--- project: name: Platform Configuration status: active category: configuration source: live-verification created: 2026-01-06 updated: 2026-04-19 description: Docker, Traefik, and container orchestration configuration tags: [configuration, platform, docker, traefik] --- # Platform Configuration Docker, Traefik, and container orchestration configuration files. ## Traefik Configuration Two Traefik instances provide ingress: | Instance | Host | Role | Version | |----------|------|------|---------| | ubuntu Traefik | 192.168.50.61 | Primary router | v3.6.7 | | grizzley Traefik | 192.168.50.84 | Edge ACME + ingress | v3.6.7 | ### Dynamic Config Files (ubuntu) Located in `homelab/ubuntu/traefik/config/dynamic/`: | File | Services Routed | |------|----------------| | `canonical-hosts.yml` | Grizzley ingress proxy, PVE OpenCode | | `gitea.yml` | gitea.tophermayor.com | | `homeassistant.yml` | ha.tophermayor.com | | `immich.yml` | immich.tophermayor.com | | `jellyfin.yml` | jellyfin.tophermayor.com | | `jellyseerr.yml` | jellyseerr.tophermayor.com | | `media-stack.yml` | Sonarr, Radarr, SABnzbd, Prowlarr, qBittorrent, Lidarr, Readarr (via gluetun) | | `middlewares.yml` | 30+ middleware definitions | | `opencode.yml` | opencode.tophermayor.com | | `proxmox.yml` | proxmox.local.tophermayor.com | | `stremio.yml` | stremio.local.tophermayor.com | | `traefik-dashboard.yml` | traefik.local.tophermayor.com | | `truenas.yml` | truenas.local.tophermayor.com | | `vaultwarden.yml` | vaultwarden.tophermayor.com | | `wildcard-certs.yml` | TLS certificate file references | ### Common Middlewares | Middleware | Purpose | |------------|---------| | `local-only@file` | Restrict to local network IPs | | `authentik-auth@file` | SSO authentication | | `security-headers@file` | Add security headers | | `crowdsec-bouncer@file` | Rate limiting and threat protection | ## Docker Networks | Network | Scope | Purpose | |---------|-------|---------| | `proxy-net` | External | Traefik-routed services | | `app-net` | External | Internal backend communication | | `authentik-internal` | Bridge | SSO isolation | | `monitoring-internal` | Bridge | Metrics/logs isolation | | `immich-internal` | Bridge | Immich DB/Redis/ML | | `traefik-proxy` | Bridge (grizzley) | Grizzley edge Traefik | | `media-net` | External | Media stack isolation | ## Container Labels Standard Traefik labels: ```yaml labels: - "traefik.enable=true" - "traefik.http.services..loadbalancer.server.port=8096" - "traefik.http.routers..rule=Host(`service.tophermayor.com`)" - "traefik.http.routers..tls.certresolver=cloudflare" ``` ## Related - [[../homelab/architecture.md|Homelab Architecture]] - [[project.md|Platform Config Project]]