cloudflare
+# 
+#   # -- Change Service Configuration here...
+#   services:
+#     your-local-service:  # <-- Change Service Name here...
+#       loadBalancer:
+#         servers:
+#           - url: "http://your-local-service:port"  # <-- Change Target Service URL here...
+# <--

docker-compose/traefik/config/example.middleware-authentik.yaml

@@ -1,4 +1,4 @@
-# --> (Optional) Securely expose apps using the Traefik proxy outpost...
+# --> (Example) Securely expose apps using the Traefik proxy outpost...
 # http:
 #   middlewares:
 #     authentik-middleware:

docker-compose/traefik/config/example.tls.yaml

@@ -0,0 +1,18 @@
+# --> (Example) Change TLS Configuration here...
+# tls:
+#   options:
+#     default:
+#       minVersion: VersionTLS12
+#       sniStrict: true
+#       curvePreferences:
+#         - CurveP256
+#         - CurveP384
+#         - CurveP521
+#       cipherSuites:
+#         - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+#         - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+#         - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+#         - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+#         - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+#         - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+# <--

kubernetes/cert-manager/example.certificate.yaml

@@ -0,0 +1,15 @@
+---
+# --> (Example) Create a Certificate for your hostname...
+# apiVersion: cert-manager.io/v1
+# kind: Certificate
+# metadata:
+#   name: your-certificate  # <-- Replace with your certificate name
+#   namespace: your-namespace  # <-- Replace with your namespace
+# spec:
+#   secretName: your-secret  # <-- Replace with your secret name
+#   issuerRef:
+#     name: clusterissuer  # <-- Replace with your issuer name
+#     kind: ClusterIssuer
+#   dnsNames:
+#     - your-hostname  # <-- Replace with your hostname
+# <--

kubernetes/cert-manager/examples/certificate.yaml

@@ -1,13 +0,0 @@
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: your-certificate  # <-- Replace with your certificate name
-  namespace: your-namespace  # <-- Replace with your namespace
-spec:
-  secretName: your-secret  # <-- Replace with your secret name
-  issuerRef:
-    name: clusterissuer  # <-- Replace with your issuer name
-    kind: ClusterIssuer
-  dnsNames:
-    - your-hostname  # <-- Replace with your hostname

kubernetes/traefik/certificate.yaml

@@ -1,3 +1,4 @@
+---
 # --> (Optional) Securely expose the Traefik dashboard...
 # apiVersion: cert-manager.io/v1
 # kind: Certificate

kubernetes/traefik/example.ingressroute.yaml

@@ -0,0 +1,21 @@
+---
+# --> (Example) Create an IngressRoute for your service...
+# apiVersion: traefik.io/v1alpha1
+# kind: IngressRoute
+# metadata:
+#   name: your-ingressroute  # <-- Replace with your IngressRoute name
+#   namespace: your-namespace  # <-- Replace with your namespace
+# spec:
+#   entryPoints:
+#     - web
+#     - websecure
+#   routes:
+#     - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
+#       kind: Rule
+#       services:
+#         - name: your-service  # <-- Replace with your service name
+#           port: 80
+# --> (Optional) Add certificate secret
+# tls:
+#     secretName: your-certificate-secret
+# <--

kubernetes/traefik/example.ingressroutetcp.yaml

@@ -0,0 +1,21 @@
+---
+# --> (Example) Create an IngressRouteTCP for your service...
+# apiVersion: traefik.io/v1alpha1
+# kind: IngressRouteTCP
+# metadata:
+#   name: your-ingressroutetcp  # <-- Replace with your IngressRouteTCP name
+#   namespace: your-namespace   # <-- Replace with your namespace
+# spec:
+#   entryPoints:
+#     - web
+#     - websecure
+#   routes:
+#     - match: HostSNI(`your-sni`)  # <-- Replace with your SNI
+#       priority: 10  # <-- (Optional) change rule priority
+#       services:
+#         - name: your-service  # <-- Replace with your service name
+#           port: 80
+# --> (Optional) Enable TLS Passthrough
+# tls:
+#   passthrough: true
+# <--

kubernetes/traefik/examples/ingressroute.yaml

@@ -1,20 +0,0 @@
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: your-ingressroute  # <-- Replace with your IngressRoute name
-  namespace: your-namespace  # <-- Replace with your namespace
-spec:
-  entryPoints:
-    - web
-    - websecure
-  routes:
-    - match: Host(`your-fqdn`)  # <-- Replace with your FQDN
-      kind: Rule
-      services:
-        - name: your-service  # <-- Replace with your service name
-          port: 80
-# --> (Optional) Add certificate secret
-# tls:
-#     secretName: your-certificate-secret
-# <--

kubernetes/traefik/examples/ingressroutetcp.yaml

@@ -1,20 +0,0 @@
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRouteTCP
-metadata:
-  name: your-ingressroutetcp  # <-- Replace with your IngressRouteTCP name
-  namespace: your-namespace   # <-- Replace with your namespace
-spec:
-  entryPoints:
-    - web
-    - websecure
-  routes:
-    - match: HostSNI(`your-sni`)  # <-- Replace with your SNI
-      priority: 10  # <-- (Optional) change rule priority
-      services:
-        - name: your-service  # <-- Replace with your service name
-          port: 80
-# --> (Optional) Enable TLS Passthrough
-# tls:
-#   passthrough: true
-# <--

kubernetes/traefik/middleware.yaml

@@ -1,3 +1,4 @@
+---
 # --> (Optional) Securely expose the Traefik dashboard...
 # apiVersion: traefik.io/v1alpha1
 # kind: Middleware