# TCP da SSH keine Hostnamen kennt
http:
###### router #####
  routers:
    router_munin:
      rule: "Host(`munin.mgrote.net`)"
      service: "service_munin"
      middlewares:
        - "ratelimit40@file"
        - "authelia@docker"
      entrypoints:
        - entry_https
      tls:
        certresolver: resolver_letsencrypt
    router_forgejo:
      rule: "Host(`git.mgrote.net`)"
      service: "service_forgejo"
      middlewares:
        - "ratelimit40@file"
      entrypoints:
        - entry_https
      tls:
        certresolver: resolver_letsencrypt
###### services #####
  services:
    service_munin:
      loadBalancer:
        servers:
          - url: "http://munin.mgrote.net/"
    service_forgejo:
      loadBalancer:
        servers:
          - url: "http://forgejo.mgrote.net:3000/"
###### middlewares #####
  middlewares:
    ratelimit40:
      rateLimit:
        average: 40
        burst: 80
        sourceCriterion:
          ipStrategy:
            depth: 2
    allowlist_localnet:
      ipallowlist:
        sourcerange:
          - 192.168.2.0/24
          - 10.25.25.0/24
          - 192.168.48.0/24 # docker
          - 172.18.0.0/16 # gitea-act-runner
        ipstrategy:
          depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth