# Traefik v3 static configuration # Generated by Ansible global: checkNewVersion: false sendAnonymousUsage: false log: level: INFO accessLog: filePath: /var/log/traefik/access.log bufferingSize: 100 fields: defaultMode: keep headers: defaultMode: drop names: User-Agent: keep Referer: drop api: dashboard: true insecure: false ping: {} entryPoints: web: address: ":80" forwardedHeaders: # Trust Cloudflare IP ranges — they pass real visitor IP in X-Forwarded-For trustedIPs: - "173.245.48.0/20" - "103.21.244.0/22" - "103.22.200.0/22" - "103.31.4.0/22" - "141.101.64.0/18" - "108.162.192.0/18" - "190.93.240.0/20" - "188.114.96.0/20" - "197.234.240.0/22" - "198.41.128.0/17" - "162.158.0.0/15" - "104.16.0.0/13" - "104.24.0.0/14" - "172.64.0.0/13" - "131.0.72.0/22" - "2400:cb00::/32" - "2606:4700::/32" - "2803:f800::/32" - "2405:b500::/32" - "2405:8100::/32" - "2a06:98c0::/29" - "2c0f:f248::/32" http: redirections: entryPoint: to: websecure scheme: https websecure: address: ":443" forwardedHeaders: trustedIPs: - "173.245.48.0/20" - "103.21.244.0/22" - "103.22.200.0/22" - "103.31.4.0/22" - "141.101.64.0/18" - "108.162.192.0/18" - "190.93.240.0/20" - "188.114.96.0/20" - "197.234.240.0/22" - "198.41.128.0/17" - "162.158.0.0/15" - "104.16.0.0/13" - "104.24.0.0/14" - "172.64.0.0/13" - "131.0.72.0/22" - "2400:cb00::/32" - "2606:4700::/32" - "2803:f800::/32" - "2405:b500::/32" - "2405:8100::/32" - "2a06:98c0::/29" - "2c0f:f248::/32" http: middlewares: - security-headers@file certificatesResolvers: letsencrypt: acme: email: "{{ acme_email }}" storage: /acme/acme.json # TODO: switch to dnsChallenge after Cloudflare NS propagation httpChallenge: entryPoint: web providers: file: directory: /etc/traefik/dynamic watch: true serversTransport: insecureSkipVerify: false