michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e04772095403a8bf7e6fcb922a2f266cb31a1ec1
michaelschiemer/deployment/stacks/traefik/traefik.yml
Michael Schiemer 3d233e8b2c fix: Remove redundant ACME challenge router in Traefik configuration 
- Remove explicit ACME challenge router that had no service defined
- Traefik handles ACME challenges automatically when httpChallenge.entryPoint is set
- The router was interfering with automatic challenge handling
- Fixes 'Cannot retrieve the ACME challenge' errors in Traefik logs
2025-11-08 18:46:01 +01:00

99 lines
2.1 KiB
YAML
Raw Blame History

# Static Configuration for Traefik v3.0
# Minimal configuration - only static settings
# Global Configuration
global:
checkNewVersion: true
sendAnonymousUsage: false
# API and Dashboard
api:
dashboard: true
insecure: false
# Dashboard accessible via HTTPS router
# Entry Points
entryPoints:
web:
address: ":80"
# No global redirect - ACME challenges need HTTP access
# Redirects are handled per-router via middleware
websecure:
address: ":443"
http:
tls:
certResolver: letsencrypt
domains:
- main: michaelschiemer.de
sans:
- "*.michaelschiemer.de"
# TCP entrypoint for Gitea SSH
gitea-ssh:
address: ":2222"
# Certificate Resolvers
certificatesResolvers:
letsencrypt:
acme:
email: kontakt@michaelschiemer.de
storage: /acme.json
caServer: https://acme-v02.api.letsencrypt.org/directory
# Use HTTP-01 challenge (requires port 80 accessible)
# Traefik automatically handles /.well-known/acme-challenge requests
httpChallenge:
entryPoint: web
# Optional: Increase retry attempts for certificate renewal
# This helps when Gitea is temporarily unavailable
preferredChain: ""
# Providers
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
# Bridge network mode - Traefik uses Docker service discovery via labels
# Services must be on the same network (traefik-public) for discovery
watch: true
file:
directory: /dynamic
watch: true
# Forwarded Headers Configuration
forwardedHeaders:
trustedIPs:
- "127.0.0.1/32"
- "172.17.0.0/16"
- "172.18.0.0/16"
- "10.8.0.0/24"
insecure: false
# Logging
log:
level: INFO
filePath: /logs/traefik.log
format: json
# Access Logs
accessLog:
filePath: /logs/access.log
format: json
bufferingSize: 100
filters:
statusCodes:
- "400-499"
- "500-599"
# Metrics
metrics:
prometheus:
addEntryPointsLabels: true
addRoutersLabels: true
addServicesLabels: true
# Ping
ping:
entryPoint: web
Reference in New Issue View Git Blame Copy Permalink