[global]
  checkNewVersion = true
  sendAnonymousUsage = false

[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.websecure]
    address = ":443"
  [entryPoints.metrics]
    address = ":8082"  # Dedicated port for Prometheus metrics
  [entryPoints.ssh]
    address = ":2222"
    [entryPoints.ssh.transport]
      [entryPoints.ssh.transport.lifeCycle]
        graceTimeOut = "30s"
      [entryPoints.ssh.transport.respondingTimeouts]
        idleTimeout = "3m"
        readTimeout = "1m"


[api]
  dashboard = true

[metrics.prometheus]
  entryPoint = "metrics"
  addEntryPointsLabels = true
  addServicesLabels = true
  manualRouting = true

[log]
  level = "INFO"
  filePath = "/var/log/traefik/traefik.log"

[accessLog]
  filePath = "/var/log/traefik/access.log"

[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  exposedByDefault = false

[certificatesResolvers.variomedia.acme]
  email = "tim@unkrig.dev"
  storage = "/letsencrypt/acme.json"
  caServer = "https://acme-v02.api.letsencrypt.org/directory"
  [certificatesResolvers.variomedia.acme.dnsChallenge]
    provider = "variomedia"
    delayBeforeCheck = 0

[providers]
  [providers.file]
    filename = "/etc/traefik/traefik.toml"
    watch = true

[http.routers]
  [http.routers.traefik]
    rule = "Host(`traefik.unkrig.dev`)"
    entryPoints = ["websecure"]
    service = "api@internal"
    tls.certresolver = "variomedia"

  [http.routers.cloud_unkrig_dev]
    rule = "Host(`cloud.unkrig.dev`)"
    entryPoints = ["websecure"]
    service = "cloud_unkrig_dev"
    tls.certresolver = "variomedia"
    middlewares = ["nextcloud-headers"]

  [http.routers.git_unkrig_dev]
    rule = "Host(`git.unkrig.dev`)"
    entryPoints = ["websecure"]
    service = "git_unkrig_dev"
    tls.certresolver = "variomedia"

  [http.routers.ha_unkrig_dev]
    rule = "Host(`homeassistant.unkrig.dev`)"
    entryPoints = ["websecure"]
    service = "ha_unkrig_dev"
    tls.certresolver = "variomedia"

  [http.routers.auth_unkrig_dev]
    rule = "Host(`auth.unkrig.dev`)"
    entryPoints = ["websecure"]
    service = "auth_unkrig_dev"
    tls.certresolver = "variomedia"
    middlewares = ["auth-headers"]

  [http.routers.photos_unkrig_dev]
    rule = "Host(`photos.unkrig.dev`)"
    entryPoints = ["websecure"]
    service = "photos_unkrig_dev"
    tls.certresolver = "variomedia"

[http.services]
  [http.services.cloud_unkrig_dev.loadBalancer]
    [[http.services.cloud_unkrig_dev.loadBalancer.servers]]
      url = "http://10.20.1.8:11000"

  [http.services.git_unkrig_dev.loadBalancer]
    [[http.services.git_unkrig_dev.loadBalancer.servers]]
      url = "http://10.20.1.6:2345"

  [http.services.ha_unkrig_dev.loadBalancer]
    [[http.services.ha_unkrig_dev.loadBalancer.servers]]
      url = "http://10.20.1.20:8123"

  [http.services.auth_unkrig_dev.loadBalancer]
    [[http.services.rss_unkrig_dev.loadBalancer.servers]]
      url = "http://10.20.1.1:9000"

  [http.services.rss_unkrig_dev.loadBalancer]
    [[http.services.rss_unkrig_dev.loadBalancer.servers]]
      url = "http://10.20.1.5:2283"

[http.middlewares]
  [http.middlewares.nextcloud-headers.headers]
#    stsSeconds = 15552000
#    stsIncludeSubdomains = true
#    stsPreload = true
#    customFrameOptionsValue = "SAMEORIGIN"
#    contentTypeNosniff = true
#    browserXssFilter = true
#    referrerPolicy = "no-referrer"
     hostsProxyHeaders = [ "X-Forwarded-Host" ]
     referrerPolicy = "same-origin"

  [http.middlewares.auth-headers.headers]
     hostsProxyHeaders = [ "X-Forwarded-Host" ]
     referrerPolicy = "same-origin"

[tcp.routers]
  [tcp.routers.git_ssh]
    entryPoints = ["ssh"]
    service = "git_ssh_service"
    rule = "HostSNI(`*`)"

[tcp.services]
  [tcp.services.git_ssh_service.loadBalancer]
    [[tcp.services.git_ssh_service.loadBalancer.servers]]
      address = "10.20.1.6:2346"