# Static Configuration for Traefik v3.0 # Minimal configuration - only static settings # Global Configuration global: checkNewVersion: true sendAnonymousUsage: false # API and Dashboard api: dashboard: true insecure: false # Dashboard accessible via HTTPS router # Entry Points entryPoints: web: address: ":80" # No global redirect - ACME challenges need HTTP access # Redirects are handled per-router via middleware websecure: address: ":443" http: tls: certResolver: letsencrypt domains: - main: michaelschiemer.de sans: - "*.michaelschiemer.de" # TCP entrypoint for Gitea SSH gitea-ssh: address: ":2222" # Certificate Resolvers certificatesResolvers: letsencrypt: acme: email: kontakt@michaelschiemer.de storage: /acme.json caServer: https://acme-v02.api.letsencrypt.org/directory # Use HTTP-01 challenge (requires port 80 accessible) # Traefik automatically handles /.well-known/acme-challenge requests httpChallenge: entryPoint: web # Optional: Increase retry attempts for certificate renewal # This helps when Gitea is temporarily unavailable preferredChain: "" # Providers providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false # Bridge network mode - Traefik uses Docker service discovery via labels # Services must be on the same network (traefik-public) for discovery watch: true file: directory: /dynamic watch: true # Forwarded Headers Configuration forwardedHeaders: trustedIPs: - "127.0.0.1/32" - "172.17.0.0/16" - "172.18.0.0/16" - "10.8.0.0/24" insecure: false # Logging log: level: INFO filePath: /logs/traefik.log format: json # Access Logs accessLog: filePath: /logs/access.log format: json bufferingSize: 100 filters: statusCodes: - "400-499" - "500-599" # Metrics metrics: prometheus: addEntryPointsLabels: true addRoutersLabels: true addServicesLabels: true # Ping ping: entryPoint: web