api:
  dashboard: true
  debug: true
  insecure: true

providers:
  docker:
    exposedbydefault: false

  file:
    # filename: "/etc/traefik/static_config.yml"
    directory: /rules
    watch: true

log:
  level: info
  #  filePath: "/log/info.log"
  #format: json

accessLog:
  filePath: "/log/access.log"
  bufferingSize: 100
  format: json
  #filters:
    #statusCodes:
      #- "200"
      #- "300-302"
      #retryAttempts: true
      #minDuration: "10ms"

#metrics:
  #influxDB:
    #address: 'telegraf:8081'
    #protocol: http
    #database: traefik
    #pushInterval: 60s
    #addEntryPointsLabels: true
    #addServicesLabels: true

certificatesResolvers:
  #  milvert_cert:
    # acme:
      #  email: simon@milvert.com
      #storage: "/letsencrypt/acme.json"
      #httpChallenge:
        #  entryPoint: web
        #tlsChallenge: {}
  peek:
    acme:
      email: simon@milvert.com
      storage: "/letsencrypt/acme_peek.json"
      #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      #      storage: "/letsencrypt/acme_peek_staged.json"
      #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web
      tlsChallenge: {}

  milvert_dns:
    acme:
      email: simon@milvert.com
      storage: "/letsencrypt/acme_milvert_dns.json"
      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 90
         # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the
        disablePropagationCheck: true
  resolvers:
    - "1.1.1.1:53"
    - "1.0.0.1:53"


entryPoints:
  web:
   address: ":80"
   forwardedHeaders:
      trustedIPs: [ 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32,127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12]
  web-secure:
   address: ":443"
   forwardedHeaders:
      trustedIPs: [ 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32,127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12]
   proxyProtocol:
      trustedIPs: [ 173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/13,104.24.0.0/14,172.64.0.0/13,131.0.72.0/22,2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32,2405:8100::/32,2a06:98c0::/29,2c0f:f248::/32,127.0.0.1/32,10.0.0.0/8,192.168.0.0/16,172.16.0.0/12]

  influx:
   address: ":8086"
  mqtt_http:
   address: ":9003"
  mqtt_tcp:
   address: ":1885"
  mqtt_stcp:
   address: ":8883"