Paul R Kartchner
6a7b2ff7f0
Configuration changes: - Enable Traefik experimental plugins support - Add Crowdsec bouncer plugin (maxlerebourg v1.3.3) - Configure Crowdsec middleware in config.yml - Connect Traefik to Crowdsec network - Add IP whitelist middleware for internal network - Update .gitignore to exclude crowdsec directory Security enhancements: - All routes now protected by Crowdsec threat intelligence - Internal network IP whitelist for Traefik dashboard - Crowdsec monitors all Traefik access logs - Real-time blocking of malicious IPs Protected services: - Mealie (recipes.pkartchner.com) - Gogs (git.pkartchner.com) - Traefik Dashboard (internal network only) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
44 lines
823 B
YAML
44 lines
823 B
YAML
api:
|
|
dashboard: true
|
|
debug: false
|
|
|
|
experimental:
|
|
plugins:
|
|
bouncer:
|
|
moduleName: github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin
|
|
version: v1.3.3
|
|
|
|
entryPoints:
|
|
http:
|
|
address: ":80"
|
|
https:
|
|
address: ":443"
|
|
|
|
serversTransport:
|
|
insecureSkipVerify: true
|
|
|
|
providers:
|
|
docker:
|
|
endpoint: "unix:///var/run/docker.sock"
|
|
exposedByDefault: false
|
|
network: traefik
|
|
file:
|
|
filename: /config.yml
|
|
watch: true
|
|
|
|
certificatesResolvers:
|
|
letsencrypt:
|
|
acme:
|
|
email: pkartch@gmail.com
|
|
storage: acme.json
|
|
# Uncomment for production (remove caServer line for production)
|
|
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
|
|
httpChallenge:
|
|
entryPoint: http
|
|
|
|
log:
|
|
level: INFO
|
|
|
|
accessLog:
|
|
filePath: "/var/log/traefik/access.log"
|