api:
  dashboard: true
  debug: true

providers:
  docker:
    exposedbydefault: false

  file:
    filename: "/etc/traefik/static_config.yml"
    watch: true

log:
  level: error
  #filePath: "/log/info.log"
  #  format: json

accessLog:
  filePath = "/log/access.log"
  bufferingSize = 100
  #filters:
    #statusCodes:
      #- "200"
      #- "300-302"
      #retryAttempts: true
      #minDuration: "10ms"

#metrics:
  #influxDB:
    #address: 'telegraf:8081'
    #protocol: http
    #database: traefik
    #pushInterval: 60s
    #addEntryPointsLabels: true
    #addServicesLabels: true

certificatesResolvers:
  milvert_cert:
    acme:
      email: simon@milvert.com
      storage: "/letsencrypt/acme.json"
      httpChallenge:
        entryPoint: web
      tlsChallenge: {}
  peek:
    acme:
      email: simon@milvert.com
      storage: "/letsencrypt/acme_peek.json"
      httpChallenge:
        entryPoint: web
      tlsChallenge: {}
  milvert_dns:
    acme:
      email: simon@milvert.com
      storage: "/letsencrypt/acme_milvert_dns.json"
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

http:
  middlewares:
    redirect:
      redirectScheme:
        scheme: https
    whitelist:
      ipWhiteList:
        sourceRange:
          - "127.0.0.1/32"
          - "10.0.0.1/32"

entryPoints:
  web:
   address: ":80"
  web-secure:
   address: ":443"
  influx:
   address: ":8086"
  mqtt_http:
   address: ":9003"
  mqtt_tcp:
   address: ":1885"
  mqtt_stcp:
   address: ":8883"


tls:
  options:
    default:
      minVersion: VersionTLS12
      sniStrict : true
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305