global:
  checkNewVersion: false
  sendAnonymousUsage: false

http:
  routers:
    traefik-secure:
      rule: "Host(`exmaple.com`) || Host(`*.exmaple.com`)"
      tls:
        certResolver: cloudflare
        domains:
          - main: "exmaple.com"
            sans:
              - "*.exmaple.com"

entryPoints:
  web:
    address: :80
    forwardedHeaders:
      trustedIPs:
        &trustedIps # Start of Clouflare public IP list for HTTP requests, remove this if you don't use it; https://www.cloudflare.com/de-de/ips/
        - 103.21.244.0/22
        - 103.22.200.0/22
        - 103.31.4.0/22
        - 104.16.0.0/13
        - 104.24.0.0/14
        - 108.162.192.0/18
        - 131.0.72.0/22
        - 141.101.64.0/18
        - 162.158.0.0/15
        - 172.64.0.0/13
        - 173.245.48.0/20
        - 188.114.96.0/20
        - 190.93.240.0/20
        - 197.234.240.0/22
        - 198.41.128.0/17
        - 2400:cb00::/32
        - 2606:4700::/32
        - 2803:f800::/32
        - 2405:b500::/32
        - 2405:8100::/32
        - 2a06:98c0::/29
        - 2c0f:f248::/32
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: false
  websecure:
    address: :443
    proxyProtocol:
      trustedIPs:
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
    forwardedHeaders:
      trustedIPs: *trustedIps

providers:
  file:
    directory: /configs
    watch: true

api:
  dashboard: true
  insecure: true
  debug: false

log:
  level: INFO
  format: json

accessLog:
  format: json

metrics:
  prometheus:
    addEntryPointsLabels: true
    addServicesLabels: true

ping: {} # Healtcheck for traefik default port 8080

serversTransport:
  insecureSkipVerify: true

certificatesResolvers:
  cloudflare:
    acme:
      email: info@exmaple.com
      storage: /etc/traefik/acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"