For years I have been running Swag an most awesome reverse-proxy based on Nginx. It has been behaving just great!
For some reason I have alwys had en keen eye towards Traefik but the documentation and me never saw eye to eye. I have watched countless videos of how to set it up, never did I get hang of it.
So while hanging in Linuxservers discord group a link was posted, Practical Configuration of Traefik As A Reverse Proxy For Docker a bit hestitant I clicked it.
This caugth eye: “Traefik is great, but its documentation is not.”
Say what? It wasn’t me being stupid, the documentation is not that great!
I read the post, all of it, twice.
Suddenly I felt I had undesrstood how to set Traefik up, and I did.
Added a couple of containers and it just worked!
I jumped to the Discord and sent my heartfull thanks to the author that was there. Of course I had some issues but not like before.
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./appdata/traefik/traefik.yml:/traefik.yml:ro
- ./appdata/traefik/configs:/configs:ro
- ./appdata/traefik/acme.json:/acme.json:rw
- ./appdata/traefik/logs:/logs:rw
environment:
- CF_DNS_API_TOKEN=${CF_APITOKEN}
labels:
- traefik.enable=true
- traefik.http.routers.traefik-https.entrypoints=https
- traefik.http.routers.traefik-https.rule=Host(`dashboard.${MAINDOMAIN}`)
- traefik.http.middlewares.traefik-auth.basicauth.users=user:password
- traefik.http.routers.traefik-https.middlewares=traefik-auth
- traefik.http.routers.traefik-https.service=api@internal
- traefik.http.routers.traefik-https.tls=true
- traefik.http.routers.traefik-https.tls.certresolver=dns
- traefik.http.routers.traefik-https.tls.domains[0].main=${MAINDOMAIN}
- traefik.http.routers.traefik-https.tls.domains[0].sans=*.${MAINDOMAIN}
read_only: true
api:
dashboard: true
entryPoints:
http:
address: ":80"
forwardedHeaders:
trustedIPs:
- 127.0.0.1/32
- 192.168.0.0/16
- 172.16.0.0/12
https:
address: ":443"
forwardedHeaders:
trustedIPs:
- 127.0.0.1/32
- 192.168.0.0/16
- 172.16.0.0/12
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.${MAINDOMAIN}`)"
network: proxy
file:
directory: "/configs"
watch: true
certificatesResolvers:
http:
acme:
email: my@mail.com
storage: acme.json
httpChallenge:
entryPoint: http
dns:
acme:
email: my@mail.com
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
serversTransport:
insecureSkipVerify: true
accessLog:
filePath: "/logs/access.log"
fields:
headers:
names:
User-Agent: keep
#log:
# level: DEBUG
So what was the issues? The absolute moste strange one was how to set up the password for the dashboard user. I tried to make a user and add it to my .env file. Could not login. Tried to escape the special chars. Didn’t help.
Not until I added the password to the docker-file itself and only escaped the $ it started to function.
The second part was to add service that not was in the same docker-compose file or on other hosts, like my Unifi controller reciding in an lxc container.
Now I had to add seperate config files. Added them to the config directory and that was it.
http:
routers:
unifi:
service: unifi
rule: "Host(`unifi.${MAINDOMAIN}`)"
entryPoints:
- https
tls:
certResolver: dns
services:
unifi:
loadBalancer:
servers:
- url: "https://10.1.1.20:8443/"
After this I was done! All worked as before. ;)
All I did was to replace a functioning reverse-proxy with another.
And I will not miss a chance to thank to author! Spad!