LogoLogo
HomeDiscordYouTubeDisclaimer
  • Traefik v2.6+
    • Unraid
      • Config Files Explained
        • traefik.yml Example
        • fileConfig.yml Example
      • Proxying Your First App
        • Proxying an App with Multiple Exposed Ports
        • Proxying an App with a HTTPS WebUI
        • Choosing Your App Subdomain Manually
        • Enabling Authelia Server Authentication
        • Enabling Organizr server authentication
    • Docker Compose
      • Config Files Explained
        • traefik.yml Example
        • fileConfig.yml Example
      • Proxying Your First App
        • Proxying an App with Multiple Exposed Ports
        • Proxying an App with a HTTPS WebUI
        • Choosing Your App Subdomain Manually
        • Enabling Authelia Server Authentication
    • [BETA] Traefik Tunnel
  • 🎯DO I NEED AN UPDATE?
    • Update Me!
  • ❗DISCLAIMER
    • Read Our Disclaimer
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Traefik v2.6+
  2. Unraid
  3. Config Files Explained

fileConfig.yml Example

Now if we were to put everything together into our dynamic Traefik config file, it would look something like the below. Use your favourite method for adding/editing the file and paste in the below. In our example we will use the simple command line file editor nano. Anywhere you see YOURDOMAIN.COM, make sure to change that out for your own domain.

nano /mnt/user/appdata/traefik/fileConfig.yml

fileConfig.yml
http:

  ## EXTERNAL ROUTING - Only use if you want to proxy something manually ##
  routers:
    # Homeassistant routing - Remove if not used
    homeassistant:
      entryPoints:
        - https
      rule: 'Host(`homeassistant.domain.com`)'
      service: homeassistant
      middlewares:
        - "auth"  
  ## SERVICES ##
  services:
    # Homeassistant service - Remove if not used
    homeassistant:
      loadBalancer:
        servers:
          - url: http://192.168.60.5:8123/

  ## MIDDLEWARES ##
  middlewares:
    # Only Allow Local networks
    local-ipwhitelist:
      ipWhiteList:
        sourceRange: 
          - 127.0.0.1/32 # localhost
          - 192.168.1.1/24 # LAN Subnet
  
    # Authelia guard
    auth:
      forwardauth:
        address: http://auth:9091/api/verify?rd=https://auth.domain.com/ # replace auth with your authelia container name
        trustForwardHeader: true
        authResponseHeaders:
          - Remote-User
          - Remote-Groups
          - Remote-Name
          - Remote-Email
  
    # Authelia basic auth guard
    auth-basic:
      forwardauth:
        address: http://auth:9091/api/verify?auth=basic # replace auth with your authelia container name
        trustForwardHeader: true
        authResponseHeaders:
          - Remote-User
          - Remote-Groups
          - Remote-Name
          - Remote-Email

    # Security headers
    securityHeaders:
      headers:
        customResponseHeaders:
          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
          X-Forwarded-Proto: "https"
          server: ""
        customRequestHeaders:
          X-Forwarded-Proto: "https"
        sslProxyHeaders:
          X-Forwarded-Proto: "https"
        referrerPolicy: "same-origin"
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        contentTypeNosniff: true
        browserXssFilter: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsSeconds: 63072000
        stsPreload: true
 
# Only use secure ciphers - https://ssl-config.mozilla.org/#server=traefik&version=2.6.0&config=intermediate&guideline=5.6              
tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
Previoustraefik.yml ExampleNextProxying Your First App

Last updated 2 years ago

Was this helpful?