mirror of
https://github.com/yusing/godoxy.git
synced 2025-12-05 18:57:34 -06:00
165 lines
5.0 KiB
YAML
165 lines
5.0 KiB
YAML
# Autocert (choose one below and uncomment to enable)
|
|
#
|
|
# 1. use existing cert
|
|
|
|
# autocert:
|
|
# provider: local
|
|
# cert_path: /path/to/cert.crt # default: /app/certs/cert.crt
|
|
# key_path: /path/to/priv.key # default: /app/certs/priv.key
|
|
|
|
# 2. cloudflare
|
|
# autocert:
|
|
# provider: cloudflare
|
|
# email: abc@gmail.com # ACME Email
|
|
# domains: # a list of domains for cert registration
|
|
# - "*.domain.com"
|
|
# - "domain.com"
|
|
# options:
|
|
# auth_token: c1234565789-abcdefghijklmnopqrst # your zone API token
|
|
|
|
# 3. other providers, see https://docs.godoxy.dev/DNS-01-Providers
|
|
|
|
# Access Control
|
|
# When enabled, it will be applied globally at connection level,
|
|
# all incoming connections (web, tcp and udp) will be checked against the ACL rules.
|
|
|
|
# acl:
|
|
# default: allow # or deny (default: allow)
|
|
# allow_local: true # or false (default: true)
|
|
# allow:
|
|
# - ip:1.2.3.4
|
|
# - cidr:1.2.3.4/32
|
|
# - country:US
|
|
# - timezone:Asia/Shanghai
|
|
# deny:
|
|
# - ip:1.2.3.4
|
|
# - cidr:1.2.3.4/32
|
|
# - country:US
|
|
# - timezone:Asia/Shanghai
|
|
# log: # warning: logging ACL can be slow based on the number of incoming connections and configured rules
|
|
# path: /app/logs/acl.log # (default: none)
|
|
# stdout: false # (default: false)
|
|
# keep: 30 days # (default: 30 days)
|
|
# log_allowed: false # (default: false)
|
|
# notify:
|
|
# interval: 1m # (default: 1m)
|
|
# to: [gotify, discord] # names under providers.notification
|
|
# include_allowed: false # (default: false)
|
|
|
|
entrypoint:
|
|
# Proxy Protocol: https://www.haproxy.com/blog/use-the-proxy-protocol-to-preserve-a-clients-ip-address
|
|
# When set to true, web entrypoint and all tcp routes will be wrapped with Proxy Protocol listener in order to preserve the client's IP address.
|
|
# Note that HTTP/3 with proxy protocol is not supported yet.
|
|
support_proxy_protocol: false
|
|
|
|
# Below define an example of middleware config
|
|
# 1. set security headers
|
|
# 2. block non local IP connections
|
|
# 3. redirect HTTP to HTTPS
|
|
#
|
|
middlewares:
|
|
- use: CloudflareRealIP
|
|
- use: ModifyResponse
|
|
set_headers:
|
|
Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
|
|
Access-Control-Allow-Headers: "*"
|
|
Access-Control-Allow-Origin: "*"
|
|
Access-Control-Max-Age: 180
|
|
Vary: "*"
|
|
X-XSS-Protection: 1; mode=block
|
|
Content-Security-Policy: "object-src 'self'; frame-ancestors 'self';"
|
|
X-Content-Type-Options: nosniff
|
|
X-Frame-Options: SAMEORIGIN
|
|
Referrer-Policy: same-origin
|
|
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
|
|
# - use: RedirectHTTP
|
|
|
|
# below enables access log
|
|
access_log:
|
|
format: combined
|
|
path: /app/logs/entrypoint.log
|
|
stdout: false # (default: false)
|
|
keep: 30 days # (default: 30 days)
|
|
|
|
# customize behavior for non-existent routes, e.g. pass over to another proxy
|
|
#
|
|
# rules:
|
|
# not_found:
|
|
# - name: default
|
|
# do: proxy http://other-proxy:8080
|
|
|
|
defaults:
|
|
healthcheck:
|
|
interval: 5s
|
|
timeout: 15s
|
|
retries: 3
|
|
|
|
providers:
|
|
# include files are standalone yaml files under `config/` directory
|
|
#
|
|
# include:
|
|
# - file1.yml
|
|
# - file2.yml
|
|
|
|
docker:
|
|
# $DOCKER_HOST implies environment variable `DOCKER_HOST` or unix:///var/run/docker.sock by default
|
|
local: $DOCKER_HOST
|
|
|
|
# explicit only mode
|
|
# only containers with explicit aliases will be proxied
|
|
# add "!" after provider name to enable explicit only mode
|
|
#
|
|
# local!: $DOCKER_HOST
|
|
#
|
|
# add more docker providers if needed
|
|
# for value format, see https://docs.docker.com/reference/cli/dockerd/
|
|
#
|
|
# remote-1: tcp://10.0.2.1:2375
|
|
# remote-2: ssh://root:1234@10.0.2.2
|
|
|
|
# notification providers
|
|
#
|
|
# notification:
|
|
# - name: ntfy
|
|
# provider: ntfy
|
|
# url: https://ntfy.domain.tld
|
|
# topic: godoxy
|
|
# - name: gotify
|
|
# provider: gotify
|
|
# url: https://gotify.domain.tld
|
|
# token: abcd
|
|
# - name: discord
|
|
# provider: webhook
|
|
# url: https://discord.com/api/webhooks/...
|
|
# template: discord # this means use payload template from internal/notif/templates/discord.json
|
|
# - name: pushover
|
|
# provider: webhook
|
|
# url: https://api.pushover.net/1/messages.json
|
|
# mime_type: application/x-www-form-urlencoded
|
|
# payload: '{"token": "your-app-token", "user": "your-user-key", "title": $title, "message": $message}'
|
|
|
|
# Proxmox providers (for idlesleep support for proxmox LXCs)
|
|
#
|
|
# proxmox:
|
|
# - url: https://pve.domain.com:8006/api2/json
|
|
# token_id: root@pam!abcdef
|
|
# secret: aaaa-bbbb-cccc-dddd
|
|
# no_tls_verify: true
|
|
|
|
# Match domains
|
|
# See https://docs.godoxy.dev/Certificates-and-domain-matching
|
|
#
|
|
# match_domains:
|
|
# - my.site
|
|
# - node1.my.app
|
|
|
|
# homepage config
|
|
homepage:
|
|
# use default app categories detected from alias or docker image name
|
|
use_default_categories: true
|
|
|
|
# Below are fixed options (non hot-reloadable)
|
|
|
|
# timeout for shutdown (in seconds)
|
|
timeout_shutdown: 5
|