traefik: proper configuration for unifi

author: Franck Cuny <franck@fcuny.net> 2022-03-06 19:21:22 -0800
committer: Franck Cuny <franck@fcuny.net> 2022-03-06 19:21:22 -0800
commit: 94af34c68cef8fc5ac7f23bf826d935b84730ade (patch)
tree: d9dad4a591d5f65ebd6bab4fe3b3fad1759de217 /hosts/common/server/traefik.nix
parent: unifi: configure the poller (diff)
download: world-94af34c68cef8fc5ac7f23bf826d935b84730ade.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/hosts/common/server/traefik.nix b/hosts/common/server/traefik.nix
index 8765856..3bc5d26 100644
--- a/hosts/common/server/traefik.nix
+++ b/hosts/common/server/traefik.nix
@@ -44,6 +44,19 @@ in {
 
       entryPoints.http.address = ":80";
       entryPoints.https.address = ":443";
+      # the default is 8080, which conflict with unifi
+      entryPoints.traefik.address = ":8090";
+
+      api = {
+        dashboard = true;
+        insecure = true;
+      };
+
+      # The unifi controller runs on HTTPS with a self-signed
+      # certificate, as a result we need to accept insecure
+      # certificates.
+      serversTransport.insecureSkipVerify = true;
+
       certificatesResolvers = {
         le.acme = {
           email = "franck@fcuny.net";
@@ -60,6 +73,7 @@ in {
   services.traefik.dynamicConfigOptions = mkMerge [
     (mkServiceConfig "dash" "http://127.0.0.1:3000/")
     (mkServiceConfig "bt" "http://127.0.0.1:9091/")
+    (mkServiceConfig "unifi" "https://127.0.0.1:8443/")
   ];
 
   systemd.services.traefik.environment.GCE_SERVICE_ACCOUNT_FILE =
author	Franck Cuny <franck@fcuny.net>	2022-03-06 19:21:22 -0800
committer	Franck Cuny <franck@fcuny.net>	2022-03-06 19:21:22 -0800
commit	94af34c68cef8fc5ac7f23bf826d935b84730ade (patch)
tree	d9dad4a591d5f65ebd6bab4fe3b3fad1759de217 /hosts/common/server/traefik.nix
parent	unifi: configure the poller (diff)
download	world-94af34c68cef8fc5ac7f23bf826d935b84730ade.tar.gz