Initial commit

2023-08-09 14:01:28 +02:00
commit f4efbc7a63
199 changed files with 13338 additions and 0 deletions
--- a/traefik-crowdsec-stack/traefik/dynamic_conf.yml
+++ b/traefik-crowdsec-stack/traefik/dynamic_conf.yml
@@ -0,0 +1,91 @@
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      cipherSuites:
+        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+        - TLS_AES_128_GCM_SHA256
+        - TLS_AES_256_GCM_SHA384
+        - TLS_CHACHA20_POLY1305_SHA256
+      curvePreferences:
+        - CurveP521
+        - CurveP384
+      sniStrict: true
+http:
+  middlewares:
+    default:
+      chain:
+        middlewares:
+          - default-security-headers
+          - gzip
+
+    default-security-headers:
+      headers:
+        browserXssFilter: true
+        contentTypeNosniff: true
+        forceSTSHeader: true
+        frameDeny: true
+        stsIncludeSubdomains: true
+        stsPreload: true
+        stsSeconds: 31536000
+        customFrameOptionsValue: "SAMEORIGIN"
+    gzip:
+      compress: {}
+
+    traefik-crowdsec-bouncer:
+      forwardauth:
+        address: http://traefik-crowdsec-bouncer:8080/api/v1/forwardAuth
+        trustForwardHeader: true
+
+    real-ip-cf:
+      plugin:
+        real-ip:
+          Proxy:
+            - proxyHeadername: "*"
+              realIP: Cf-Connecting-Ip
+              OverwriteXFF: true
+
+    hpnetwork-whitelist:
+      ipWhiteList:
+        sourceRange:
+          - "127.0.0.1/32"
+          - "10.1.0.0/24"
+          - "10.6.0.0/24"
+          - "192.168.0.0/24"
+
+  routers:
+    routerasteriskold:
+      rule: "Host(`asterisk.prothmann.com`)"
+      service: asteriskold@file
+      entryPoints: websecure
+      tls:
+        certResolver: http_resolver
+      middlewares:
+        - hpnetwork-whitelist
+
+    routerrspamdold:
+      rule: "Host(`rspamd.prothmann.com`)"
+      service: rspamdold@file
+      entryPoints: websecure
+      tls:
+        certResolver: http_resolver
+      middlewares:
+        - hpnetwork-whitelist
+
+    
+  services:
+    nextcloud:
+      loadBalancer:
+        servers:
+          - url: "http://10.1.0.13:11000"
+    asteriskold:
+      loadBalancer:
+        servers:
+          - url: "http://10.3.0.28:80"
+    rspamdold:
+      loadBalancer:
+        servers:
+          - url: "http://mail.prothmann.com/rspamd/"
+