Files
zrok/zrok-instance/traefik.dynamic.toml
2025-03-24 19:56:56 +00:00

96 lines
3.2 KiB
TOML

# Dynamic configuration for Traefik
# Entrypoints configuration is handled in the main Traefik configuration through environment variables
# We don't define entryPoints here as they will be configured by the environment variables in compose.traefik.yml:
# TRAEFIK_ENTRYPOINTS_websecure_ADDRESS: ":${TRAEFIK_HTTPS_PORT:-443}"
# TLS wildcard certificate configuration
[tls]
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
sniStrict = true
# HTTP to HTTPS redirect middleware
[http.middlewares]
[http.middlewares.https-redirect.redirectScheme]
scheme = "https"
permanent = true
# Note: We can't use template syntax here as it's not supported in static config
# Instead, we'll use passHostHeader in the loadBalancer configs
# Define servers transports
[http.serversTransports]
[http.serversTransports.ziti-transport]
insecureSkipVerify = true
# Routing configuration
[http.routers]
# Ziti router
[http.routers.ziti]
rule = "Host(`ziti.{{ env "ZROK_DNS_ZONE" }}`)"
service = "ziti"
entrypoints = ["websecure"]
[http.routers.ziti.tls]
certResolver = "default"
[[http.routers.ziti.tls.domains]]
main = "*.{{ env "ZROK_DNS_ZONE" }}"
# OAuth router
[http.routers.oauth]
rule = "Host(`oauth.{{ env "ZROK_DNS_ZONE" }}`)"
service = "oauth"
entrypoints = ["websecure"]
[http.routers.oauth.tls]
certResolver = "default"
[[http.routers.oauth.tls.domains]]
main = "*.{{ env "ZROK_DNS_ZONE" }}"
# Controller router
[http.routers.ctrl]
rule = "Host(`zrok.{{ env "ZROK_DNS_ZONE" }}`)"
service = "ctrl"
entrypoints = ["websecure"]
[http.routers.ctrl.tls]
certResolver = "default"
[[http.routers.ctrl.tls.domains]]
main = "*.{{ env "ZROK_DNS_ZONE" }}"
# Frontend router (default route)
[http.routers.frontend]
rule = "HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.{{ env "ZROK_DNS_ZONE" }}`) && !Host(`ziti.{{ env "ZROK_DNS_ZONE" }}`) && !Host(`oauth.{{ env "ZROK_DNS_ZONE" }}`) && !Host(`zrok.{{ env "ZROK_DNS_ZONE" }}`)"
service = "frontend"
entrypoints = ["websecure"]
[http.routers.frontend.tls]
certResolver = "default"
[[http.routers.frontend.tls.domains]]
main = "*.{{ env "ZROK_DNS_ZONE" }}"
# Service configuration
[http.services]
# Ziti service
[http.services.ziti.loadBalancer]
passHostHeader = true
serversTransport = "ziti-transport"
[[http.services.ziti.loadBalancer.servers]]
url = "http://ziti-quickstart:{{ env "ZITI_CTRL_ADVERTISED_PORT" | default 80 }}"
# OAuth service
[http.services.oauth.loadBalancer]
passHostHeader = true
[[http.services.oauth.loadBalancer.servers]]
url = "http://zrok-frontend:{{ env "ZROK_OAUTH_PORT" | default 8081 }}"
# Controller service
[http.services.ctrl.loadBalancer]
passHostHeader = true
[[http.services.ctrl.loadBalancer.servers]]
url = "http://zrok-controller:{{ env "ZROK_CTRL_PORT" | default 18080 }}"
# Frontend service
[http.services.frontend.loadBalancer]
passHostHeader = true
[[http.services.frontend.loadBalancer.servers]]
url = "http://zrok-frontend:{{ env "ZROK_FRONTEND_PORT" | default 8080 }}"