http: serversTransports: mytransport: insecureSkipVerify: true middlewares: secure-headers: headers: frameDeny: true contentTypeNosniff: true browserXssFilter: true forceSTSHeader: true stsSeconds: 31536000 stsIncludeSubdomains: true stsPreload: true redirect-to-https: redirectScheme: scheme: https permanent: true enable-websocket: headers: customRequestHeaders: X-Forwarded-Proto: https run-api-strip: stripPrefix: prefixes: - /api/vi authentik: forwardAuth: address: http://authentik-server:9000/outpost.goauthentik.io/auth/traefik trustForwardHeader: true authResponseHeaders: - X-authentik-username - X-authentik-groups - X-authentik-email - X-authentik-name - X-authentik-uid silverbullet-headers: headers: customResponseHeaders: X-Robots-Tag: "noindex, nofollow" X-Content-Type-Options: "nosniff" Referrer-Policy: "strict-origin-when-cross-origin" dvr-headers: headers: customRequestHeaders: X-Forwarded-For: "{clientip}" X-Forwarded-Proto: "https" Host: "dvr.3ddbrewery.com" weechat-websocket: headers: customRequestHeaders: X-Forwarded-Proto: "https" books-api-cors: headers: accessControlAllowMethods: - "GET" - "POST" - "PUT" - "DELETE" - "OPTIONS" - "PATCH" accessControlAllowOriginList: - "https://books.3ddbrewery.com" - "https://books.fails.me" accessControlAllowCredentials: true accessControlAllowHeaders: - "Content-Type" - "Authorization" - "X-Requested-With" - "Accept" - "Origin" - "Cookie" accessControlMaxAge: 600 proxmox-headers: headers: customRequestHeaders: X-Forwarded-Proto: https customResponseHeaders: X-Frame-Options: "SAMEORIGIN" # Allows iframe from same origin contentTypeNosniff: true browserXssFilter: true forceSTSHeader: true stsSeconds: 31536000 stsIncludeSubdomains: true stsPreload: true routers: # HTTP catchall http-catchall: rule: hostregexp(`{host:.+}`) entryPoints: - web middlewares: - redirect-to-https service: noop@internal priority: 1 ################### # NO AUTH SERVICES ################### forgejo: entryPoints: - web-secure tls: certResolver: default service: forgejo rule: Host(`git.3ddbrewery.com`) || Host(`git.fails.me`) middlewares: - secure-headers bookmarks: entryPoints: - web-secure tls: certResolver: default service: bookmarks rule: Host(`b.fails.me`) || Host(`bookmarks.fails.me`) || Host(`b.3ddbrewery.com`) || Host(`bookmarks.3ddbrewery.com`) middlewares: - secure-headers pve: entryPoints: - web-secure service: pve rule: Host(`pve.3ddbrewery.com`) || Host(`pve.fails.me`) || Host(`pve-z620.3ddbrewery.com`) || Host(`pve-z620.fails.me`) tls: certResolver: default middlewares: - proxmox-headers pve2: entryPoints: - web-secure service: pve2 rule: Host(`pve2.3ddbrewery.com`) || Host(`pve2.fails.me`) tls: certResolver: default middlewares: - proxmox-headers finance: entryPoints: - web-secure tls: certResolver: default service: finance rule: Host(`f.fails.me`) || Host(`finance.fails.me`) || Host(`f.3ddbrewery.com`) || Host(`finance.3ddbrewery.com`) middlewares: - secure-headers znc: entryPoints: - web-secure tls: certResolver: default service: znc rule: Host(`znc.fails.me`) || Host(`irc.fails.me`) || Host(`znc.3ddbrewery.com`) || Host(`irc.3ddbrewery.com`) middlewares: - secure-headers NTFY: entryPoints: - web-secure tls: certResolver: default service: NTFY rule: Host(`notify.fails.me`) || Host(`ntfy.3ddbrewery.com`) middlewares: - secure-headers - enable-websocket stores-api: entryPoints: - web-secure tls: certResolver: default service: stores-api rule: Host(`api.stores.fails.me`) || Host(`api.stores.3ddbrewery.com`) middlewares: - secure-headers finance-dev: entryPoints: - web-secure tls: certResolver: default service: finance-dev rule: Host(`fin-dev.fails.me`) || Host(`fin-dev.3ddbrewery.com`) middlewares: - secure-headers immich: entryPoints: - web-secure tls: certResolver: default service: immich rule: Host(`photos.fails.me`) || Host(`photos.3ddbrewery.com`) middlewares: - secure-headers navidrome: entryPoints: - web-secure tls: certResolver: default service: navidrome rule: Host(`music.fails.me`) || Host(`music.3ddbrewery.com`) middlewares: - secure-headers weechat-relay: entryPoints: - web-secure tls: certResolver: default service: weechat-relay rule: Host(`weechat.fails.me`) || Host(`weechat.3ddbrewery.com`) middlewares: - weechat-websocket ################### # AUTH SERVICES (simple - no API split) ################### uptime: entryPoints: - web-secure tls: certResolver: default service: uptime rule: Host(`uptime.fails.me`) || Host(`uptime.3ddbrewery.com`) middlewares: - secure-headers - authentik phpmyadmin: entryPoints: - web-secure tls: certResolver: default service: phpmyadmin rule: Host(`php.fails.me`) || Host(`phpmyadmin.fails.me`) || Host(`php.3ddbrewery.com`) || Host(`phpmyadmin.3ddbrewery.com`) middlewares: - secure-headers - authentik portainer: entryPoints: - web-secure tls: certResolver: default service: portainer rule: Host(`portainer.fails.me`) || Host(`docker.fails.me`) || Host(`portainer.3ddbrewery.com`) || Host(`docker.3ddbrewery.com`) middlewares: - secure-headers - authentik nms: entryPoints: - web-secure tls: certResolver: default service: nms rule: Host(`nms.fails.me`) || Host(`nms.3ddbrewery.com`) middlewares: - secure-headers - authentik books: entryPoints: - web-secure tls: certResolver: default service: books rule: Host(`books.fails.me`) || Host(`books.3ddbrewery.com`) middlewares: - secure-headers - authentik # OPTIONS requests - no auth (high priority) books-api-options: entryPoints: - web-secure tls: certResolver: default service: books-api rule: (Host(`api.books.fails.me`) || Host(`api.books.3ddbrewery.com`)) && Method(`OPTIONS`) middlewares: - books-api-cors priority: 100 # All other requests - with auth books-api: entryPoints: - web-secure tls: certResolver: default service: books-api rule: Host(`api.books.fails.me`) || Host(`api.books.3ddbrewery.com`) middlewares: - secure-headers - books-api-cors - authentik stores: entryPoints: - web-secure tls: certResolver: default service: stores rule: Host(`stores.fails.me`) || Host(`stores.3ddbrewery.com`) middlewares: - secure-headers - authentik subgen: entryPoints: - web-secure tls: certResolver: default service: subgen rule: Host(`subgen.fails.me`) || Host(`subgen.3ddbrewery.com`) middlewares: - secure-headers - authentik n8n: entryPoints: - web-secure tls: certResolver: default service: n8n rule: Host(`n8n.fails.me`) || Host(`n8n.3ddbrewery.com`) middlewares: - secure-headers - authentik nerco: entryPoints: - web-secure tls: certResolver: default service: nerco rule: Host(`nerco.fails.me`) || Host(`nerco.3ddbrewery.com`) middlewares: - secure-headers - authentik homepage: entryPoints: - web-secure tls: certResolver: default service: homepage rule: Host(`h.fails.me`) || Host(`h.3ddbrewery.com`) middlewares: - secure-headers - authentik phppgadmin: entryPoints: - web-secure tls: certResolver: default service: phppgadmin rule: Host(`phppgadmin.fails.me`) || Host(`phppgadmin.3ddbrewery.com`) middlewares: - secure-headers - authentik archiveforge: entryPoints: - web-secure tls: certResolver: default service: archiveforge rule: Host(`archiveforge.3ddbrewery.com`) middlewares: - secure-headers - authentik silverbullet: entryPoints: - web-secure tls: certResolver: default service: silverbullet rule: Host(`sb.fails.me`) || Host(`sb.3ddbrewery.com`) middlewares: - silverbullet-headers - authentik ################### # AUTH SERVICES (with API split - no auth on /api) ################### sonarr-web: entryPoints: - web-secure tls: certResolver: default service: sonarr rule: (Host(`sonarr.fails.me`) || Host(`sonarr.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik sonarr-api: entryPoints: - web-secure tls: certResolver: default service: sonarr rule: (Host(`sonarr.fails.me`) || Host(`sonarr.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers radarr-web: entryPoints: - web-secure tls: certResolver: default service: radarr rule: (Host(`radarr.fails.me`) || Host(`movies.fails.me`) || Host(`radarr.3ddbrewery.com`) || Host(`movies.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik radarr-api: entryPoints: - web-secure tls: certResolver: default service: radarr rule: (Host(`radarr.fails.me`) || Host(`movies.fails.me`) || Host(`radarr.3ddbrewery.com`) || Host(`movies.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers hass-web: entryPoints: - web-secure tls: certResolver: default service: hass rule: (Host(`home.fails.me`) || Host(`home.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik hass-api: entryPoints: - web-secure tls: certResolver: default service: hass rule: (Host(`home.fails.me`) || Host(`home.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers audiobookshelf-web: entryPoints: - web-secure tls: certResolver: default service: audiobookshelf rule: (Host(`podcasts.fails.me`) || Host(`audiobookshelf.fails.me`) || Host(`podcasts.3ddbrewery.com`) || Host(`audiobookshelf.3ddbrewery.com`)) && !PathPrefix(`/audiobookshelf/feed`) middlewares: - secure-headers - authentik audiobookshelf-api: entryPoints: - web-secure tls: certResolver: default service: audiobookshelf rule: (Host(`podcasts.fails.me`) || Host(`audiobookshelf.fails.me`) || Host(`podcasts.3ddbrewery.com`) || Host(`audiobookshelf.3ddbrewery.com`)) && PathPrefix(`/audiobookshelf/feed`) middlewares: - secure-headers bazarr-web: entryPoints: - web-secure tls: certResolver: default service: bazarr rule: (Host(`bazarr.fails.me`) || Host(`bazarr.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik bazarr-api: entryPoints: - web-secure tls: certResolver: default service: bazarr rule: (Host(`bazarr.fails.me`) || Host(`bazarr.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers channels-dvr-streaming: entryPoints: - web-secure tls: certResolver: default service: channels-dvr rule: (Host(`channels-dvr.fails.me`) || Host(`dvr.fails.me`) || Host(`channels-dvr.3ddbrewery.com`) || Host(`dvr.3ddbrewery.com`)) && (PathPrefix(`/devices`) || PathPrefix(`/dvr`) || PathPrefix(`/stream`) || PathPrefix(`/api`)) middlewares: - dvr-headers channels-dvr-web: entryPoints: - web-secure tls: certResolver: default service: channels-dvr rule: Host(`channels-dvr.fails.me`) || Host(`dvr.fails.me`) || Host(`channels-dvr.3ddbrewery.com`) || Host(`dvr.3ddbrewery.com`) middlewares: - dvr-headers - authentik priority: 1 channeltube-web: entryPoints: - web-secure tls: certResolver: default service: channeltube rule: (Host(`channeltube.fails.me`) || Host(`channeltube.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik channeltube-api: entryPoints: - web-secure tls: certResolver: default service: channeltube rule: (Host(`channeltube.fails.me`) || Host(`channeltube.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers cyberchef-web: entryPoints: - web-secure tls: certResolver: default service: cyberchef rule: (Host(`cyberchef.fails.me`) || Host(`cyberchef.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik cyberchef-api: entryPoints: - web-secure tls: certResolver: default service: cyberchef rule: (Host(`cyberchef.fails.me`) || Host(`cyberchef.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers emby-bypass: entryPoints: - web-secure tls: certResolver: default service: emby rule: (Host(`m.fails.me`) || Host(`tv.fails.me`) || Host(`m.3ddbrewery.com`) || Host(`tv.3ddbrewery.com`)) && (PathPrefix(`/emby`) || PathPrefix(`/videos`) || PathPrefix(`/socket`) || PathPrefix(`/api`) || PathPrefix(`/System`) || PathPrefix(`/Users`)) middlewares: - secure-headers emby-web: entryPoints: - web-secure tls: certResolver: default service: emby rule: Host(`m.fails.me`) || Host(`tv.fails.me`) || Host(`m.3ddbrewery.com`) || Host(`tv.3ddbrewery.com`) middlewares: - secure-headers - authentik priority: 1 requests-web: entryPoints: - web-secure tls: certResolver: default service: requests rule: (Host(`requests.fails.me`) || Host(`requests.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik requests-api: entryPoints: - web-secure tls: certResolver: default service: requests rule: (Host(`requests.fails.me`) || Host(`requests.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers lidarr-web: entryPoints: - web-secure tls: certResolver: default service: lidarr rule: (Host(`lidarr.fails.me`) || Host(`lidarr.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik lidarr-api: entryPoints: - web-secure tls: certResolver: default service: lidarr rule: (Host(`lidarr.fails.me`) || Host(`lidarr.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers node-red-web: entryPoints: - web-secure tls: certResolver: default service: node-red rule: (Host(`node-red.fails.me`) || Host(`node-red.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik node-red-api: entryPoints: - web-secure tls: certResolver: default service: node-red rule: (Host(`node-red.fails.me`) || Host(`node-red.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers node-red-hass-web: entryPoints: - web-secure tls: certResolver: default service: node-red-hass rule: (Host(`nr.fails.me`) || Host(`nr.3ddbrewery.com`)) && !PathPrefix(`/endpoint`) middlewares: - secure-headers - authentik node-red-hass-api: entryPoints: - web-secure tls: certResolver: default service: node-red-hass rule: (Host(`nr.fails.me`) || Host(`nr.3ddbrewery.com`)) && PathPrefix(`/endpoint`) middlewares: - secure-headers nzb-web: entryPoints: - web-secure tls: certResolver: default service: nzb rule: (Host(`nzb.fails.me`) || Host(`dl.fails.me`) || Host(`nzb.3ddbrewery.com`) || Host(`dl.3ddbrewery.com`)) && !PathPrefix(`/xmlrpc`) middlewares: - secure-headers - authentik nzb-api: entryPoints: - web-secure tls: certResolver: default service: nzb rule: (Host(`nzb.fails.me`) || Host(`dl.fails.me`) || Host(`nzb.3ddbrewery.com`) || Host(`dl.3ddbrewery.com`)) && PathPrefix(`/xmlrpc`) middlewares: - secure-headers prowlarr-web: entryPoints: - web-secure tls: certResolver: default service: prowlarr rule: (Host(`prowlarr.fails.me`) || Host(`prowlarr.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik prowlarr-api: entryPoints: - web-secure tls: certResolver: default service: prowlarr rule: (Host(`prowlarr.fails.me`) || Host(`prowlarr.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers readarr-web: entryPoints: - web-secure tls: certResolver: default service: readarr rule: (Host(`readarr.fails.me`) || Host(`readarr.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik readarr-api: entryPoints: - web-secure tls: certResolver: default service: readarr rule: (Host(`readarr.fails.me`) || Host(`readarr.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers rutorrent-web: entryPoints: - web-secure tls: certResolver: default service: rutorrent rule: (Host(`tor.fails.me`) || Host(`tor.3ddbrewery.com`)) && !PathPrefix(`/RPC2`) middlewares: - secure-headers - authentik rutorrent-api: entryPoints: - web-secure tls: certResolver: default service: rutorrent rule: (Host(`tor.fails.me`) || Host(`tor.3ddbrewery.com`)) && PathPrefix(`/RPC2`) middlewares: - secure-headers run-web: entryPoints: - web-secure tls: certResolver: default service: run rule: (Host(`running.fails.me`) || Host(`run.fails.me`) || Host(`running.3ddbrewery.com`) || Host(`run.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik run-api: entryPoints: - web-secure tls: certResolver: default service: run-api rule: (Host(`running.fails.me`) || Host(`run.fails.me`) || Host(`running.3ddbrewery.com`) || Host(`run.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers - run-api-strip unifi-web: entryPoints: - web-secure tls: certResolver: default service: unifi rule: (Host(`unifi.fails.me`) || Host(`unifi.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik unifi-api: entryPoints: - web-secure tls: certResolver: default service: unifi rule: (Host(`unifi.fails.me`) || Host(`unifi.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers webcheck-web: entryPoints: - web-secure tls: certResolver: default service: webcheck rule: (Host(`webcheck.fails.me`) || Host(`webcheck.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik webcheck-api: entryPoints: - web-secure tls: certResolver: default service: webcheck rule: (Host(`webcheck.fails.me`) || Host(`webcheck.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers dsm-web: entryPoints: - web-secure tls: certResolver: default service: dsm rule: (Host(`dsm.fails.me`) || Host(`dsm.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik dsm-api: entryPoints: - web-secure tls: certResolver: default service: dsm rule: (Host(`dsm.fails.me`) || Host(`dsm.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers autoscan-web: entryPoints: - web-secure tls: certResolver: default service: autoscan rule: (Host(`autoscan.fails.me`) || Host(`autoscan.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik autoscan-api: entryPoints: - web-secure tls: certResolver: default service: autoscan rule: (Host(`autoscan.fails.me`) || Host(`autoscan.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers watchstate-web: entryPoints: - web-secure tls: certResolver: default service: watchstate rule: (Host(`watchstate.fails.me`) || Host(`watchstate.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik watchstate-api: entryPoints: - web-secure tls: certResolver: default service: watchstate rule: (Host(`watchstate.fails.me`) || Host(`watchstate.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers node-red-het-web: entryPoints: - web-secure tls: certResolver: default service: node-red-het rule: (Host(`nr-het.fails.me`) || Host(`node-het.fails.me`) || Host(`nr-het.3ddbrewery.com`) || Host(`node-het.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik node-red-het-api: entryPoints: - web-secure tls: certResolver: default service: node-red-het rule: (Host(`nr-het.fails.me`) || Host(`node-het.fails.me`) || Host(`nr-het.3ddbrewery.com`) || Host(`node-het.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers profilarr-web: entryPoints: - web-secure tls: certResolver: default service: profilarr rule: (Host(`profilarr.fails.me`) || Host(`profilarr.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik profilarr-api: entryPoints: - web-secure tls: certResolver: default service: profilarr rule: (Host(`profilarr.fails.me`) || Host(`profilarr.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers food-web: entryPoints: - web-secure tls: certResolver: default service: food rule: (Host(`food.fails.me`) || Host(`food.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers food-api: entryPoints: - web-secure tls: certResolver: default service: food rule: (Host(`food.fails.me`) || Host(`food.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers maps-web: entryPoints: - web-secure tls: certResolver: default service: maps rule: (Host(`maps.fails.me`) || Host(`maps.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik maps-api: entryPoints: - web-secure tls: certResolver: default service: maps rule: (Host(`maps.fails.me`) || Host(`maps.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers calibre-web: entryPoints: - web-secure tls: certResolver: default service: calibre rule: (Host(`library-vnc.fails.me`) || Host(`library-vnc.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik calibre-api: entryPoints: - web-secure tls: certResolver: default service: calibre rule: (Host(`library-vnc.fails.me`) || Host(`library-vnc.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers calibre-web-web: entryPoints: - web-secure tls: certResolver: default service: calibre-web rule: (Host(`library.fails.me`) || Host(`library.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik calibre-web-api: entryPoints: - web-secure tls: certResolver: default service: calibre-web rule: (Host(`library.fails.me`) || Host(`library.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers beszel-web: entryPoints: - web-secure tls: certResolver: default service: beszel rule: (Host(`mon.fails.me`) || Host(`mon.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik beszel-api: entryPoints: - web-secure tls: certResolver: default service: beszel rule: (Host(`mon.fails.me`) || Host(`mon.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers dispatcharr-web: entryPoints: - web-secure tls: certResolver: default service: dispatcharr rule: (Host(`tv-guide.fails.me`) || Host(`dispatcharr.fails.me`) || Host(`tv-guide.3ddbrewery.com`) || Host(`dispatacharr.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik dispatcharr-api: entryPoints: - web-secure tls: certResolver: default service: dispatcharr rule: (Host(`tv-guide.fails.me`) || Host(`dispatacharr.fails.me`) || Host(`tv-guide.3ddbrewery.com`) || Host(`dispatacharr.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers technitium-web: entryPoints: - web-secure tls: certResolver: default service: technitium rule: (Host(`d.fails.me`) || Host(`technitium.fails.me`) || Host(`d.3ddbrewery.com`) || Host(`technitium.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik technitium-api: entryPoints: - web-secure tls: certResolver: default service: technitium rule: (Host(`d.fails.me`) || Host(`technitium.fails.me`) || Host(`d.3ddbrewery.com`) || Host(`technitium.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers termix-web: entryPoints: - web-secure tls: certResolver: default service: termix rule: (Host(`term.fails.me`) || Host(`termix.fails.me`) || Host(`term.3ddbrewery.com`) || Host(`termix.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik termix-api: entryPoints: - web-secure tls: certResolver: default service: termix rule: (Host(`term.fails.me`) || Host(`termix.fails.me`) || Host(`term.3ddbrewery.com`) || Host(`termix.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers soulseek-web: entryPoints: - web-secure tls: certResolver: default service: soulseek rule: (Host(`slskd.fails.me`) || Host(`soul.fails.me`) || Host(`slskd.3ddbrewery.com`) || Host(`soul.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik soulseek-api: entryPoints: - web-secure tls: certResolver: default service: soulseek rule: (Host(`slskd.fails.me`) || Host(`soul.fails.me`) || Host(`slskd.3ddbrewery.com`) || Host(`soul.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers tunarr-web: entryPoints: - web-secure tls: certResolver: default service: tunarr rule: (Host(`tunarr.fails.me`) || Host(`tuner.fails.me`) || Host(`tunarr.3ddbrewery.com`) || Host(`tuner.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik tunarr-api: entryPoints: - web-secure tls: certResolver: default service: tunarr rule: (Host(`tunarr.fails.me`) || Host(`tuner.fails.me`) || Host(`tunarr.3ddbrewery.com`) || Host(`tuner.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers vert-web: entryPoints: - web-secure tls: certResolver: default service: vert rule: (Host(`vert.fails.me`) || Host(`convert.fails.me`) || Host(`vert.3ddbrewery.com`) || Host(`convert.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - secure-headers - authentik vert-api: entryPoints: - web-secure tls: certResolver: default service: vert rule: (Host(`vert.fails.me`) || Host(`convert.fails.me`) || Host(`vert.3ddbrewery.com`) || Host(`convert.3ddbrewery.com`)) && PathPrefix(`/api`) middlewares: - secure-headers glowing-bear-web: entryPoints: - web-secure tls: certResolver: default service: glowing-bear rule: (Host(`glow.fails.me`) || Host(`chat.fails.me`) || Host(`glow.3ddbrewery.com`) || Host(`chat.3ddbrewery.com`)) && !PathPrefix(`/api`) middlewares: - authentik glowing-bear-api: entryPoints: - web-secure tls: certResolver: default service: glowing-bear rule: (Host(`glow.fails.me`) || Host(`chat.fails.me`) || Host(`glow.3ddbrewery.com`) || Host(`chat.3ddbrewery.com`)) && PathPrefix(`/api`) technitium2: entryPoints: - web-secure service: technitium2 rule: Host(`d2.3ddbrewery.com`) tls: certResolver: default services: bookmarks: loadBalancer: servers: - url: http://192.168.1.252:3054 passHostHeader: false sonarr: loadBalancer: servers: - url: http://192.168.1.80:8989 passHostHeader: false finance: loadBalancer: servers: - url: http://192.168.12.3:6182 passHostHeader: false radarr: loadBalancer: servers: - url: http://192.168.1.80:7878 passHostHeader: false uptime: loadBalancer: servers: - url: http://192.168.1.123:3444 passHostHeader: false phpmyadmin: loadBalancer: servers: - url: http://192.168.1.252:2500 passHostHeader: false znc: loadBalancer: servers: - url: https://192.168.1.251:6501 passHostHeader: true serversTransport: mytransport portainer: loadBalancer: servers: - url: https://192.168.1.80:9443 passHostHeader: true serversTransport: mytransport hass: loadBalancer: servers: - url: https://192.168.1.244:8123 passHostHeader: true serversTransport: mytransport nms: loadBalancer: servers: - url: http://192.168.1.251:5080 passHostHeader: false audiobookshelf: loadBalancer: servers: - url: http://192.168.1.80:13378 passHostHeader: false bazarr: loadBalancer: servers: - url: http://192.168.1.80:6767 passHostHeader: false books: loadBalancer: servers: - url: http://192.168.1.252:3000 passHostHeader: false books-api: loadBalancer: servers: - url: http://192.168.1.252:48000 passHostHeader: false channels-dvr: loadBalancer: servers: - url: http://192.168.1.252:8089 passHostHeader: true responseForwarding: flushInterval: -1 channeltube: loadBalancer: servers: - url: http://192.168.1.80:5444 passHostHeader: false cyberchef: loadBalancer: servers: - url: http://192.168.1.80:7318 passHostHeader: false emby: loadBalancer: servers: - url: http://192.168.1.80:8096 responseForwarding: flushInterval: -1 requests: loadBalancer: servers: - url: http://192.168.1.80:5055 passHostHeader: false lidarr: loadBalancer: servers: - url: http://192.168.1.80:8686 passHostHeader: false node-red: loadBalancer: servers: - url: http://192.168.1.252:1880 passHostHeader: false node-red-hass: loadBalancer: servers: - url: https://192.168.1.244:1880 passHostHeader: false serversTransport: mytransport NTFY: loadBalancer: servers: - url: http://192.168.1.121:6741 passHostHeader: false nzb: loadBalancer: servers: - url: http://192.168.1.122:6789 passHostHeader: false prowlarr: loadBalancer: servers: - url: http://192.168.1.80:9696 passHostHeader: false readarr: loadBalancer: servers: - url: http://192.168.1.80:8787 passHostHeader: false rutorrent: loadBalancer: servers: - url: https://192.168.1.122:38443 passHostHeader: false serversTransport: mytransport run: loadBalancer: servers: - url: http://192.168.1.252:5173 passHostHeader: false run-api: loadBalancer: servers: - url: http://192.168.1.252:6883 passHostHeader: false stores: loadBalancer: servers: - url: http://192.168.1.252:45580 passHostHeader: false subgen: loadBalancer: servers: - url: http://192.168.1.252:3900 passHostHeader: false unifi: loadBalancer: servers: - url: https://192.168.1.121:8443 passHostHeader: false serversTransport: mytransport webcheck: loadBalancer: servers: - url: http://192.168.1.80:6160 passHostHeader: false dsm: loadBalancer: servers: - url: https://192.168.1.251:5001 passHostHeader: false serversTransport: mytransport autoscan: loadBalancer: servers: - url: http://192.168.1.80:3030 passHostHeader: false watchstate: loadBalancer: servers: - url: http://192.168.1.80:8585 passHostHeader: false node-red-het: loadBalancer: servers: - url: http://192.168.12.3:1880 passHostHeader: false finance-dev: loadBalancer: servers: - url: http://192.168.1.251:6182 passHostHeader: false n8n: loadBalancer: servers: - url: http://192.168.1.252:5678 passHostHeader: false nerco: loadBalancer: servers: - url: http://192.168.1.252:3333 passHostHeader: false homepage: loadBalancer: servers: - url: http://192.168.1.80:3305 passHostHeader: false phppgadmin: loadBalancer: servers: - url: http://192.168.1.252:5183 passHostHeader: false profilarr: loadBalancer: servers: - url: http://192.168.1.80:6868 passHostHeader: false food: loadBalancer: servers: - url: http://192.168.1.81:9925 passHostHeader: true maps: loadBalancer: servers: - url: http://192.168.1.252:3666 passHostHeader: false calibre: loadBalancer: servers: - url: http://192.168.1.80:28080 passHostHeader: false calibre-web: loadBalancer: servers: - url: http://192.168.1.80:28083 passHostHeader: false immich: loadBalancer: servers: - url: http://192.168.1.82:2283 passHostHeader: false navidrome: loadBalancer: servers: - url: http://192.168.1.80:4533 passHostHeader: false beszel: loadBalancer: servers: - url: http://192.168.1.252:31090 passHostHeader: false dispatcharr: loadBalancer: servers: - url: http://192.168.1.80:9191 technitium: loadBalancer: servers: - url: http://192.168.1.251:5380 passHostHeader: false termix: loadBalancer: servers: - url: http://192.168.1.252:5674 soulseek: loadBalancer: servers: - url: http://192.168.1.80:5030 tunarr: loadBalancer: servers: - url: http://192.168.1.252:48323 vert: loadBalancer: servers: - url: http://192.168.1.252:3884 glowing-bear: loadBalancer: servers: - url: http://192.168.1.252:28280 passHostHeader: true weechat-relay: loadBalancer: servers: - url: http://192.168.1.252:29001 passHostHeader: false archiveforge: loadBalancer: servers: - url: http://192.168.1.252:8766 passHostHeader: false silverbullet: loadBalancer: servers: - url: http://192.168.1.81:53510 passHostHeader: true stores-api: loadBalancer: servers: - url: http://192.168.1.252:45581 passHostHeader: false pve: loadBalancer: servers: - url: https://192.168.1.5:8006 passHostHeader: true serversTransport: mytransport technitium2: loadBalancer: servers: - url: http://192.168.1.125:5380/ passHostHeader: false pve2: loadBalancer: servers: - url: https://192.168.1.3:8006 passHostHeader: true serversTransport: mytransport forgejo: loadBalancer: servers: - url: http://192.168.1.81:3000 passHostHeader: false