tls: stores: default: defaultCertificate: certFile: /etc/traefik/certs/traefik.crt keyFile: /etc/traefik/certs/traefik.key certificates: - certFile: /etc/traefik/certs/traefik.crt keyFile: /etc/traefik/certs/traefik.key http: serversTransports: http1-ws-transport: disableHTTP2: true insecureSkipVerify: true middlewares: redirect-to-https: redirectScheme: scheme: https permanent: true strip-api-prefix: stripPrefix: prefixes: - "/api" waf: plugin: coraza: directives: - "SecRuleEngine On" - "SecDebugLog /dev/stdout" - "SecDebugLogLevel 2" - "SecRule ARGS \"@rx (union|select|insert|drop|alter)\" \"id:102,phase:2,log,deny,status:403\"" api-ratelimit: rateLimit: average: 5000 period: 1m burst: 500 admin-ratelimit: rateLimit: average: 5000 period: 1m burst: 500 routers: # Пользовательский REST API api: rule: "Host(`api.eventhub.local`)" entryPoints: ["web"] middlewares: ["redirect-to-https", "strip-api-prefix", "api-ratelimit", "waf"] service: "api" api-secure: rule: "Host(`api.eventhub.local`)" entryPoints: ["websecure"] tls: true middlewares: ["strip-api-prefix", "api-ratelimit", "waf"] service: "api" # Пользовательский WebSocket ws: rule: "Host(`ws.eventhub.local`)" entryPoints: ["web"] middlewares: ["redirect-to-https"] service: "ws" ws-secure: rule: "Host(`ws.eventhub.local`)" entryPoints: ["websecure"] tls: true service: "ws" # Админский REST API admin-api: rule: "Host(`admin-api.eventhub.local`)" entryPoints: ["web"] middlewares: ["redirect-to-https", "strip-api-prefix", "admin-ratelimit", "waf"] service: "admin-api" admin-api-secure: rule: "Host(`admin-api.eventhub.local`)" entryPoints: ["websecure"] tls: true middlewares: ["strip-api-prefix", "admin-ratelimit", "waf"] service: "admin-api" # Админский WebSocket admin-ws: rule: "Host(`admin-ws.eventhub.local`)" entryPoints: ["web"] middlewares: ["redirect-to-https"] service: "admin-ws" admin-ws-secure: rule: "Host(`admin-ws.eventhub.local`)" entryPoints: ["websecure"] tls: true service: "admin-ws" # Админский UI admin-ui: rule: "Host(`admin-ui.eventhub.local`)" entryPoints: ["web"] middlewares: ["redirect-to-https"] service: "admin-ui-service" admin-ui-secure: rule: "Host(`admin-ui.eventhub.local`)" entryPoints: ["websecure"] tls: true service: "admin-ui-service" # Клиентский UI client-ui: rule: "Host(`ui.eventhub.local`)" entryPoints: ["web"] middlewares: ["redirect-to-https"] service: "client-ui-service" client-ui-secure: rule: "Host(`ui.eventhub.local`)" entryPoints: ["websecure"] tls: true service: "client-ui-service" services: api: failover: service: api-live fallback: api-fallback api-live: loadbalancer: servers: - url: "http://eventhub:8080" healthCheck: path: "/health" interval: "10s" timeout: "3s" api-fallback: loadbalancer: servers: - url: "http://fallback:80" ws: loadbalancer: servers: - url: "http://eventhub:8081" serversTransport: http1-ws-transport admin-api: failover: service: admin-api-live fallback: admin-api-fallback admin-api-live: loadbalancer: servers: - url: "http://eventhub:8445" healthCheck: path: "/admin/health" interval: "10s" timeout: "3s" admin-api-fallback: loadbalancer: servers: - url: "http://fallback:80" admin-ws: loadbalancer: servers: - url: "http://eventhub:8446" serversTransport: http1-ws-transport admin-ui-service: loadbalancer: servers: - url: "http://admin-ui:80" client-ui-service: loadbalancer: servers: - url: "http://client-ui:80"