From 92ff91fe6db74584085ee327698f22797432fcf5 Mon Sep 17 00:00:00 2001 From: notohh Date: Thu, 12 Oct 2023 02:16:22 -0400 Subject: [PATCH] traefik: deploy http redirects --- hosts/sora/services/traefik.nix | 80 +++++++++++++++++++++++++++++++-- 1 file changed, 76 insertions(+), 4 deletions(-) diff --git a/hosts/sora/services/traefik.nix b/hosts/sora/services/traefik.nix index bc6067f..fc6c0d6 100644 --- a/hosts/sora/services/traefik.nix +++ b/hosts/sora/services/traefik.nix @@ -22,10 +22,16 @@ }; }; http = { - middlewares.authelia = { - forwardauth = { - address = "http://100.121.201.47:9091/api/verify?rd=https://passport.notohh.dev/"; - trustForwardHeader = true; + middlewares = { + authelia = { + forwardauth = { + address = "http://100.121.201.47:9091/api/verify?rd=https://passport.notohh.dev/"; + trustForwardHeader = true; + }; + }; + redirect-to-https = { + redirectscheme.scheme = "https"; + redirectscheme.permanent = true; }; }; routers = { @@ -34,6 +40,12 @@ entrypoints = ["websecure"]; service = "api@internal"; }; + uptime-kuma-insecure = { + rule = "Host(`status.flake.sh`)"; + entrypoints = ["web"]; + service = "uptime-kuma"; + middlewares = "redirect-to-https"; + }; uptime-kuma = { rule = "Host(`status.flake.sh`)"; entrypoints = ["websecure"]; @@ -41,6 +53,12 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + gotify-insecure = { + rule = "Host(`gotify.flake.sh`)"; + entrypoints = ["web"]; + service = "gotify"; + middlewares = "redirect-to-https"; + }; gotify = { rule = "Host(`gotify.flake.sh`)"; entrypoints = ["websecure"]; @@ -48,6 +66,12 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + conduit-insecure = { + rule = "Host(`matrix.flake.sh`)"; + entrypoints = ["web"]; + service = "conduit"; + middlewares = "redirect-to-https"; + }; conduit = { rule = "Host(`matrix.flake.sh`)"; entrypoints = ["websecure"]; @@ -55,6 +79,12 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + authelia-insecure = { + rule = "Host(`passport.notohh.dev`)"; + entrypoints = ["web"]; + service = "authelia"; + middlewares = "redirect-to-https"; + }; authelia = { rule = "Host(`passport.notohh.dev`)"; entrypoints = ["websecure"]; @@ -62,6 +92,12 @@ tls.domains = [{main = "*.notohh.dev";}]; tls.certresolver = "production"; }; + foundryvtt-insecure = { + rule = "Host(`foundry.flake.sh`)"; + entrypoints = ["web"]; + service = "authelia"; + middlewares = "redirect-to-https"; + }; foundryvtt = { rule = "Host(`foundry.flake.sh`)"; entrypoints = ["websecure"]; @@ -69,6 +105,12 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + forgejo-insecure = { + rule = "Host(`git.flake.sh`)"; + entrypoints = ["web"]; + service = "forgejo"; + middlewares = "redirect-to-https"; + }; forgejo = { rule = "Host(`git.flake.sh`)"; entrypoints = ["websecure"]; @@ -76,6 +118,12 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + rustypaste-insecure = { + rule = "Host(`i.flake.sh`)"; + entrypoints = ["web"]; + service = "rustypaste"; + middlewares = "redirect-to-https"; + }; rustypaste = { rule = "Host(`i.flake.sh`)"; entrypoints = ["websecure"]; @@ -83,6 +131,12 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + grafana-insecure = { + rule = "Host(`metrics.flake.sh`)"; + entrypoints = ["web"]; + service = "grafana"; + middlewares = "redirect-to-https"; + }; grafana = { rule = "Host(`metrics.flake.sh`)"; entrypoints = ["websecure"]; @@ -90,6 +144,12 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + hedgedoc-insecure = { + rule = "Host(`scratch.flake.sh`)"; + entrypoints = ["web"]; + service = "hedgedoc"; + middlewares = "redirect-to-https"; + }; hedgedoc = { rule = "Host(`scratch.flake.sh`)"; entrypoints = ["websecure"]; @@ -97,6 +157,12 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + vaultwarden-insecure = { + rule = "Host(`vault.flake.sh`)"; + entrypoints = ["web"]; + service = "vaultwarden"; + middlewares = "redirect-to-https"; + }; vaultwarden = { rule = "Host(`vault.flake.sh`)"; entrypoints = ["websecure"]; @@ -104,6 +170,12 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + searxng-insecure = { + rule = "Host(`search.flake.sh`)"; + entrypoints = ["web"]; + service = "searxng"; + middlewares = "redirect-to-https"; + }; searxng = { rule = "Host(`search.flake.sh`)"; entrypoints = ["websecure"];