change conf file format to toml

Author: bensonfx

traefik/conf/default.toml

@@ -0,0 +1,52 @@
+[http.middlewares]
+  [http.middlewares.basic-auth.basicAuth]
+    users = ["benson:$apr1$5HP.kZpz$cvmDw3ADcLwSAzNDLF8RZ."]
+    removeHeader = true
+  [http.middlewares.https-redirect.redirectScheme]
+    scheme = "https"
+    permanent = true
+    port = 5443
+  [http.middlewares.content-compress.compress]
+
+# tricks 实现，提供 HTTP 默认转发 HTTPS
+# https://github.com/containous/traefik/issues/4863#issuecomment-491093096
+# [http.services]
+#   [http.services.noop.LoadBalancer]
+#      [[http.services.noop.LoadBalancer.servers]]
+#         url = "" # or url = "localhost"
+# [http.routers]
+#   [http.routers.https-redirect]
+#     entryPoints = ["http"]
+#     rule = "HostRegexp(`{any:.*}`)"
+#     middlewares = ["https-redirect"]
+#     service = "noop"
+
+
+# [[tls.certificates]]
+#   certFile = "/data/ssl/bensonfx.net.crt"
+#   keyFile = "/data/ssl/bensonfx.net.key"
+#   stores = ["default"]
+
+[tls.options]
+  [tls.options.default]
+    minVersion = "VersionTLS12"
+    sniStrict = true
+    preferServerCipherSuites = true
+    cipherSuites = [
+      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+      "TLS_RSA_WITH_AES_128_GCM_SHA256",
+      "TLS_RSA_WITH_AES_256_GCM_SHA384",
+      "TLS_RSA_WITH_AES_128_CBC_SHA",
+      "TLS_RSA_WITH_AES_256_CBC_SHA",
+    ]
+  [tls.options.mintls13]
+    minVersion = "VersionTLS13"

traefik/conf/default.yml

@@ -0,0 +1,21 @@
+[http.services]
+  [http.services.dsphoto.loadBalancer]
+    passHostHeader = true
+    [[http.services.dsphoto.loadBalancer.servers]]
+      url = "http://photo.example.com"
+  [http.services.nas.loadBalancer]
+    passHostHeader = true
+    [[http.services.nas.loadBalancer.servers]]
+      url = "http://nas.example.com:5000"
+
+[http.routers]
+  [http.routers.dsphoto]
+    entryPoints = ["https"]
+    rule = "Host(`photo.example.com`)"
+    service = "dsphoto"
+    [http.routers.dsphoto.tls]
+  [http.routers.nas]
+    entryPoints = ["https"]
+    rule = "Host(`nas.example.com`)"
+    service = "nas"
+    [http.routers.nas.tls]

traefik/conf/nas.toml

@@ -10,6 +10,7 @@ services:
       - "--global.sendanonymoususage=false"
       - "--global.checknewversion=false"
       - "--api.dashboard=true"
+      # - "--api.insecure=true"
       # - "--api.debug=true"
       - "--ping=true"
       - "--entrypoints.http.address=:80"
@@ -35,8 +36,8 @@ services:
       - "--providers.docker.network=traefik"
       - "--providers.docker.swarmMode=false"
       - "--providers.file=true"
+      - "--providers.file.watch=true"
       - "--providers.file.directory=/etc/traefik/conf"
-      - "--providers.file.debugloggeneratedtemplate=true"
       - "[email protected]"
       - "--certificatesresolvers.le.acme.storage=/data/ssl/acme.json"
       - "--certificatesresolvers.le.acme.keytype=EC256"

traefik/conf/nas.yml

@@ -0,0 +1,55 @@
+[global]
+  checkNewVersion = false
+  sendAnonymousUsage = false
+[log]
+  # level = "DEBUG"
+  filePath = "/logs/traefik.log"
+  format = "json"
+[accessLog]
+  filePath = "/logs/access.log"
+  format = "json"
+[api]
+  dashboard = true
+  # insecure = true
+[ping]
+
+[entryPoints]
+  [entryPoints.http]
+    address = ":80"
+    [entryPoints.http.forwardedHeaders]
+      trustedIPs = ["127.0.0.1/32", "172.18.0.0/24", "192.168.31.0/24"]
+    [entryPoints.http.http.redirections]
+      [entryPoints.http.http.redirections.entryPoint]
+        to = "https"
+        scheme = "https"
+  [entryPoints.https]
+    address = ":443"
+    [entryPoints.https.forwardedHeaders]
+      trustedIPs = ["127.0.0.1/32", "172.18.0.0/24", "192.168.31.0/24"]
+    [entryPoints.https.http.tls]
+      certResolver = "le"
+      [[entryPoints.https.http.tls.domains]]
+        main = "*.example.com"
+        sans = ["*.example.com", "example.com"]
+
+[providers]
+  [providers.docker]
+    watch = true
+    exposedByDefault = false
+    endpoint = "unix:///var/run/docker.sock"
+    useBindPortIP = false
+    network = "traefik"
+    swarmMode = false
+  [providers.file]
+    watch = true
+    directory = "/etc/traefik/conf"
+    # debugLogGeneratedTemplate = true
+
+[certificatesResolvers.le.acme]
+  email = "[email protected]"
+  storage = "/data/ssl/acme.json"
+  keyType = "EC256"
+  [certificatesResolvers.le.acme.dnsChallenge]
+    provider = "cloudflare"
+    delayBeforeCheck = 15
+    resolvers = ["1.1.1.1:53", "8.8.8.8:53"]