################################################################
# Global configuration - https://doc.traefik.io/traefik/reference/static-configuration/file/
################################################################

global:
  checkNewVersion: false
  sendAnonymousUsage: false


################################################################
# Entrypoints - https://doc.traefik.io/traefik/routing/entrypoints/
################################################################
entryPoints:
  web:
    address: ":80"
    #reusePort: true
    # Global HTTP to HTTPS redirection
#    http:
#      redirections:
#        entrypoint:
#          to: websecure
#          scheme: https
  websecure:
    address: ":443"
    http:
      tls:
        certResolver: sthomeresolver
        #domains:
        #  - main: "sthome.org"
        #    sans:
        #      - "*.sthome.org"
    forwardedHeaders:
      trustedIPs:
        # Cloudflare (https://www.cloudflare.com/ips-v4)
        - "173.245.48.0/20"
        - "103.21.244.0/22"
        - "103.22.200.0/22"
        - "103.31.4.0/22"
        - "141.101.64.0/18"
        - "108.162.192.0/18"
        - "190.93.240.0/20"
        - "188.114.96.0/20"
        - "197.234.240.0/22"
        - "198.41.128.0/17"
        - "162.158.0.0/15"
        - "104.16.0.0/13"
        - "104.24.0.0/14"
        - "172.64.0.0/13"
        - "131.0.72.0/22"
        # Local IPs
        - "127.0.0.1/32"
        - "10.0.0.0/24"
        - "192.168.2.0/24"
        - "172.16.0.0/12"
  wireguard:
    address: ":51820/udp"
  plex:
    address: ":32400"
  metrics:
    address: ":8082"
  ping:
    address: ":8083"
  mariadb:
    address: ":8306"
  mysql:
    address: ":9306"
  mqtt:
    address: ":1883"
  mqttsecure:
    address: ":8883"
  mqttwebsocket:
    address: ":9001"
  mc-bedrock:
    address: ":19132/udp"
  mc-java:
    address: ":25565/udp"
  mc-java-rcon:
    address: ":25575"
  sftp1:
    address: ":2022"
  sftp2:
    address: ":2023"
  sftp3:
    address: ":2024"    
  sftp4:
    address: ":2025"    
  sftp5:
    address: ":2026"    
  sftp6:
    address: ":2027"    
  sftp7:
    address: ":2028"    
  sftp8:
    address: ":2029"
    
ping:
  entryPoint: "ping"
################################################################
# Logs - https://doc.traefik.io/traefik/observability/logs/
################################################################
log:
  level: DEBUG # Options: DEBUG, PANIC, FATAL, ERROR (Default), WARN, and INFO
  filePath: /logs/traefik-container.log # Default is to STDOUT
  format: json # Uses text format (common) by default
  noColor: false # Recommended to be true when using common
  maxSize: 100 # In megabytes
  compress: true # gzip compression when rotating

################################################################
# Access logs - https://doc.traefik.io/traefik/observability/access-logs/
################################################################
accessLog:
  addInternals: true  # things like ping@internal
  filePath: /logs/traefik-access.log # In the Common Log Format (CLF) by default
  bufferingSize: 100 # Number of log lines
  fields:
    names:
      StartUTC: drop  # Write logs in Container Local Time instead of UTC
  filters:
    statusCodes:
      - "204-299"
      - "400-499"
      - "500-599"

################################################################
# Prometheus - https://doc.traefik.io/traefik/observability/metrics/prometheus/
################################################################
metrics:
  prometheus:
    entryPoint: metrics
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0
    addEntryPointsLabels: true
    addRoutersLabels: true
    addServicesLabels: true

################################################################
# API and Dashboard
################################################################
api:
  dashboard: true
  # disableDashboardAd: true
  # Rely on api@internal and Traefik with Middleware to control access
  # insecure: true

################################################################
# Providers - https://doc.traefik.io/traefik/providers/docker/
################################################################
providers:
  docker:
    #endpoint: "unix:///var/run/docker.sock" # Comment if using socket-proxy
    endpoint: "tcp://traefik_socket-proxy:2375" # Uncomment if using socket proxy
    exposedByDefault: false
    network: traefik-net  # network to use for connections to all containers
    # defaultRule: TODO

  # Enable auto loading of newly created rules by watching a directory
  file:
  # Apps, LoadBalancers, TLS Options, Middlewares, Middleware Chains
    directory: /rules  # /etc/traefik
    watch: true

################################################################
# tls
################################################################
tls:
  stores:
    default:
#      defaultCertificate:
#        certFile: /data/sthome-org.pem
#        keyFile: /data/sthome-org-key.pem
      defaultGeneratedCert:
        resolver: solver-dns
        domain:
          main: sthome.org
          sans:
            - plex.sthome.org
            - emby.sthome.org
            - jellyfin.sthome.org
            - traefik.sthome.org

################################################################
# ACME
################################################################
certificatesResolvers:
#  sthomeresolver:
#    acme:
#      email: "stuurmcp@telkomsa.net"
#      storage: "/data/acme.json" # "/etc/traefik/letsencrypt/acme.json"
#      #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # Comment out when going prod
#      caServer: "https://acme-v02.api.letsencrypt.org/directory" # production:
#      dnsChallenge:
#        provider: cloudflare
#        #delayBeforeCheck: 30 # Default is 2m0s.  This changes the delay (in seconds)
#        # Custom DNS server resolution
#        resolvers:
#          - "1.1.1.1:53"
#          - "8.8.8.8:53"
##
#  sthome-org:
#    acme:
#      email: "stuurmcp@telkomsa.net"
#      storage: "/data/acme.json" # "/etc/traefik/letsencrypt/acme.json"
#      #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # Comment out when going prod
#      caServer: "https://acme-v02.api.letsencrypt.org/directory" # production:
#      dnsChallenge:
#        provider: cloudflare
#        #delayBeforeCheck: 30 # Default is 2m0s.  This changes the delay (in seconds)
#        # Custom DNS server resolution
#        resolvers:
#          - "1.1.1.1:53"
#          - "8.8.8.8:53"
  solver-dns:
    acme:
      email: "stuurmcp@telkomsa.net"
      storage: "/data/acme.json" # "/etc/traefik/letsencrypt/acme.json"
      #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # Comment out when going prod
      caServer: "https://acme-v02.api.letsencrypt.org/directory" # production:
      dnsChallenge:
        provider: cloudflare
        #delayBeforeCheck: 30 # Default is 2m0s.  This changes the delay (in seconds)
        # Custom DNS server resolution
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"
  #sthome-net:
  #  acme:
  #    email: "stuurmcp@telkomsa.net"
  #    storage: "/etc/traefik/local/acme.json"  # "/data/acme.json"
  #    caServer: "https://upd.sthome.net/acme-v02.api" # production:
  #    dnsChallenge:
  #      provider: sthomelocal
        #delayBeforeCheck: 30 # Default is 2m0s.  This changes the delay (in seconds)
        # Custom DNS server resolution
  #      resolvers:
  #        - "10.0.0.15:53"
  #        - "192.168.2.1:53"