From a5dd19a8ce3780c7c6033c2de30fb551bcd0f854 Mon Sep 17 00:00:00 2001 From: Maddox Date: Sun, 25 Jan 2026 20:41:32 +0000 Subject: [PATCH] adding stuff --- configs/dyno.yml | 1518 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1518 insertions(+) create mode 100644 configs/dyno.yml diff --git a/configs/dyno.yml b/configs/dyno.yml new file mode 100644 index 0000000..f876f95 --- /dev/null +++ b/configs/dyno.yml @@ -0,0 +1,1518 @@ +http: + serversTransports: + mytransport: + insecureSkipVerify: true + middlewares: + secure-headers: + headers: + frameDeny: true + contentTypeNosniff: true + browserXssFilter: true + forceSTSHeader: true + stsSeconds: 31536000 + stsIncludeSubdomains: true + stsPreload: true + redirect-to-https: + redirectScheme: + scheme: https + permanent: true + enable-websocket: + headers: + customRequestHeaders: + X-Forwarded-Proto: https + run-api-strip: + stripPrefix: + prefixes: + - /api/vi + authentik: + forwardAuth: + address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik + trustForwardHeader: true + authResponseHeaders: + - X-authentik-username + - X-authentik-groups + - X-authentik-email + - X-authentik-name + - X-authentik-uid + silverbullet-headers: + headers: + customResponseHeaders: + X-Robots-Tag: "noindex, nofollow" + X-Content-Type-Options: "nosniff" + Referrer-Policy: "strict-origin-when-cross-origin" + dvr-headers: + headers: + customRequestHeaders: + X-Forwarded-For: "{clientip}" + X-Forwarded-Proto: "https" + Host: "dvr.3ddbrewery.com" + weechat-websocket: + headers: + customRequestHeaders: + X-Forwarded-Proto: "https" + books-api-cors: + headers: + accessControlAllowMethods: + - "GET" + - "POST" + - "PUT" + - "DELETE" + - "OPTIONS" + - "PATCH" + accessControlAllowOriginList: + - "https://books.3ddbrewery.com" + - "https://books.fails.me" + accessControlAllowCredentials: true + accessControlAllowHeaders: + - "Content-Type" + - "Authorization" + - "X-Requested-With" + - "Accept" + - "Origin" + - "Cookie" + accessControlMaxAge: 600 + proxmox-headers: + headers: + customRequestHeaders: + X-Forwarded-Proto: https + customResponseHeaders: + X-Frame-Options: "SAMEORIGIN" # Allows iframe from same origin + contentTypeNosniff: true + browserXssFilter: true + forceSTSHeader: true + stsSeconds: 31536000 + stsIncludeSubdomains: true + stsPreload: true + + routers: + + # HTTP catchall + http-catchall: + rule: hostregexp(`{host:.+}`) + entryPoints: + - web + middlewares: + - redirect-to-https + service: noop@internal + priority: 1 + + ################### + # NO AUTH SERVICES + ################### + forgejo: + entryPoints: + - web-secure + tls: + certResolver: default + service: forgejo + rule: Host(`git.3ddbrewery.com`) || Host(`git.fails.me`) + middlewares: + - secure-headers + bookmarks: + entryPoints: + - web-secure + tls: + certResolver: default + service: bookmarks + rule: Host(`b.fails.me`) || Host(`bookmarks.fails.me`) || Host(`b.3ddbrewery.com`) + || Host(`bookmarks.3ddbrewery.com`) + middlewares: + - secure-headers + + pve: + entryPoints: + - web-secure + service: pve + rule: Host(`pve.3ddbrewery.com`) || Host(`pve.fails.me`) || Host(`pve-z620.3ddbrewery.com`) || Host(`pve-z620.fails.me`) + tls: + certResolver: default + middlewares: + - proxmox-headers + + pve2: + entryPoints: + - web-secure + service: pve2 + rule: Host(`pve2.3ddbrewery.com`) || Host(`pve2.fails.me`) + tls: + certResolver: default + middlewares: + - proxmox-headers + + finance: + entryPoints: + - web-secure + tls: + certResolver: default + service: finance + rule: Host(`f.fails.me`) || Host(`finance.fails.me`) || Host(`f.3ddbrewery.com`) + || Host(`finance.3ddbrewery.com`) + middlewares: + - secure-headers + + znc: + entryPoints: + - web-secure + tls: + certResolver: default + service: znc + rule: Host(`znc.fails.me`) || Host(`irc.fails.me`) || Host(`znc.3ddbrewery.com`) + || Host(`irc.3ddbrewery.com`) + middlewares: + - secure-headers + + NTFY: + entryPoints: + - web-secure + tls: + certResolver: default + service: NTFY + rule: Host(`notify.fails.me`) || Host(`ntfy.3ddbrewery.com`) + middlewares: + - secure-headers + - enable-websocket + + stores-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: stores-api + rule: Host(`api.stores.fails.me`) || Host(`api.stores.3ddbrewery.com`) + middlewares: + - secure-headers + + finance-dev: + entryPoints: + - web-secure + tls: + certResolver: default + service: finance-dev + rule: Host(`fin-dev.fails.me`) || Host(`fin-dev.3ddbrewery.com`) + middlewares: + - secure-headers + + immich: + entryPoints: + - web-secure + tls: + certResolver: default + service: immich + rule: Host(`photos.fails.me`) || Host(`photos.3ddbrewery.com`) + middlewares: + - secure-headers + + navidrome: + entryPoints: + - web-secure + tls: + certResolver: default + service: navidrome + rule: Host(`music.fails.me`) || Host(`music.3ddbrewery.com`) + middlewares: + - secure-headers + + weechat-relay: + entryPoints: + - web-secure + tls: + certResolver: default + service: weechat-relay + rule: Host(`weechat.fails.me`) || Host(`weechat.3ddbrewery.com`) + middlewares: + - weechat-websocket + + ################### + # AUTH SERVICES (simple - no API split) + ################### + + uptime: + entryPoints: + - web-secure + tls: + certResolver: default + service: uptime + rule: Host(`uptime.fails.me`) || Host(`uptime.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + phpmyadmin: + entryPoints: + - web-secure + tls: + certResolver: default + service: phpmyadmin + rule: Host(`php.fails.me`) || Host(`phpmyadmin.fails.me`) || Host(`php.3ddbrewery.com`) + || Host(`phpmyadmin.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + portainer: + entryPoints: + - web-secure + tls: + certResolver: default + service: portainer + rule: Host(`portainer.fails.me`) || Host(`docker.fails.me`) || Host(`portainer.3ddbrewery.com`) + || Host(`docker.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + nms: + entryPoints: + - web-secure + tls: + certResolver: default + service: nms + rule: Host(`nms.fails.me`) || Host(`nms.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + books: + entryPoints: + - web-secure + tls: + certResolver: default + service: books + rule: Host(`books.fails.me`) || Host(`books.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + # OPTIONS requests - no auth (high priority) + books-api-options: + entryPoints: + - web-secure + tls: + certResolver: default + service: books-api + rule: (Host(`api.books.fails.me`) || Host(`api.books.3ddbrewery.com`)) && Method(`OPTIONS`) + middlewares: + - books-api-cors + priority: 100 + + # All other requests - with auth + books-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: books-api + rule: Host(`api.books.fails.me`) || Host(`api.books.3ddbrewery.com`) + middlewares: + - secure-headers + - books-api-cors + - authentik + + stores: + entryPoints: + - web-secure + tls: + certResolver: default + service: stores + rule: Host(`stores.fails.me`) || Host(`stores.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + subgen: + entryPoints: + - web-secure + tls: + certResolver: default + service: subgen + rule: Host(`subgen.fails.me`) || Host(`subgen.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + n8n: + entryPoints: + - web-secure + tls: + certResolver: default + service: n8n + rule: Host(`n8n.fails.me`) || Host(`n8n.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + nerco: + entryPoints: + - web-secure + tls: + certResolver: default + service: nerco + rule: Host(`nerco.fails.me`) || Host(`nerco.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + homepage: + entryPoints: + - web-secure + tls: + certResolver: default + service: homepage + rule: Host(`h.fails.me`) || Host(`h.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + phppgadmin: + entryPoints: + - web-secure + tls: + certResolver: default + service: phppgadmin + rule: Host(`phppgadmin.fails.me`) || Host(`phppgadmin.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + archiveforge: + entryPoints: + - web-secure + tls: + certResolver: default + service: archiveforge + rule: Host(`archiveforge.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + + silverbullet: + entryPoints: + - web-secure + tls: + certResolver: default + service: silverbullet + rule: Host(`sb.fails.me`) || Host(`sb.3ddbrewery.com`) + middlewares: + - silverbullet-headers + - authentik + + ################### + # AUTH SERVICES (with API split - no auth on /api) + ################### + + sonarr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: sonarr + rule: (Host(`sonarr.fails.me`) || Host(`sonarr.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + sonarr-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: sonarr + rule: (Host(`sonarr.fails.me`) || Host(`sonarr.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + radarr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: radarr + rule: (Host(`radarr.fails.me`) || Host(`movies.fails.me`) || Host(`radarr.3ddbrewery.com`) + || Host(`movies.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + radarr-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: radarr + rule: (Host(`radarr.fails.me`) || Host(`movies.fails.me`) || Host(`radarr.3ddbrewery.com`) + || Host(`movies.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + hass-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: hass + rule: (Host(`home.fails.me`) || Host(`home.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + hass-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: hass + rule: (Host(`home.fails.me`) || Host(`home.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + audiobookshelf-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: audiobookshelf + rule: (Host(`podcasts.fails.me`) || Host(`audiobookshelf.fails.me`) || Host(`podcasts.3ddbrewery.com`) + || Host(`audiobookshelf.3ddbrewery.com`)) && !PathPrefix(`/audiobookshelf/feed`) + middlewares: + - secure-headers + - authentik + audiobookshelf-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: audiobookshelf + rule: (Host(`podcasts.fails.me`) || Host(`audiobookshelf.fails.me`) || Host(`podcasts.3ddbrewery.com`) + || Host(`audiobookshelf.3ddbrewery.com`)) && PathPrefix(`/audiobookshelf/feed`) + middlewares: + - secure-headers + + bazarr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: bazarr + rule: (Host(`bazarr.fails.me`) || Host(`bazarr.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + bazarr-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: bazarr + rule: (Host(`bazarr.fails.me`) || Host(`bazarr.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + channels-dvr-streaming: + entryPoints: + - web-secure + tls: + certResolver: default + service: channels-dvr + rule: (Host(`channels-dvr.fails.me`) || Host(`dvr.fails.me`) || Host(`channels-dvr.3ddbrewery.com`) + || Host(`dvr.3ddbrewery.com`)) && (PathPrefix(`/devices`) || PathPrefix(`/dvr`) || PathPrefix(`/stream`) || PathPrefix(`/api`)) + middlewares: + - dvr-headers + + channels-dvr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: channels-dvr + rule: Host(`channels-dvr.fails.me`) || Host(`dvr.fails.me`) || Host(`channels-dvr.3ddbrewery.com`) + || Host(`dvr.3ddbrewery.com`) + middlewares: + - dvr-headers + - authentik + priority: 1 + + channeltube-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: channeltube + rule: (Host(`channeltube.fails.me`) || Host(`channeltube.3ddbrewery.com`)) && + !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + channeltube-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: channeltube + rule: (Host(`channeltube.fails.me`) || Host(`channeltube.3ddbrewery.com`)) && + PathPrefix(`/api`) + middlewares: + - secure-headers + + cyberchef-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: cyberchef + rule: (Host(`cyberchef.fails.me`) || Host(`cyberchef.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + cyberchef-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: cyberchef + rule: (Host(`cyberchef.fails.me`) || Host(`cyberchef.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + emby-bypass: + entryPoints: + - web-secure + tls: + certResolver: default + service: emby + rule: (Host(`m.fails.me`) || Host(`tv.fails.me`) || Host(`m.3ddbrewery.com`) + || Host(`tv.3ddbrewery.com`)) && (PathPrefix(`/emby`) || PathPrefix(`/videos`) || PathPrefix(`/socket`) || PathPrefix(`/api`) || PathPrefix(`/System`) || PathPrefix(`/Users`)) + middlewares: + - secure-headers + + emby-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: emby + rule: Host(`m.fails.me`) || Host(`tv.fails.me`) || Host(`m.3ddbrewery.com`) + || Host(`tv.3ddbrewery.com`) + middlewares: + - secure-headers + - authentik + priority: 1 + + requests-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: requests + rule: (Host(`requests.fails.me`) || Host(`requests.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + requests-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: requests + rule: (Host(`requests.fails.me`) || Host(`requests.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + lidarr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: lidarr + rule: (Host(`lidarr.fails.me`) || Host(`lidarr.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + lidarr-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: lidarr + rule: (Host(`lidarr.fails.me`) || Host(`lidarr.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + node-red-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: node-red + rule: (Host(`node-red.fails.me`) || Host(`node-red.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + node-red-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: node-red + rule: (Host(`node-red.fails.me`) || Host(`node-red.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + node-red-hass-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: node-red-hass + rule: (Host(`nr.fails.me`) || Host(`nr.3ddbrewery.com`)) && !PathPrefix(`/endpoint`) + middlewares: + - secure-headers + - authentik + node-red-hass-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: node-red-hass + rule: (Host(`nr.fails.me`) || Host(`nr.3ddbrewery.com`)) && PathPrefix(`/endpoint`) + middlewares: + - secure-headers + + nzb-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: nzb + rule: (Host(`nzb.fails.me`) || Host(`dl.fails.me`) || Host(`nzb.3ddbrewery.com`) + || Host(`dl.3ddbrewery.com`)) && !PathPrefix(`/xmlrpc`) + middlewares: + - secure-headers + - authentik + nzb-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: nzb + rule: (Host(`nzb.fails.me`) || Host(`dl.fails.me`) || Host(`nzb.3ddbrewery.com`) + || Host(`dl.3ddbrewery.com`)) && PathPrefix(`/xmlrpc`) + middlewares: + - secure-headers + + prowlarr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: prowlarr + rule: (Host(`prowlarr.fails.me`) || Host(`prowlarr.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + prowlarr-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: prowlarr + rule: (Host(`prowlarr.fails.me`) || Host(`prowlarr.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + readarr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: readarr + rule: (Host(`readarr.fails.me`) || Host(`readarr.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + readarr-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: readarr + rule: (Host(`readarr.fails.me`) || Host(`readarr.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + rutorrent-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: rutorrent + rule: (Host(`tor.fails.me`) || Host(`tor.3ddbrewery.com`)) && !PathPrefix(`/RPC2`) + middlewares: + - secure-headers + - authentik + rutorrent-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: rutorrent + rule: (Host(`tor.fails.me`) || Host(`tor.3ddbrewery.com`)) && PathPrefix(`/RPC2`) + middlewares: + - secure-headers + + run-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: run + rule: (Host(`running.fails.me`) || Host(`run.fails.me`) || Host(`running.3ddbrewery.com`) + || Host(`run.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + run-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: run-api + rule: (Host(`running.fails.me`) || Host(`run.fails.me`) || Host(`running.3ddbrewery.com`) + || Host(`run.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + - run-api-strip + + unifi-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: unifi + rule: (Host(`unifi.fails.me`) || Host(`unifi.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + unifi-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: unifi + rule: (Host(`unifi.fails.me`) || Host(`unifi.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + webcheck-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: webcheck + rule: (Host(`webcheck.fails.me`) || Host(`webcheck.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + webcheck-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: webcheck + rule: (Host(`webcheck.fails.me`) || Host(`webcheck.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + dsm-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: dsm + rule: (Host(`dsm.fails.me`) || Host(`dsm.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + dsm-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: dsm + rule: (Host(`dsm.fails.me`) || Host(`dsm.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + autoscan-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: autoscan + rule: (Host(`autoscan.fails.me`) || Host(`autoscan.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + autoscan-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: autoscan + rule: (Host(`autoscan.fails.me`) || Host(`autoscan.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + watchstate-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: watchstate + rule: (Host(`watchstate.fails.me`) || Host(`watchstate.3ddbrewery.com`)) && + !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + watchstate-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: watchstate + rule: (Host(`watchstate.fails.me`) || Host(`watchstate.3ddbrewery.com`)) && + PathPrefix(`/api`) + middlewares: + - secure-headers + + node-red-het-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: node-red-het + rule: (Host(`nr-het.fails.me`) || Host(`node-het.fails.me`) || Host(`nr-het.3ddbrewery.com`) + || Host(`node-het.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + node-red-het-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: node-red-het + rule: (Host(`nr-het.fails.me`) || Host(`node-het.fails.me`) || Host(`nr-het.3ddbrewery.com`) + || Host(`node-het.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + profilarr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: profilarr + rule: (Host(`profilarr.fails.me`) || Host(`profilarr.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + profilarr-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: profilarr + rule: (Host(`profilarr.fails.me`) || Host(`profilarr.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + food-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: food + rule: (Host(`food.fails.me`) || Host(`food.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + food-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: food + rule: (Host(`food.fails.me`) || Host(`food.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + maps-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: maps + rule: (Host(`maps.fails.me`) || Host(`maps.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + maps-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: maps + rule: (Host(`maps.fails.me`) || Host(`maps.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + calibre-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: calibre + rule: (Host(`library-vnc.fails.me`) || Host(`library-vnc.3ddbrewery.com`)) && + !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + calibre-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: calibre + rule: (Host(`library-vnc.fails.me`) || Host(`library-vnc.3ddbrewery.com`)) && + PathPrefix(`/api`) + middlewares: + - secure-headers + + calibre-web-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: calibre-web + rule: (Host(`library.fails.me`) || Host(`library.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + calibre-web-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: calibre-web + rule: (Host(`library.fails.me`) || Host(`library.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + beszel-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: beszel + rule: (Host(`mon.fails.me`) || Host(`mon.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + beszel-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: beszel + rule: (Host(`mon.fails.me`) || Host(`mon.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + dispatcharr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: dispatcharr + rule: (Host(`tv-guide.fails.me`) || Host(`dispatcharr.fails.me`) || Host(`tv-guide.3ddbrewery.com`) + || Host(`dispatacharr.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + dispatcharr-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: dispatcharr + rule: (Host(`tv-guide.fails.me`) || Host(`dispatacharr.fails.me`) || Host(`tv-guide.3ddbrewery.com`) + || Host(`dispatacharr.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + technitium-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: technitium + rule: (Host(`d.fails.me`) || Host(`technitium.fails.me`) || Host(`d.3ddbrewery.com`) + || Host(`technitium.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + technitium-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: technitium + rule: (Host(`d.fails.me`) || Host(`technitium.fails.me`) || Host(`d.3ddbrewery.com`) + || Host(`technitium.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + termix-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: termix + rule: (Host(`term.fails.me`) || Host(`termix.fails.me`) || Host(`term.3ddbrewery.com`) + || Host(`termix.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + termix-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: termix + rule: (Host(`term.fails.me`) || Host(`termix.fails.me`) || Host(`term.3ddbrewery.com`) + || Host(`termix.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + soulseek-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: soulseek + rule: (Host(`slskd.fails.me`) || Host(`soul.fails.me`) || Host(`slskd.3ddbrewery.com`) + || Host(`soul.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + soulseek-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: soulseek + rule: (Host(`slskd.fails.me`) || Host(`soul.fails.me`) || Host(`slskd.3ddbrewery.com`) + || Host(`soul.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + tunarr-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: tunarr + rule: (Host(`tunarr.fails.me`) || Host(`tuner.fails.me`) || Host(`tunarr.3ddbrewery.com`) + || Host(`tuner.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + tunarr-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: tunarr + rule: (Host(`tunarr.fails.me`) || Host(`tuner.fails.me`) || Host(`tunarr.3ddbrewery.com`) + || Host(`tuner.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + vert-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: vert + rule: (Host(`vert.fails.me`) || Host(`convert.fails.me`) || Host(`vert.3ddbrewery.com`) + || Host(`convert.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - secure-headers + - authentik + vert-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: vert + rule: (Host(`vert.fails.me`) || Host(`convert.fails.me`) || Host(`vert.3ddbrewery.com`) + || Host(`convert.3ddbrewery.com`)) && PathPrefix(`/api`) + middlewares: + - secure-headers + + glowing-bear-web: + entryPoints: + - web-secure + tls: + certResolver: default + service: glowing-bear + rule: (Host(`glow.fails.me`) || Host(`chat.fails.me`) || Host(`glow.3ddbrewery.com`) + || Host(`chat.3ddbrewery.com`)) && !PathPrefix(`/api`) + middlewares: + - authentik + glowing-bear-api: + entryPoints: + - web-secure + tls: + certResolver: default + service: glowing-bear + rule: (Host(`glow.fails.me`) || Host(`chat.fails.me`) || Host(`glow.3ddbrewery.com`) + || Host(`chat.3ddbrewery.com`)) && PathPrefix(`/api`) + + technitium2: + entryPoints: + - web-secure + service: technitium2 + rule: Host(`d2.3ddbrewery.com`) + tls: + certResolver: default + services: + + bookmarks: + loadBalancer: + servers: + - url: http://192.168.1.252:3054 + passHostHeader: false + sonarr: + loadBalancer: + servers: + - url: http://192.168.1.80:8989 + passHostHeader: false + finance: + loadBalancer: + servers: + - url: http://192.168.12.3:6182 + passHostHeader: false + radarr: + loadBalancer: + servers: + - url: http://192.168.1.80:7878 + passHostHeader: false + uptime: + loadBalancer: + servers: + - url: http://192.168.1.123:3444 + passHostHeader: false + phpmyadmin: + loadBalancer: + servers: + - url: http://192.168.1.252:2500 + passHostHeader: false + znc: + loadBalancer: + servers: + - url: https://192.168.1.251:6501 + passHostHeader: true + serversTransport: mytransport + portainer: + loadBalancer: + servers: + - url: https://192.168.1.80:9443 + passHostHeader: true + serversTransport: mytransport + hass: + loadBalancer: + servers: + - url: https://192.168.1.244:8123 + passHostHeader: true + serversTransport: mytransport + nms: + loadBalancer: + servers: + - url: http://192.168.1.251:5080 + passHostHeader: false + audiobookshelf: + loadBalancer: + servers: + - url: http://192.168.1.252:13378 + passHostHeader: false + bazarr: + loadBalancer: + servers: + - url: http://192.168.1.80:6767 + passHostHeader: false + books: + loadBalancer: + servers: + - url: http://192.168.1.252:3000 + passHostHeader: false + books-api: + loadBalancer: + servers: + - url: http://192.168.1.252:48000 + passHostHeader: false + channels-dvr: + loadBalancer: + servers: + - url: http://192.168.1.252:8089 + passHostHeader: true + responseForwarding: + flushInterval: -1 + channeltube: + loadBalancer: + servers: + - url: http://192.168.1.252:5444 + passHostHeader: false + cyberchef: + loadBalancer: + servers: + - url: http://192.168.1.80:7318 + passHostHeader: false + emby: + loadBalancer: + servers: + - url: http://192.168.1.80:8096 + responseForwarding: + flushInterval: -1 + requests: + loadBalancer: + servers: + - url: http://192.168.1.252:5055 + passHostHeader: false + lidarr: + loadBalancer: + servers: + - url: http://192.168.1.80:8686 + passHostHeader: false + node-red: + loadBalancer: + servers: + - url: http://192.168.1.252:1880 + passHostHeader: false + node-red-hass: + loadBalancer: + servers: + - url: https://192.168.1.244:1880 + passHostHeader: false + serversTransport: mytransport + NTFY: + loadBalancer: + servers: + - url: http://192.168.1.121:6741 + passHostHeader: false + nzb: + loadBalancer: + servers: + - url: http://192.168.1.122:6789 + passHostHeader: false + prowlarr: + loadBalancer: + servers: + - url: http://192.168.1.80:9696 + passHostHeader: false + readarr: + loadBalancer: + servers: + - url: http://192.168.1.80:8787 + passHostHeader: false + rutorrent: + loadBalancer: + servers: + - url: https://192.168.1.122:38443 + passHostHeader: false + serversTransport: mytransport + run: + loadBalancer: + servers: + - url: http://192.168.1.252:5173 + passHostHeader: false + run-api: + loadBalancer: + servers: + - url: http://192.168.1.252:6883 + passHostHeader: false + stores: + loadBalancer: + servers: + - url: http://192.168.1.252:45580 + passHostHeader: false + subgen: + loadBalancer: + servers: + - url: http://192.168.1.252:3900 + passHostHeader: false + unifi: + loadBalancer: + servers: + - url: https://192.168.1.121:8443 + passHostHeader: false + serversTransport: mytransport + webcheck: + loadBalancer: + servers: + - url: http://192.168.1.80:6160 + passHostHeader: false + dsm: + loadBalancer: + servers: + - url: https://192.168.1.251:5001 + passHostHeader: false + serversTransport: mytransport + autoscan: + loadBalancer: + servers: + - url: http://192.168.1.252:3030 + passHostHeader: false + watchstate: + loadBalancer: + servers: + - url: http://192.168.1.252:8585 + passHostHeader: false + node-red-het: + loadBalancer: + servers: + - url: http://192.168.12.3:1880 + passHostHeader: false + finance-dev: + loadBalancer: + servers: + - url: http://192.168.1.251:6182 + passHostHeader: false + n8n: + loadBalancer: + servers: + - url: http://192.168.1.252:5678 + passHostHeader: false + nerco: + loadBalancer: + servers: + - url: http://192.168.1.252:3333 + passHostHeader: false + homepage: + loadBalancer: + servers: + - url: http://192.168.1.80:3305 + passHostHeader: false + phppgadmin: + loadBalancer: + servers: + - url: http://192.168.1.252:5183 + passHostHeader: false + profilarr: + loadBalancer: + servers: + - url: http://192.168.1.80:6868 + passHostHeader: false + food: + loadBalancer: + servers: + - url: http://192.168.1.81:9925 + passHostHeader: true + maps: + loadBalancer: + servers: + - url: http://192.168.1.252:3666 + passHostHeader: false + calibre: + loadBalancer: + servers: + - url: http://192.168.1.252:28080 + passHostHeader: false + calibre-web: + loadBalancer: + servers: + - url: http://192.168.1.252:28083 + passHostHeader: false + immich: + loadBalancer: + servers: + - url: http://192.168.1.82:2283 + passHostHeader: false + navidrome: + loadBalancer: + servers: + - url: http://192.168.1.80:4533 + passHostHeader: false + beszel: + loadBalancer: + servers: + - url: http://192.168.1.252:31090 + passHostHeader: false + dispatcharr: + loadBalancer: + servers: + - url: http://192.168.1.252:9191 + technitium: + loadBalancer: + servers: + - url: http://192.168.1.251:5380 + passHostHeader: false + termix: + loadBalancer: + servers: + - url: http://192.168.1.252:5674 + soulseek: + loadBalancer: + servers: + - url: http://192.168.1.80:5030 + tunarr: + loadBalancer: + servers: + - url: http://192.168.1.252:48323 + vert: + loadBalancer: + servers: + - url: http://192.168.1.252:3884 + glowing-bear: + loadBalancer: + servers: + - url: http://192.168.1.252:28280 + passHostHeader: true + weechat-relay: + loadBalancer: + servers: + - url: http://192.168.1.252:29001 + passHostHeader: false + archiveforge: + loadBalancer: + servers: + - url: http://192.168.1.252:8766 + passHostHeader: false + silverbullet: + loadBalancer: + servers: + - url: http://192.168.1.81:53510 + passHostHeader: true + stores-api: + loadBalancer: + servers: + - url: http://192.168.1.252:45581 + passHostHeader: false + pve: + loadBalancer: + servers: + - url: https://192.168.1.5:8006 + passHostHeader: true + serversTransport: mytransport + technitium2: + loadBalancer: + servers: + - url: http://192.168.1.125:5380/ + passHostHeader: false + pve2: + loadBalancer: + servers: + - url: https://192.168.1.3:8006 + passHostHeader: true + serversTransport: mytransport + forgejo: + loadBalancer: + servers: + - url: http://192.168.1.81:3000 + passHostHeader: false