# Static Configuration for Traefik

# Global Configuration
global:
  checkNewVersion: true
  sendAnonymousUsage: false

# API and Dashboard
api:
  dashboard: true
  insecure: false

# Entry Points
entryPoints:
  web:
    address: ":80"
    # No global redirect - ACME challenges need HTTP access
    # Redirects are handled per-router via middleware

  websecure:
    address: ":443"
    http:
      tls:
        certResolver: letsencrypt
        domains:
          - main: michaelschiemer.de
            sans:
              - "*.michaelschiemer.de"
      middlewares:
        - security-headers@docker
        - compression@docker

# Certificate Resolvers
certificatesResolvers:
  letsencrypt:
    acme:
      email: kontakt@michaelschiemer.de
      storage: /acme.json
      caServer: https://acme-v02.api.letsencrypt.org/directory
      # Use HTTP-01 challenge (requires port 80 accessible)
      httpChallenge:
        entryPoint: web
      # Uncomment for DNS challenge (requires DNS provider)
      # dnsChallenge:
      #   provider: cloudflare
      #   delayBeforeCheck: 30

# Providers
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: traefik-public
    watch: true

  file:
    directory: /dynamic
    watch: true

# Logging
log:
  level: INFO
  filePath: /logs/traefik.log
  format: json

# Access Logs
accessLog:
  filePath: /logs/access.log
  format: json
  bufferingSize: 100
  filters:
    statusCodes:
      - "400-499"
      - "500-599"

# Metrics
metrics:
  prometheus:
    addEntryPointsLabels: true
    addRoutersLabels: true
    addServicesLabels: true

# Ping
ping:
  entryPoint: web