crsmthw/homelab
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
Files
291fd40a8fcdf18343d3c80e1e62d2ff9bbb816d
homelab/traefik/readme.md
T
crsmthw 291fd40a8f Update traefik/readme.md
2024-03-05 19:34:42 +03:00

125 lines
4.3 KiB
Markdown
Raw Blame History

# Traefik2 reverse proxy with automatic wildcard SSL from cloudflare
Create a DNS entry in your cloudflare: ```traefik.YOURDOMAIN.com``` Make sure it is not proxied at first (necessary for creating SSL certificate), you can enable proxy later after everything.
Create a docker network called "proxy" using the following command:
```
docker network create proxy
```
This is the network that traefik and all other containers that need to be automatically configured in traefik should use.
Make directories in your homefolder like so:
- ~/traefik
- compose.yml
- data
- acme.json # make sure to change permissions of this file with ``` chmod 600 acme.json ```
- config.yml
- traefik.yml
Use mkdir to make the folders and touch to create the json and yml files
Basically:
```
mkdir traefik
cd traefik
touch compose.yml
mkdir data
cd data
touch acme.json
chmod 600 acme.json
touch config.yml
touch traefik.yml
cd ..
```
The contents to put inside those files are given here. Except for acme.json, which will be automatically generated.
## How to generate a hashed password to put in the compose.yml file
- First install apache2-utils
```
sudo apt update
sudo apt install apache2-utils
```
- Next generate your hashed password with the following command
```
echo $(htpasswd -nB USER) | sed -e s/\\$/\\$\\$/g
```
- Replace USER with your username
- Enter a password when it prompts
- Copy paste the generated hashed password into the compose.yml file
## Run
Go to the directory with the compose.yml
Run it with ```docker compose up -d```
If everything is done right, you will be able to access the traefik dashboard at traefik.YOURDOMAIN.com in a few moments.
## How to expose my docker containers to the internet
First make sure you have created a DNS entry in your cloudflare for the service you want to expose
Then all you have to do is add these labels to the compose.yml of all your containers that you want to expose:
```
labels:
- "traefik.enable=true"
- "traefik.http.routers.CONTAINER_NAME.entrypoints=http" # You can skip this line if you do not need http access at all. HTTP access can be useful for internal networks DNS resolver.
- "traefik.http.routers.CONTAINER_NAME.rule=Host(`SUBDOMAIN.YOURDOMAIN.COM`)" # Same thing for this line. This is only for http.
- traefik.http.routers.CONTAINER_NAME.middlewares=https-redirect@file # Remove this line if you do not want automatic http to https redirection or if you skipped the two lines above.
- "traefik.http.routers.CONTAINER_NAME.entrypoints=https"
- "traefik.http.routers.CONTAINER_NAME.rule=Host(`SUBDOMAIN.YOURDOMAIN.COM`)"
- "traefik.http.routers.CONTAINER_NAME.tls=true"
- "traefik.http.routers.CONTAINER_NAME.service=CONTAINER_NAME@docker"
- "traefik.http.services.CONTAINER_NAME.loadbalancer.server.port=PORT_OF_CONTAINER_WEBUI"
- "traefik.docker.network=proxy"
```
Replace ```CONTAINER_NAME``` with the name of the docker container
Replace ```SUBDOMAIN.YOURDOMAIN.COM``` with the URL you want your container webui to be exposed at.
Replace ```PORT_OF_CONTAINER_WEBUI``` with the port of the container's webui
### Example compose.yml of Heimdall Dashboard exposed with Traefik
```
version: "3.9"
services:
heimdall:
image: lscr.io/linuxserver/heimdall:latest
container_name: heimdall
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Riyadh
volumes:
- ./config:/config
networks:
- proxy
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.heimdall.entrypoints=https"
- "traefik.http.routers.heimdall.rule=Host(`dashboard.crsmthw.com`)"
- "traefik.http.routers.heimdall.tls=true"
- "traefik.http.routers.heimdall.service=heimdall@docker"
- "traefik.http.services.heimdall.loadbalancer.server.port=80"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true
```
## How to expose anything else
By anything else I mean services on other computers or containers that cannot use the proxy network, like home-assistant for example which needs host network.
For this you need to make entries in the config.yml file. An example of home-assistant is already given in the config.yml file.
## Credits
Huge thanks to Techno Tim. You can watch his video tutorial [here](https://youtu.be/liV3c9m_OX8?si=qPIQsIdypHKt2hUq)
Reference in New Issue View Git Blame Copy Permalink