From f2d9fb8d9d3154bf3e5ba9e92ee8fb0c821b468e Mon Sep 17 00:00:00 2001
From: Quentin Lemeasle <quentinlemcode@gmail.com>
Date: Mon, 2 Jun 2025 20:19:36 +0200
Subject: [PATCH 1/3] Update reverse-proxy.md

Signed-off-by: Quentin Lemeasle <quentinlemcode@gmail.com>
Signed-off-by: Quentin <quentinlemcode@gmail.com>
---
 reverse-proxy.md | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 27ee04eb..41c0ac01 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -693,10 +693,6 @@ The examples below define the dynamic configuration in YAML files. If you rather
       file:
         directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
         watch: true
-
-    # Enable HTTP/3 feature by uncommenting the lines below. Don't forget to route 443 UDP to Traefik (Firewall\NAT\Traefik Container)
-    # experimental:
-      # http3: true
     ```
 
 1. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:

From 293fe559f413b569df902837dd6c1d003f696b62 Mon Sep 17 00:00:00 2001
From: Quentin <quentinlemcode@gmail.com>
Date: Tue, 10 Jun 2025 23:12:17 +0200
Subject: [PATCH 2/3] Revert "Update reverse-proxy.md"

This reverts commit 226afe6b82b35f6b9b6ad7775857ef3761eafc57.

Signed-off-by: Quentin <quentinlemcode@gmail.com>
---
 reverse-proxy.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 41c0ac01..27ee04eb 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -693,6 +693,10 @@ The examples below define the dynamic configuration in YAML files. If you rather
       file:
         directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
         watch: true
+
+    # Enable HTTP/3 feature by uncommenting the lines below. Don't forget to route 443 UDP to Traefik (Firewall\NAT\Traefik Container)
+    # experimental:
+      # http3: true
     ```
 
 1. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:

From 29cc92d7147cb194a1dd63daf9804090898439ef Mon Sep 17 00:00:00 2001
From: Quentin <quentinlemcode@gmail.com>
Date: Tue, 10 Jun 2025 23:15:23 +0200
Subject: [PATCH 3/3] Add Traefik 3 documentation

Signed-off-by: Quentin <quentinlemcode@gmail.com>
---
 reverse-proxy.md | 83 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)

diff --git a/reverse-proxy.md b/reverse-proxy.md
index 27ee04eb..e9f603e5 100644
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -745,6 +745,89 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 </details>
 
+### Traefik 3
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+Traefik's building blocks (router, service, middlewares) need to be defined using dynamic configuration similar to [this](https://doc.traefik.io/traefik/providers/file/#configuration-examples) official Traefik configuration example. Using **docker labels _won't work_** because of the nature of the project.
+
+The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter.
+
+1. In Traefik's static configuration define a [file provider](https://doc.traefik.io/traefik/providers/file/) for dynamic providers:
+
+    ```yml
+    # STATIC CONFIGURATION
+   
+    entryPoints:
+      https:
+        address: ":443" # Create an entrypoint called "https" that uses port 443
+        # If you want to enable HTTP/3 support, uncomment the line below
+        # http3: {}
+    
+    certificatesResolvers:
+      # Define "letsencrypt" certificate resolver
+      letsencrypt:
+        acme:
+          storage: /letsencrypt/acme.json # Defines the path where certificates should be stored
+          email: <your-email-address> # Where LE sends notification about certificates expiring
+          tlschallenge: true
+   
+    providers:
+      file:
+        directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
+        watch: true
+    ```
+
+2. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:
+
+    ```yml
+    http:
+      routers:
+        nextcloud:
+          rule: "Host(`<your-nc-domain>`)"
+          entrypoints:
+            - "https"
+          service: nextcloud
+          middlewares:
+            - nextcloud-chain
+          tls:
+            certresolver: "letsencrypt"
+
+      services:
+        nextcloud:
+          loadBalancer:
+            servers:
+              - url: "http://localhost:11000" # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+
+      middlewares:
+        nextcloud-secure-headers:
+          headers:
+            hostsProxyHeaders:
+              - "X-Forwarded-Host"
+            referrerPolicy: "same-origin"
+
+        https-redirect:
+          redirectscheme:
+            scheme: https 
+
+        nextcloud-chain:
+          chain:
+            middlewares:
+              # - ... (e.g. rate limiting middleware)
+              - https-redirect
+              - nextcloud-secure-headers
+    ```
+
+---
+
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+
+</details>
+
 ### IIS with ARR and URL Rewrite
 
 <details>