homelab/roles/traefik/templates/config.yml.j2

---
http:
  routers:
    oc-router:
      entryPoints:
        - "https"
      service: oc-service
      rule: "Host(`omada.comprofix.xyz`)" # change it to actual address
      tls: {}
      middlewares:
        - default-headers
        - https-redirect

  services:
    oc-service:
      loadBalancer:
        servers:
          - url: https://omada-lxc.comprofix.xyz:8043 # change it to actual ip of the controller

  middlewares:
    https-redirect:
      redirectScheme:
        scheme: https
        permanent: true

    default-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    default-whitelist:
      IPAllowList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
        - "100.64.0.0/10"

    secured:
      chain:
        middlewares:
        - default-headers