api: dashboard: false debug: false # never true in production insecure: false # explicit entryPoints: web: address: :80 http: redirections: entryPoint: to: websecure scheme: https permanent: true websecure: address: :443 forwardedHeaders: trustedIPs: - "173.245.48.0/20" - "103.21.244.0/22" - "103.22.200.0/22" - "103.31.4.0/22" - "141.101.64.0/18" - "108.162.192.0/18" - "190.93.240.0/20" - "188.114.96.0/20" - "197.234.240.0/22" - "198.41.128.0/17" - "162.158.0.0/15" - "104.16.0.0/13" - "104.24.0.0/14" - "172.64.0.0/13" - "131.0.72.0/22" - "2400:cb00::/32" - "2606:4700::/32" - "2803:f800::/32" - "2405:b500::/32" - "2405:8100::/32" - "2a06:98c0::/29" - "2c0f:f248::/32" http: middlewares: - real-ip@file - geoblock@file - rate-limit@file - crowdsec-bouncer@file - security-headers@file providers: docker: endpoint: "tcp://socket-proxy:2375" # not the unix socket exposedByDefault: false file: filename: /config.yaml watch: true certificatesResolvers: cloudflare: acme: email: "noreply@gabesville.com" storage: /var/traefik/certs/cloudflare-acme.json caServer: 'https://acme-v02.api.letsencrypt.org/directory' keyType: EC256 dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "9.9.9.9:53" log: level: "INFO" filePath: "/var/log/traefik/traefik.log" maxSize: 100 # MB per file maxBackups: 3 # keep last 3 rotated files maxAge: 7 # days before deletion compress: true # gzip rotated files accessLog: filePath: "/var/log/traefik/access.log" bufferingSize: 100 filters: statusCodes: - "400-599" # only log errors — reduces volume significantly global: checkNewVersion: false sendAnonymousUsage: false experimental: plugins: crowdsec-bouncer: moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin" version: "v1.5.1" traefik-warp: moduleName: "github.com/l4rm4nd/traefik-warp" version: "v1.1.5" geoblock: moduleName: "github.com/PascalMinder/geoblock" version: "v0.3.3"