source_path: /opt/nexifyai/traefik/dynamic.yml
ingested: 2026-07-13
sha256: bda3d39d9a5e6fce40d4464685995f15c04ea1c31492312455864dc6afc4b42b

http: routers: portal: rule: Host(admin.nexifyai.cloud) service: portal priority: 1 entryPoints: - websecure middlewares: - security-headers - csp-strict - auth-forward - rate-limit tls: certResolver: letsencrypt portal-health: rule: Host(admin.nexifyai.cloud) && Path(/health) service: portal priority: 200 entryPoints: - websecure middlewares: - security-headers - rate-limit tls: certResolver: letsencrypt portal-sse: rule: Host(admin.nexifyai.cloud) && Path(/api/sse/events) service: portal priority: 200 entryPoints: - websecure middlewares: - security-headers - rate-limit tls: certResolver: letsencrypt portal-static: rule: Host(admin.nexifyai.cloud) && (PathPrefix(/dashboard/assets) || PathPrefix(/dashboard)) || Path(/favicon.svg) || Path(/nexifyai-tokens.css) || Path(/logo.svg) || Path(/impressum.html) || Path(/datenschutz.html) || Path(/agb.html) || Path(/avv.html) || Path(/widerruf.html) || Path(/cookie-richtlinie.html) || Path(/ki-hinweise.html) || Path(/barrierefreiheit.html) || Path(/nutzungsbedingungen.html) service: portal priority: 190 entryPoints: - websecure middlewares: - security-headers - csp-strict - auth-forward tls: null api-gateway: rule: Host(admin.nexifyai.cloud) && PathPrefix(/api) service: portal priority: 150 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt zitadel-login: rule: Host(admin.nexifyai.cloud) && (PathPrefix(/ui/login) || PathPrefix(/ui/console) || PathPrefix(/oauth) || PathPrefix(/saml) || PathPrefix(/idps) || PathPrefix(/otp) || PathPrefix(/password) || PathPrefix(/username) || PathPrefix(/register) || PathPrefix(/mail) || PathPrefix(/zitadel) || Path(/favicon.ico) || Path(/logo.svg) || Path(/manifest.json)) service: zitadel priority: 250 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-iframe - zitadel-origin-fix tls: certResolver: letsencrypt auth: rule: Host(admin.nexifyai.cloud) && PathPrefix(/auth) service: auth-service priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-iframe tls: certResolver: letsencrypt workstation: rule: Host(admin.nexifyai.cloud) && PathPrefix(/workstation) service: portal middlewares: - security-headers - redirect-workstation priority: 100 entryPoints: - websecure tls: certResolver: letsencrypt paperclip: rule: Host(admin.nexifyai.cloud) && PathPrefix(/factory) service: paperclip priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward - strip-prefix-paperclip tls: certResolver: letsencrypt router: rule: Host(admin.nexifyai.cloud) && PathPrefix(/router) service: portal priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt memory: rule: Host(admin.nexifyai.cloud) && PathPrefix(/memory) service: agentmemory-viewer priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward - strip-prefix-memory tls: certResolver: letsencrypt wissen: rule: Host(admin.nexifyai.cloud) && PathPrefix(/wissen) service: portal priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt lightrag-webui: rule: Host(admin.nexifyai.cloud) && PathPrefix(/wissen/webui) service: lightrag priority: 200 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward - strip-prefix-lightrag tls: certResolver: letsencrypt spaether-ui: rule: Host(admin.nexifyai.cloud) && PathPrefix(/leads) service: spaether-ui priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt spaether-api: rule: Host(admin.nexifyai.cloud) && PathPrefix(/api/leads) service: portal priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt demo-viewer: rule: Host(admin.nexifyai.cloud) && PathPrefix(/api/demo) service: portal priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt twenty-admin: rule: Host(admin.nexifyai.cloud) && PathPrefix(/crm) service: twenty priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-iframe - auth-forward - strip-prefix-twenty tls: certResolver: letsencrypt vitrine: rule: Host(demo.nexifyai.cloud) service: vitrine priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt wissen-subdomain: rule: Host(wissen.nexifyai.cloud) service: lightrag priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt wiki-subdomain: rule: Host(wiki.nexifyai.cloud) service: wiki priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict tls: certResolver: letsencrypt wiki-acme: rule: Host(wiki.nexifyai.cloud) && PathPrefix(/.well-known/acme-challenge/) service: wiki priority: 200 entryPoints: - websecure middlewares: - security-headers tls: certResolver: letsencrypt wissen-acme: rule: Host(wissen.nexifyai.cloud) && PathPrefix(/.well-known/acme-challenge/) service: lightrag priority: 200 entryPoints: - websecure middlewares: - security-headers tls: certResolver: letsencrypt rag-subdomain: rule: Host(rag.nexifyai.cloud) service: lightrag priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt rag-acme: rule: Host(rag.nexifyai.cloud) && PathPrefix(/.well-known/acme-challenge/) service: lightrag priority: 200 entryPoints: - websecure middlewares: - security-headers tls: {} design-subdomain: rule: Host(design.nexifyai.cloud) service: open-design priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt factory-subdomain: rule: Host(factory.nexifyai.cloud) service: paperclip priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit-factory - csp-strict - auth-forward tls: certResolver: letsencrypt paperclip-subdomain: rule: Host(paperclip.nexifyai.cloud) service: paperclip priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit-factory - csp-strict - auth-forward tls: {} memory-subdomain: rule: Host(memory.nexifyai.cloud) service: agentmemory-viewer priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt monitoring: rule: Host(admin.nexifyai.cloud) && PathPrefix(/grafana) service: grafana priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-iframe - auth-forward - strip-prefix-grafana tls: certResolver: letsencrypt prometheus: rule: Host(admin.nexifyai.cloud) && PathPrefix(/monitoring) service: prometheus priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-iframe - auth-forward - strip-prefix-prometheus tls: certResolver: letsencrypt vitrine-path: rule: Host(admin.nexifyai.cloud) && PathPrefix(/demo) service: vitrine priority: 90 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward - strip-prefix-demo tls: certResolver: letsencrypt twenty: rule: Host(crm.nexifyai.cloud) service: twenty priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: {} router-subdomain: rule: Host(router.nexifyai.cloud) service: portal priority: 200 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - redirect-router-sub tls: certResolver: letsencrypt html-subdomain: rule: Host(html.nexifyai.cloud) service: html-anything priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: {} html-anything: rule: Host(admin.nexifyai.cloud) && PathPrefix(/html) service: html-anything priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward - strip-prefix-html tls: certResolver: letsencrypt webui-subdomain: rule: Host(webui.nexifyai.cloud) service: hermes-webui priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt zitadel: rule: Host(id.nexifyai.cloud) service: zitadel priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict tls: {} api-proxy: rule: Host(admin.nexifyai.cloud) && PathPrefix(/api/proxy) service: portal priority: 120 entryPoints: - websecure middlewares: - security-headers - rate-limit - csp-strict - auth-forward tls: certResolver: letsencrypt gitlab: rule: Host(gitlab.nexifyai.cloud) service: gitlab priority: 100 entryPoints: - websecure middlewares: - security-headers - rate-limit tls: certResolver: letsencrypt vitrine-public: rule: Host(vitrine.nexifyai.cloud) service: vitrine-service priority: 210 entryPoints: - websecure middlewares: - security-headers - rate-limit tls: certResolver: letsencrypt ai-router-subdomain: rule: Host(ai-router.nexifyai.cloud) service: ninerouter priority: 300 entryPoints: - websecure middlewares: - cors-9router - security-headers tls: certResolver: letsencrypt services: portal: loadBalancer: servers: - url: http://127.0.0.1:8880 auth-service: loadBalancer: servers: - url: http://127.0.0.1:8881 paperclip: loadBalancer: servers: - url: http://127.0.0.1:3100 hermes-webui: loadBalancer: servers: - url: http://127.0.0.1:8787 ninerouter: loadBalancer: servers: - url: http://127.0.0.1:20128 agentmemory-viewer: loadBalancer: servers: - url: http://127.0.0.1:3113 open-design: loadBalancer: servers: - url: http://127.0.0.1:8902 lightrag: loadBalancer: servers: - url: http://127.0.0.1:9621 spaether-ui: loadBalancer: servers: - url: http://127.0.0.1:8880 spaether-api: loadBalancer: servers: - url: http://127.0.0.1:8900 vitrine: loadBalancer: servers: - url: http://127.0.0.1:8901 wiki: loadBalancer: servers: - url: http://127.0.0.1:8903 grafana: loadBalancer: servers: - url: http://127.0.0.1:3000 prometheus: loadBalancer: servers: - url: http://127.0.0.1:9090 twenty: loadBalancer: servers: - url: http://127.0.0.1:3001 html-anything: loadBalancer: servers: - url: http://127.0.0.1:3002 zitadel: loadBalancer: passHostHeader: false servers: - url: http://id.nexifyai.cloud:8081 gitlab: loadBalancer: servers: - url: http://127.0.0.1:8922 vitrine-service: loadBalancer: servers: - url: http://127.0.0.1:8901 middlewares: security-headers: headers: stsSeconds: 31536000 stsIncludeSubdomains: true stsPreload: true forceSTSHeader: true contentTypeNosniff: true browserXssFilter: true referrerPolicy: strict-origin-when-cross-origin permissionsPolicy: camera=(), microphone=(), geolocation=(), interest-cohort=() customResponseHeaders: X-Powered-By: '' Server: '' Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: credentialless Cross-Origin-Resource-Policy: same-origin csp-strict: headers: contentSecurityPolicy: 'default-src ''self''; script-src ''self'' ''unsafe-inline''; style-src ''self'' ''unsafe-inline''; img-src ''self'' data: https:; font-src ''self'' https://fonts.bunny.net; connect-src ''self'' https: wss:; frame-ancestors ''self''; base-uri ''self''' csp-iframe: headers: contentSecurityPolicy: 'default-src * ''unsafe-inline'' ''unsafe-eval'' data: blob:; frame-ancestors ; frame-src ' customFrameOptionsValue: '' auth-forward: forwardAuth: address: http://127.0.0.1:8881/verify trustForwardHeader: true authResponseHeaders: - X-User-Id - X-User-Email - X-User-Role strip-prefix-paperclip: stripPrefix: prefixes: - /factory strip-prefix-wissen: stripPrefix: prefixes: - /wissen strip-prefix-lightrag: stripPrefix: prefixes: - /wissen strip-prefix-leads: stripPrefix: prefixes: - /leads strip-prefix-api-leads: stripPrefix: prefixes: - /api/leads redirect-api-leads-slash: redirectRegex: regex: ^/api/leads$ replacement: /api/leads/ permanent: true strip-prefix-workstation: stripPrefix: prefixes: - /workstation strip-prefix-router: stripPrefix: prefixes: - /router strip-prefix-auth: stripPrefix: prefixes: - /auth redirect-logout: redirectRegex: regex: ^./auth/logout. replacement: https://www.nexifyai.cloud/ permanent: false redirect-router-sub: redirectRegex: regex: ^https://router.nexifyai.cloud/(.) replacement: https://admin.nexifyai.cloud/router/${1} permanent: true zitadel-origin-fix: headers: customRequestHeaders: X-Forwarded-Host: id.nexifyai.cloud Origin: https://id.nexifyai.cloud customResponseHeaders: X-Robots-Tag: none zitadel-host-fix: headers: customRequestHeaders: Host: id.nexifyai.cloud strip-prefix-demo: stripPrefix: prefixes: - /demo strip-prefix-memory: stripPrefix: prefixes: - /memory strip-prefix-html: stripPrefix: prefixes: - /html strip-prefix-grafana: stripPrefix: prefixes: - /grafana strip-prefix-twenty: stripPrefix: prefixes: - /crm strip-prefix-prometheus: stripPrefix: prefixes: - /monitoring rate-limit: rateLimit: average: 100 burst: 50 period: 1s sourceCriterion: ipStrategy: depth: 1 rate-limit-factory: rateLimit: average: 500 burst: 600 period: 1s sourceCriterion: ipStrategy: depth: 1 redirect-workstation: redirectRegex: regex: ^https://admin.nexifyai.cloud/workstation(.) replacement: https://webui.nexifyai.cloud${1} permanent: true cors-9router: headers: accessControlAllowMethods: - GET - POST - PUT - DELETE - OPTIONS - PATCH accessControlAllowHeaders: - Content-Type - Authorization - X-Requested-With - Accept accessControlAllowOriginList: - https://ai-router.nexifyai.cloud accessControlAllowCredentials: true accessControlMaxAge: 86400 tls: certificates: