-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtraefik.dynamic.yaml
More file actions
46 lines (46 loc) · 1.1 KB
/
traefik.dynamic.yaml
File metadata and controls
46 lines (46 loc) · 1.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# domain list from https://github.com/signalapp/Signal-TLS-Proxy/blob/main/data/nginx-relay/nginx.conf
{{
$backends := dict
"chat" "chat"
"ud-chat" "ud-chat"
"storage" "storage"
"cdn" "cdn"
"cdn2" "cdn2"
"cdn3" "cdn3"
"cdsi" "cdsi"
"contentproxy" "contentproxy"
"sfu-voip" "sfu.voip"
"svr2" "svr2"
"svrb" "svrb"
"updates" "updates"
"updates2" "updates2"
}}
tcp:
routers:
in:
entryPoints:
- extern
rule: HostSNI(`{{ env "SIGNALPROXY_HOSTNAME" }}`)
service: unwrap
tls:
certResolver: letsencrypt{{ if env "SIGNALPROXY_PROD_ACME" }}{{ else }}-staging{{ end }}
{{ range $t, $d := $backends }}
tgt-signal-{{ $t }}:
entryPoints:
- local
rule: HostSNI(`{{ $d }}.signal.org`)
service: fwd-signal-{{ $t }}
tls:
passthrough: true
{{ end }}
services:
unwrap:
loadBalancer:
servers:
- address: 127.0.0.1:2443
{{ range $t, $d := $backends }}
fwd-signal-{{ $t }}:
loadBalancer:
servers:
- address: {{ $d }}.signal.org:443
{{ end }}