# Autocert (choose one below and uncomment to enable) # # 1. use existing cert # autocert: # provider: local # 2. cloudflare # autocert: # provider: cloudflare # email: abc@gmail.com # ACME Email # domains: # a list of domains for cert registration # - "*.domain.com" # - "domain.com" # options: # auth_token: c1234565789-abcdefghijklmnopqrst # your zone API token # 3. other providers, see https://github.com/yusing/godoxy/wiki/Supported-DNS%E2%80%9001-Providers#supported-dns-01-providers # acl: # default: allow # or deny (default: allow) # allow_local: true # or false (default: true) # allow: # - ip:1.2.3.4 # - cidr:1.2.3.4/32 # - country:US # - timezone:Asia/Shanghai # deny: # - ip:1.2.3.4 # - cidr:1.2.3.4/32 # - country:US # - timezone:Asia/Shanghai # log: # warning: logging ACL can be slow based on the number of incoming connections and configured rules # buffer_size: 65536 # (default: 64KB) # path: /app/logs/acl.log # (default: none) # stdout: false # (default: false) # keep: last 10 # (default: none) entrypoint: # Below define an example of middleware config # 1. set security headers # 2. block non local IP connections # 3. redirect HTTP to HTTPS # middlewares: - use: CloudflareRealIP - use: ModifyResponse set_headers: Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD Access-Control-Allow-Headers: "*" Access-Control-Allow-Origin: "*" Access-Control-Max-Age: 180 Vary: "*" X-XSS-Protection: 1; mode=block Content-Security-Policy: "object-src 'self'; frame-ancestors 'self';" X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Strict-Transport-Security: max-age=63072000; includeSubDomains; preload # - use: CIDRWhitelist # allow: # - "127.0.0.1" # - "10.0.0.0/8" # - "172.16.0.0/12" # - "192.168.0.0/16" # status: 403 # message: "Forbidden" # - use: RedirectHTTP # below enables access log access_log: format: combined path: /app/logs/entrypoint.log providers: # include files are standalone yaml files under `config/` directory # # include: # - file1.yml # - file2.yml docker: # $DOCKER_HOST implies environment variable `DOCKER_HOST` or unix:///var/run/docker.sock by default local: $DOCKER_HOST # explicit only mode # only containers with explicit aliases will be proxied # add "!" after provider name to enable explicit only mode # # local!: $DOCKER_HOST # # add more docker providers if needed # for value format, see https://docs.docker.com/reference/cli/dockerd/ # # remote-1: tcp://10.0.2.1:2375 # remote-2: ssh://root:1234@10.0.2.2 # notification providers (notify when service health changes) # # notification: # - name: gotify # provider: gotify # url: https://gotify.domain.tld # token: abcd # - name: discord # provider: webhook # url: https://discord.com/api/webhooks/... # template: discord # this means use payload template from internal/notif/templates/discord.json # Proxmox providers (for idlesleep support for proxmox LXCs) # # proxmox: # - url: https://pve.domain.com:8006/api2/json # token_id: root@pam!abcdef # secret: aaaa-bbbb-cccc-dddd # no_tls_verify: true # Check https://github.com/yusing/godoxy/wiki/Certificates-and-domain-matching#domain-matching # for explaination of `match_domains` # # match_domains: # - my.site # - node1.my.app # homepage config homepage: # use default app categories detected from alias or docker image name use_default_categories: true # Below are fixed options (non hot-reloadable) # timeout for shutdown (in seconds) timeout_shutdown: 5