api:
  dashboard: true
  debug: true

providers:
  docker:
    exposedbydefault: false

  file:
    filename: "/etc/traefik/static_config.yml"
    watch: true

log:
  level: error
  #  filePath: /etc/traefik/log.json
  # format: json
accessLog: 
  filePath = "/log/access.log"
  bufferingSize = 100
  #filters:
    #statusCodes:
      #- "200"
      #- "300-302"
      #retryAttempts: true
      #minDuration: "10ms"

metrics:
  influxDB:
    address: 'telegraf:8081'
    protocol: http
    database: traefik
    pushInterval: 60s
    addEntryPointsLabels: true
    addServicesLabels: true

certificatesResolvers:
  milvert:
    acme:
      email: simon@milvert.com
      storage: "/letsencrypt/acme.json"
      httpChallenge:
        entryPoint: web
      tlsChallenge: {}
  peek:
    acme:
      email: simon@milvert.com
      storage: "/letsencrypt/acme_peek.json"
      httpChallenge:
        entryPoint: web
      tlsChallenge: {}


http:
  middlewares:
    redirect:
      redirectScheme:
        scheme: https
    whitelist:
      ipWhiteList:
        sourceRange:
          - "127.0.0.1/32"
          - "10.0.0.1/32"

entryPoints:
  web:
   address: ":80"
  web-secure:
   address: ":443"
  influx:
   address: ":8086"
  mqtt_http:
   address: ":9003"
  mqtt_tcp:
   address: ":1885"
  mqtt_stcp:
   address: ":8883"


tls:
  options:
    default:
      minVersion: VersionTLS12
      sniStrict : true
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305