api:
  dashboard: true
  debug: true
ping: {}
metrics:
  prometheus:
    addEntryPointsLabels: true
    addRoutersLabels: true
    addServicesLabels: true
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          permanent: true
  https:
    address: ":443"
    http:
      tls:
        certResolver: myresolver
        # domains:
        #   - main: "tuservidor.es"
        #     sans:
        #       - "*.tuservidor.es"
      middlewares:
        - default@file
        - my-torblock@file
        - shuul-auth@file
        #- my-geoblock@file
        #- my-fail2ban@file
        #- error-pages@file
        #- my-fail2ban@file
        #- crowdsec-bouncer@file
  ping:
    address: ":8082"
  git:
    address: ":2222"
  sftpgo:
    address: ":2022"
  mumble_tcp:
    address: ":64738"
  mumble_udp:
    address: ":64738/udp"
  #relay:
  #  address: ":22067"
  #smtp:
  #  address: ":25"
  #  proxyProtocol:
  #    trustedIPs:
  #      - 172.29.0.8
  #      - 172.29.0.41
  #smtps:
  #  address: ":465"
  #  proxyProtocol:
  #    trustedIPs:
  #      - 172.29.0.8
  #      - 172.29.0.41
  #imaps:
  #  address: ":993"
  #  proxyProtocol:
  #    trustedIPs:
  #      - 172.29.0.8
  #      - 172.29.0.41


serversTransports:
  proxyProtocolTransport:
    insecureSkipVerify: false
    proxyProtocol:
      version: 3

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.tuservidor.es`)"
    network: proxy
  file:
    directory: /conf
    watch: true

log:
  level: INFO
  format: json
accessLog:
  format: json
  fields:
    defaultMode: keep
    names:
      ClientUsername: keep
    headers:
      defaultMode: keep
      names:
        Content-Type: keep
        X-Forwarded-For: keep
  filters:
    statusCodes:
      - "300-302"
      - "400-409"
    retryAttempts: true
    minDuration: "10ms"


certificatesResolvers:
  myresolver:
    acme:
      keyType: EC256
      email: pepe@tuservidor.es
      storage: /etc/certs/acme.json
      httpChallenge:
        entryPoint: http
  cloudflare:
    acme:
      keyType: EC256
      email: lorenzo.carbonell.cerezo@gmailcom
      caServer: https://acme-v02.api.letsencrypt.org/directory # production (default)
      #caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging
      storage: /etc/certs/cloudflare.json
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 10 #Optional to wait x second before checking with the DNS Server

tls:
  options:
    default:
      minVersion: VersionTLS12

experimental:
  plugins:
    geoblock:
      moduleName: "github.com/PascalMinder/geoblock"
      version: "v0.3.2"
    fail2ban:
      moduleName: "github.com/tomMoulard/fail2ban"
      version: "v0.8.3"
    torblock:
      moduleName: "github.com/jpxd/torblock"
      version: "v0.1.1"
    traefik-real-ip:
      moduleName: "github.com/soulbalz/traefik-real-ip"
      version: "v1.0.3"
    sablier:
      moduleName: "github.com/sablierapp/sablier"
      version: "v1.8.5"
    traefik-oidc-auth:
      moduleName: "github.com/sevensolutions/traefik-oidc-auth"
      version: "v0.11.0"
    htransformation:
      moduleName: "github.com/tomMoulard/htransformation"
      version: "v0.3.3"